diff --git a/2006/0xxx/CVE-2006-0190.json b/2006/0xxx/CVE-2006-0190.json index 5151ffa0f0e..76f80ced0be 100644 --- a/2006/0xxx/CVE-2006-0190.json +++ b/2006/0xxx/CVE-2006-0190.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0190", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Sun Solaris 9 and 10 for the x86 platform allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors, possibly involving functions from the mm driver." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0190", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-056.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-056.htm" - }, - { - "name" : "102066", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102066-1" - }, - { - "name" : "16224", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16224" - }, - { - "name" : "ADV-2006-0165", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0165" - }, - { - "name" : "oval:org.mitre.oval:def:702", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A702" - }, - { - "name" : "1015478", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015478" - }, - { - "name" : "18421", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18421" - }, - { - "name" : "19087", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19087" - }, - { - "name" : "solaris-unspecified-root-access(24084)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24084" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Sun Solaris 9 and 10 for the x86 platform allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors, possibly involving functions from the mm driver." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18421", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18421" + }, + { + "name": "ADV-2006-0165", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0165" + }, + { + "name": "solaris-unspecified-root-access(24084)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24084" + }, + { + "name": "1015478", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015478" + }, + { + "name": "16224", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16224" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-056.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-056.htm" + }, + { + "name": "102066", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102066-1" + }, + { + "name": "19087", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19087" + }, + { + "name": "oval:org.mitre.oval:def:702", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A702" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0233.json b/2006/0xxx/CVE-2006-0233.json index 34da04020ee..f307f03c24b 100644 --- a/2006/0xxx/CVE-2006-0233.json +++ b/2006/0xxx/CVE-2006-0233.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0233", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in functions.php in microBlog 2.0 RC-10 allows remote attackers to inject arbitrary web script and HTML via a javascript: URI in a [url] BBcode tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0233", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060117 [eVuln] microBlog BBCode XSS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/422145/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/36/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/36/summary.html" - }, - { - "name" : "16272", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16272" - }, - { - "name" : "1015496", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015496" - }, - { - "name" : "microblog-functions-xss(24140)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24140" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in functions.php in microBlog 2.0 RC-10 allows remote attackers to inject arbitrary web script and HTML via a javascript: URI in a [url] BBcode tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015496", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015496" + }, + { + "name": "microblog-functions-xss(24140)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24140" + }, + { + "name": "http://evuln.com/vulns/36/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/36/summary.html" + }, + { + "name": "16272", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16272" + }, + { + "name": "20060117 [eVuln] microBlog BBCode XSS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/422145/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0300.json b/2006/0xxx/CVE-2006-0300.json index 042b73a6725..08ae25b5060 100644 --- a/2006/0xxx/CVE-2006-0300.json +++ b/2006/0xxx/CVE-2006-0300.json @@ -1,272 +1,272 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0300", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-0300", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Bug-tar] 20060220 tar 1.15.90 released", - "refsource" : "MLIST", - "url" : "http://lists.gnu.org/archive/html/bug-tar/2006-02/msg00051.html" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=305214", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=305214" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=305391", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=305391" - }, - { - "name" : "APPLE-SA-2007-04-19", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html" - }, - { - "name" : "APPLE-SA-2007-03-13", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html" - }, - { - "name" : "DSA-987", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-987" - }, - { - "name" : "FLSA:183571-2", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/430299/100/0/threaded" - }, - { - "name" : "GLSA-200603-06", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200603-06.xml" - }, - { - "name" : "MDKSA-2006:046", - "refsource" : "MANDRIVA", - "url" : "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:046" - }, - { - "name" : "OpenPKG-SA-2006.006", - "refsource" : "OPENPKG", - "url" : "http://www.openpkg.org/security/OpenPKG-SA-2006.006-tar.html" - }, - { - "name" : "RHSA-2006:0232", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0232.html" - }, - { - "name" : "241646", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-241646-1" - }, - { - "name" : "SUSE-SR:2006:005", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_05_sr.html" - }, - { - "name" : "2006-0010", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2006/0010" - }, - { - "name" : "USN-257-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/257-1/" - }, - { - "name" : "TA07-072A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-072A.html" - }, - { - "name" : "TA07-109A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-109A.html" - }, - { - "name" : "16764", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16764" - }, - { - "name" : "oval:org.mitre.oval:def:5252", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5252" - }, - { - "name" : "oval:org.mitre.oval:def:5978", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5978" - }, - { - "name" : "oval:org.mitre.oval:def:5993", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5993" - }, - { - "name" : "oval:org.mitre.oval:def:6094", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6094" - }, - { - "name" : "oval:org.mitre.oval:def:9295", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9295" - }, - { - "name" : "ADV-2006-0684", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0684" - }, - { - "name" : "ADV-2007-0930", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0930" - }, - { - "name" : "ADV-2007-1470", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1470" - }, - { - "name" : "ADV-2008-2518", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2518" - }, - { - "name" : "23371", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23371" - }, - { - "name" : "1015705", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015705" - }, - { - "name" : "18976", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18976" - }, - { - "name" : "18973", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18973" - }, - { - "name" : "18999", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18999" - }, - { - "name" : "19093", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19093" - }, - { - "name" : "19130", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19130" - }, - { - "name" : "19152", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19152" - }, - { - "name" : "19236", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19236" - }, - { - "name" : "19016", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19016" - }, - { - "name" : "20042", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20042" - }, - { - "name" : "24479", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24479" - }, - { - "name" : "24966", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24966" - }, - { - "name" : "480", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/480" - }, - { - "name" : "543", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/543" - }, - { - "name" : "gnu-tar-pax-headers-bo(24855)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24855" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2006-0010", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2006/0010" + }, + { + "name": "FLSA:183571-2", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/430299/100/0/threaded" + }, + { + "name": "1015705", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015705" + }, + { + "name": "oval:org.mitre.oval:def:5978", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5978" + }, + { + "name": "18999", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18999" + }, + { + "name": "24966", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24966" + }, + { + "name": "SUSE-SR:2006:005", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html" + }, + { + "name": "TA07-072A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html" + }, + { + "name": "OpenPKG-SA-2006.006", + "refsource": "OPENPKG", + "url": "http://www.openpkg.org/security/OpenPKG-SA-2006.006-tar.html" + }, + { + "name": "18976", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18976" + }, + { + "name": "USN-257-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/257-1/" + }, + { + "name": "23371", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23371" + }, + { + "name": "19236", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19236" + }, + { + "name": "APPLE-SA-2007-03-13", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html" + }, + { + "name": "DSA-987", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-987" + }, + { + "name": "RHSA-2006:0232", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0232.html" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=305391", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=305391" + }, + { + "name": "19093", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19093" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=305214", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=305214" + }, + { + "name": "543", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/543" + }, + { + "name": "480", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/480" + }, + { + "name": "MDKSA-2006:046", + "refsource": "MANDRIVA", + "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:046" + }, + { + "name": "19152", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19152" + }, + { + "name": "[Bug-tar] 20060220 tar 1.15.90 released", + "refsource": "MLIST", + "url": "http://lists.gnu.org/archive/html/bug-tar/2006-02/msg00051.html" + }, + { + "name": "241646", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-241646-1" + }, + { + "name": "18973", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18973" + }, + { + "name": "TA07-109A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-109A.html" + }, + { + "name": "16764", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16764" + }, + { + "name": "ADV-2008-2518", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2518" + }, + { + "name": "19130", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19130" + }, + { + "name": "oval:org.mitre.oval:def:5252", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5252" + }, + { + "name": "oval:org.mitre.oval:def:9295", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9295" + }, + { + "name": "20042", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20042" + }, + { + "name": "oval:org.mitre.oval:def:5993", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5993" + }, + { + "name": "ADV-2006-0684", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0684" + }, + { + "name": "19016", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19016" + }, + { + "name": "ADV-2007-0930", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0930" + }, + { + "name": "gnu-tar-pax-headers-bo(24855)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24855" + }, + { + "name": "APPLE-SA-2007-04-19", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html" + }, + { + "name": "ADV-2007-1470", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1470" + }, + { + "name": "oval:org.mitre.oval:def:6094", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6094" + }, + { + "name": "24479", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24479" + }, + { + "name": "GLSA-200603-06", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200603-06.xml" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0430.json b/2006/0xxx/CVE-2006-0430.json index c9fe69a3d8b..2c45d7f963e 100644 --- a/2006/0xxx/CVE-2006-0430.json +++ b/2006/0xxx/CVE-2006-0430.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0430", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Certain configurations of BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6, when connection filters are enabled, cause the server to run more slowly, which makes it easier for remote attackers to cause a denial of service (server slowdown)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0430", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "BEA06-117.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/174" - }, - { - "name" : "16358", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16358" - }, - { - "name" : "ADV-2006-0313", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0313" - }, - { - "name" : "1015528", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015528" - }, - { - "name" : "18592", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18592" - }, - { - "name" : "weblogic-connection-filter-dos(24301)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24301" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Certain configurations of BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6, when connection filters are enabled, cause the server to run more slowly, which makes it easier for remote attackers to cause a denial of service (server slowdown)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0313", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0313" + }, + { + "name": "BEA06-117.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/174" + }, + { + "name": "1015528", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015528" + }, + { + "name": "weblogic-connection-filter-dos(24301)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24301" + }, + { + "name": "18592", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18592" + }, + { + "name": "16358", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16358" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1770.json b/2006/1xxx/CVE-2006-1770.json index af4f7c08709..93e3ee19ac4 100644 --- a/2006/1xxx/CVE-2006-1770.json +++ b/2006/1xxx/CVE-2006-1770.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1770", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Azerbaijan Design & Development Group (AZDG) AzDGVote allow remote attackers to execute arbitrary PHP code via a URL in the int_path parameter in (1) vote.php, (2) view.php, (3) admin.php, and (4) admin/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1770", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060411 AzDGVote File inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/430691/100/0/threaded" - }, - { - "name" : "17447", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17447" - }, - { - "name" : "ADV-2006-1324", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1324" - }, - { - "name" : "19630", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19630" - }, - { - "name" : "695", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/695" - }, - { - "name" : "azdgvote-intpath-file-inclusion(25762)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25762" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Azerbaijan Design & Development Group (AZDG) AzDGVote allow remote attackers to execute arbitrary PHP code via a URL in the int_path parameter in (1) vote.php, (2) view.php, (3) admin.php, and (4) admin/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "695", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/695" + }, + { + "name": "19630", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19630" + }, + { + "name": "azdgvote-intpath-file-inclusion(25762)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25762" + }, + { + "name": "ADV-2006-1324", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1324" + }, + { + "name": "17447", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17447" + }, + { + "name": "20060411 AzDGVote File inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/430691/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1997.json b/2006/1xxx/CVE-2006-1997.json index 53ea6cad5e7..d8af801f504 100644 --- a/2006/1xxx/CVE-2006-1997.json +++ b/2006/1xxx/CVE-2006-1997.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1997", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Sybase Pylon Anywhere groupware synchronization server before 7.0 allows local users to obtain sensitive information such as email and PIM data of another user via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1997", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.sybase.com/detail?id=1040213", - "refsource" : "CONFIRM", - "url" : "http://www.sybase.com/detail?id=1040213" - }, - { - "name" : "17677", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17677" - }, - { - "name" : "ADV-2006-1477", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1477" - }, - { - "name" : "19784", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19784" - }, - { - "name" : "pylon-groupware-unauth-access(25989)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25989" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Sybase Pylon Anywhere groupware synchronization server before 7.0 allows local users to obtain sensitive information such as email and PIM data of another user via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-1477", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1477" + }, + { + "name": "17677", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17677" + }, + { + "name": "http://www.sybase.com/detail?id=1040213", + "refsource": "CONFIRM", + "url": "http://www.sybase.com/detail?id=1040213" + }, + { + "name": "19784", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19784" + }, + { + "name": "pylon-groupware-unauth-access(25989)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25989" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5008.json b/2006/5xxx/CVE-2006-5008.json index 55aa25b00ed..685e39b45d4 100644 --- a/2006/5xxx/CVE-2006-5008.json +++ b/2006/5xxx/CVE-2006-5008.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5008", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in utape in IBM AIX 5.2.0 and 5.3.0 allows attackers to execute arbitrary commands and overwrite arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5008", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ftp://aix.software.ibm.com/aix/efixes/security/README", - "refsource" : "CONFIRM", - "url" : "ftp://aix.software.ibm.com/aix/efixes/security/README" - }, - { - "name" : "IY88641", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IY88641" - }, - { - "name" : "IY88642", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IY88642" - }, - { - "name" : "20187", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20187" - }, - { - "name" : "ADV-2006-3770", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3770" - }, - { - "name" : "1016916", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016916" - }, - { - "name" : "22119", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22119" - }, - { - "name" : "aix-utape-file-overwrite(29154)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29154" - }, - { - "name" : "aix-utape-privilege-escalation(29151)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29151" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in utape in IBM AIX 5.2.0 and 5.3.0 allows attackers to execute arbitrary commands and overwrite arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IY88642", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY88642" + }, + { + "name": "22119", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22119" + }, + { + "name": "20187", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20187" + }, + { + "name": "aix-utape-file-overwrite(29154)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29154" + }, + { + "name": "aix-utape-privilege-escalation(29151)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29151" + }, + { + "name": "IY88641", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY88641" + }, + { + "name": "ADV-2006-3770", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3770" + }, + { + "name": "1016916", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016916" + }, + { + "name": "ftp://aix.software.ibm.com/aix/efixes/security/README", + "refsource": "CONFIRM", + "url": "ftp://aix.software.ibm.com/aix/efixes/security/README" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5297.json b/2006/5xxx/CVE-2006-5297.json index 24fe6e92514..0d41d6d4429 100644 --- a/2006/5xxx/CVE-2006-5297.json +++ b/2006/5xxx/CVE-2006-5297.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5297", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the safe_open function in the Mutt mail client 1.5.12 and earlier, when creating temporary files in an NFS filesystem, allows local users to overwrite arbitrary files due to limitations of the use of the O_EXCL flag on NFS filesystems." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5297", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[mutt-dev] 20061004 security problem with temp files [was Re: mutt_adv_mktemp() ?]", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=mutt-dev&m=115999486426292&w=2" - }, - { - "name" : "MDKSA-2006:190", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:190" - }, - { - "name" : "RHSA-2007:0386", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0386.html" - }, - { - "name" : "2006-0061", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2006/0061/" - }, - { - "name" : "USN-373-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-373-1" - }, - { - "name" : "20733", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20733" - }, - { - "name" : "oval:org.mitre.oval:def:10601", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10601" - }, - { - "name" : "ADV-2006-4176", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4176" - }, - { - "name" : "22613", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22613" - }, - { - "name" : "22640", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22640" - }, - { - "name" : "22686", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22686" - }, - { - "name" : "22685", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22685" - }, - { - "name" : "25529", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25529" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the safe_open function in the Mutt mail client 1.5.12 and earlier, when creating temporary files in an NFS filesystem, allows local users to overwrite arbitrary files due to limitations of the use of the O_EXCL flag on NFS filesystems." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25529", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25529" + }, + { + "name": "[mutt-dev] 20061004 security problem with temp files [was Re: mutt_adv_mktemp() ?]", + "refsource": "MLIST", + "url": "http://marc.info/?l=mutt-dev&m=115999486426292&w=2" + }, + { + "name": "20733", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20733" + }, + { + "name": "oval:org.mitre.oval:def:10601", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10601" + }, + { + "name": "2006-0061", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2006/0061/" + }, + { + "name": "22640", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22640" + }, + { + "name": "22613", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22613" + }, + { + "name": "22685", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22685" + }, + { + "name": "22686", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22686" + }, + { + "name": "USN-373-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-373-1" + }, + { + "name": "RHSA-2007:0386", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0386.html" + }, + { + "name": "ADV-2006-4176", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4176" + }, + { + "name": "MDKSA-2006:190", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:190" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5349.json b/2006/5xxx/CVE-2006-5349.json index df6b28f23ad..1c12300841d 100644 --- a/2006/5xxx/CVE-2006-5349.json +++ b/2006/5xxx/CVE-2006-5349.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5349", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, when running on HP Tru64 UNIX, has unknown impact and remote attack vectors related to HTTPS and SSL, aka Vuln# OHS07." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5349", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded" - }, - { - "name" : "TA06-291A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-291A.html" - }, - { - "name" : "20588", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20588" - }, - { - "name" : "ADV-2006-4065", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4065" - }, - { - "name" : "1017077", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017077" - }, - { - "name" : "22396", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22396" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, when running on HP Tru64 UNIX, has unknown impact and remote attack vectors related to HTTPS and SSL, aka Vuln# OHS07." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html" + }, + { + "name": "20588", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20588" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded" + }, + { + "name": "ADV-2006-4065", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4065" + }, + { + "name": "22396", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22396" + }, + { + "name": "1017077", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017077" + }, + { + "name": "TA06-291A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-291A.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5357.json b/2006/5xxx/CVE-2006-5357.json index 6a740276e55..d9e7e1ca0ac 100644 --- a/2006/5xxx/CVE-2006-5357.json +++ b/2006/5xxx/CVE-2006-5357.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5357", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle HTTP Server component in Oracle Application Server 10.1.2.0.1, 10.1.2.0.2, and 10.1.2.1.0 has unknown impact and remote attack vectors related to the PHP Module, aka Vuln# OHS03." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5357", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded" - }, - { - "name" : "TA06-291A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-291A.html" - }, - { - "name" : "20588", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20588" - }, - { - "name" : "ADV-2006-4065", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4065" - }, - { - "name" : "1017077", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017077" - }, - { - "name" : "22396", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22396" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle HTTP Server component in Oracle Application Server 10.1.2.0.1, 10.1.2.0.2, and 10.1.2.1.0 has unknown impact and remote attack vectors related to the PHP Module, aka Vuln# OHS03." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html" + }, + { + "name": "20588", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20588" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded" + }, + { + "name": "ADV-2006-4065", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4065" + }, + { + "name": "22396", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22396" + }, + { + "name": "1017077", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017077" + }, + { + "name": "TA06-291A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-291A.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5990.json b/2006/5xxx/CVE-2006-5990.json index b6ec3bc1ae3..9114c4d509d 100644 --- a/2006/5xxx/CVE-2006-5990.json +++ b/2006/5xxx/CVE-2006-5990.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5990", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and 1.4.x before 1.4.1 Patch 1 (Build 33425), when server certificate verification is enabled, does not verify the server's X.509 certificate when creating an SSL session, which allows remote malicious servers to spoof valid servers via a man-in-the-middle attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5990", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061121 VMSA-2006-0010 - SSL sessions not authenticated by VC Clients", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452275/100/0/threaded" - }, - { - "name" : "http://www.vmware.com/download/vi/vc-201-200611-patch.html", - "refsource" : "MISC", - "url" : "http://www.vmware.com/download/vi/vc-201-200611-patch.html" - }, - { - "name" : "http://kb.vmware.com/kb/4646606", - "refsource" : "CONFIRM", - "url" : "http://kb.vmware.com/kb/4646606" - }, - { - "name" : "21231", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21231" - }, - { - "name" : "ADV-2006-4655", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4655" - }, - { - "name" : "1017270", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017270" - }, - { - "name" : "23053", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23053" - }, - { - "name" : "vmware-virtualcenter-x509-mitm(30477)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30477" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and 1.4.x before 1.4.1 Patch 1 (Build 33425), when server certificate verification is enabled, does not verify the server's X.509 certificate when creating an SSL session, which allows remote malicious servers to spoof valid servers via a man-in-the-middle attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4655", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4655" + }, + { + "name": "1017270", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017270" + }, + { + "name": "20061121 VMSA-2006-0010 - SSL sessions not authenticated by VC Clients", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452275/100/0/threaded" + }, + { + "name": "http://www.vmware.com/download/vi/vc-201-200611-patch.html", + "refsource": "MISC", + "url": "http://www.vmware.com/download/vi/vc-201-200611-patch.html" + }, + { + "name": "http://kb.vmware.com/kb/4646606", + "refsource": "CONFIRM", + "url": "http://kb.vmware.com/kb/4646606" + }, + { + "name": "23053", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23053" + }, + { + "name": "21231", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21231" + }, + { + "name": "vmware-virtualcenter-x509-mitm(30477)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30477" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2219.json b/2007/2xxx/CVE-2007-2219.json index b45a35931b9..e6d688d00a7 100644 --- a/2007/2xxx/CVE-2007-2219.json +++ b/2007/2xxx/CVE-2007-2219.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2219", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2007-2219", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBST02231", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/471947/100/0/threaded" - }, - { - "name" : "SSRT071438", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/471947/100/0/threaded" - }, - { - "name" : "MS07-035", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-035" - }, - { - "name" : "TA07-163A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-163A.html" - }, - { - "name" : "VU#457281", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/457281" - }, - { - "name" : "24370", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24370" - }, - { - "name" : "35341", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35341" - }, - { - "name" : "ADV-2007-2155", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2155" - }, - { - "name" : "oval:org.mitre.oval:def:1643", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1643" - }, - { - "name" : "1018230", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018230" - }, - { - "name" : "25640", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35341", + "refsource": "OSVDB", + "url": "http://osvdb.org/35341" + }, + { + "name": "SSRT071438", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded" + }, + { + "name": "MS07-035", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-035" + }, + { + "name": "VU#457281", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/457281" + }, + { + "name": "TA07-163A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html" + }, + { + "name": "24370", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24370" + }, + { + "name": "ADV-2007-2155", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2155" + }, + { + "name": "oval:org.mitre.oval:def:1643", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1643" + }, + { + "name": "1018230", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018230" + }, + { + "name": "HPSBST02231", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded" + }, + { + "name": "25640", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25640" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0032.json b/2010/0xxx/CVE-2010-0032.json index c05718f6b53..5dc3cd24587 100644 --- a/2010/0xxx/CVE-2010-0032.json +++ b/2010/0xxx/CVE-2010-0032.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0032", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka \"OEPlaceholderAtom Use After Free Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-0032", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-004", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-004" - }, - { - "name" : "TA10-040A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-040A.html" - }, - { - "name" : "oval:org.mitre.oval:def:8303", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8303" - }, - { - "name" : "1023563", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023563" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka \"OEPlaceholderAtom Use After Free Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:8303", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8303" + }, + { + "name": "TA10-040A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-040A.html" + }, + { + "name": "MS10-004", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-004" + }, + { + "name": "1023563", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023563" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0388.json b/2010/0xxx/CVE-2010-0388.json index b5315fc792b..ab82a7e3149 100644 --- a/2010/0xxx/CVE-2010-0388.json +++ b/2010/0xxx/CVE-2010-0388.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0388", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in the encoding attribute of the XML declaration in a PROPFIND request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0388", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70-webdav.html", - "refsource" : "MISC", - "url" : "http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70-webdav.html" - }, - { - "name" : "37910", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37910" - }, - { - "name" : "jsws-webdav-format-string(55812)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55812" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in the encoding attribute of the XML declaration in a PROPFIND request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37910", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37910" + }, + { + "name": "http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70-webdav.html", + "refsource": "MISC", + "url": "http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70-webdav.html" + }, + { + "name": "jsws-webdav-format-string(55812)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55812" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1315.json b/2010/1xxx/CVE-2010-1315.json index d52a3100241..0b6edbea768 100644 --- a/2010/1xxx/CVE-2010-1315.json +++ b/2010/1xxx/CVE-2010-1315.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1315", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in weberpcustomer.php in the webERPcustomer (com_weberpcustomer) component 1.2.1 and 1.x before 1.06.02 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1315", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1004-exploits/joomlaweberpcustomer-lfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1004-exploits/joomlaweberpcustomer-lfi.txt" - }, - { - "name" : "11999", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11999" - }, - { - "name" : "39209", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39209" - }, - { - "name" : "weberpcutomer-controller-file-include(57482)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57482" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in weberpcustomer.php in the webERPcustomer (com_weberpcustomer) component 1.2.1 and 1.x before 1.06.02 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11999", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11999" + }, + { + "name": "http://packetstormsecurity.org/1004-exploits/joomlaweberpcustomer-lfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1004-exploits/joomlaweberpcustomer-lfi.txt" + }, + { + "name": "39209", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39209" + }, + { + "name": "weberpcutomer-controller-file-include(57482)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57482" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1461.json b/2010/1xxx/CVE-2010-1461.json index 04df0760b59..6efeae9c02f 100644 --- a/2010/1xxx/CVE-2010-1461.json +++ b/2010/1xxx/CVE-2010-1461.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1461", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the Photo Battle (com_photobattle) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via the view parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1461", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "12232", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12232" - }, - { - "name" : "39504", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39504" - }, - { - "name" : "63800", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/63800" - }, - { - "name" : "39469", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the Photo Battle (com_photobattle) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via the view parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "63800", + "refsource": "OSVDB", + "url": "http://osvdb.org/63800" + }, + { + "name": "39504", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39504" + }, + { + "name": "12232", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12232" + }, + { + "name": "39469", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39469" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3094.json b/2010/3xxx/CVE-2010-3094.json index 1e3e8c1cdd3..43ae58d312e 100644 --- a/2010/3xxx/CVE-2010-3094.json +++ b/2010/3xxx/CVE-2010-3094.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3094", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) an action description, (2) an action message, (3) a node, or (4) a taxonomy term, related to the actions feature and the trigger module." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3094", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100911 CVE id requests: drupal", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=128418560705305&w=2" - }, - { - "name" : "[oss-security] 20100913 Re: CVE id requests: drupal", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=128440896914512&w=2" - }, - { - "name" : "http://drupal.org/node/880476", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/880476" - }, - { - "name" : "DSA-2113", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2113" - }, - { - "name" : "42391", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42391" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) an action description, (2) an action message, (3) a node, or (4) a taxonomy term, related to the actions feature and the trigger module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2113", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2113" + }, + { + "name": "[oss-security] 20100913 Re: CVE id requests: drupal", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=128440896914512&w=2" + }, + { + "name": "http://drupal.org/node/880476", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/880476" + }, + { + "name": "[oss-security] 20100911 CVE id requests: drupal", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=128418560705305&w=2" + }, + { + "name": "42391", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42391" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3340.json b/2010/3xxx/CVE-2010-3340.json index bb5dccc4076..c6323fb046c 100644 --- a/2010/3xxx/CVE-2010-3340.json +++ b/2010/3xxx/CVE-2010-3340.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3340", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka \"HTML Object Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-3340", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-090", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090" - }, - { - "name" : "TA10-348A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-348A.html" - }, - { - "name" : "oval:org.mitre.oval:def:12204", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12204" - }, - { - "name" : "1024872", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024872" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka \"HTML Object Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-348A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html" + }, + { + "name": "MS10-090", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090" + }, + { + "name": "1024872", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024872" + }, + { + "name": "oval:org.mitre.oval:def:12204", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12204" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3731.json b/2010/3xxx/CVE-2010-3731.json index da950d98978..13e369b8683 100644 --- a/2010/3xxx/CVE-2010-3731.json +++ b/2010/3xxx/CVE-2010-3731.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3731", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the validateUser implementation in the com.ibm.db2.das.core.DasSysCmd function in db2dasrrm in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP3 allows remote attackers to execute arbitrary code via a long username string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3731", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-035", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-035" - }, - { - "name" : "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT", - "refsource" : "CONFIRM", - "url" : "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21426108", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21426108" - }, - { - "name" : "IC70538", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC70538" - }, - { - "name" : "IC69986", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC69986" - }, - { - "name" : "IC70539", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC70539" - }, - { - "name" : "46077", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46077" - }, - { - "name" : "oval:org.mitre.oval:def:14687", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14687" - }, - { - "name" : "41686", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41686" - }, - { - "name" : "ADV-2010-2544", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2544" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the validateUser implementation in the com.ibm.db2.das.core.DasSysCmd function in db2dasrrm in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP3 allows remote attackers to execute arbitrary code via a long username string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41686", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41686" + }, + { + "name": "46077", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46077" + }, + { + "name": "oval:org.mitre.oval:def:14687", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14687" + }, + { + "name": "IC70538", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC70538" + }, + { + "name": "IC69986", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC69986" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108" + }, + { + "name": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT", + "refsource": "CONFIRM", + "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT" + }, + { + "name": "ADV-2010-2544", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2544" + }, + { + "name": "IC70539", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC70539" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-035", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-035" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3921.json b/2010/3xxx/CVE-2010-3921.json index 110e0fcfbd1..31028a12bc9 100644 --- a/2010/3xxx/CVE-2010-3921.json +++ b/2010/3xxx/CVE-2010-3921.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3921", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2010-3921", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.movabletype.org/documentation/appendices/release-notes/movable-type-504-435-release-notes.html", - "refsource" : "CONFIRM", - "url" : "http://www.movabletype.org/documentation/appendices/release-notes/movable-type-504-435-release-notes.html" - }, - { - "name" : "JVN#36673836", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN36673836/index.html" - }, - { - "name" : "JVNDB-2010-000060", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000060.html" - }, - { - "name" : "1024833", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024833" - }, - { - "name" : "42539", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42539" - }, - { - "name" : "ADV-2010-3145", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3145" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2010-000060", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000060.html" + }, + { + "name": "1024833", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024833" + }, + { + "name": "ADV-2010-3145", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3145" + }, + { + "name": "42539", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42539" + }, + { + "name": "http://www.movabletype.org/documentation/appendices/release-notes/movable-type-504-435-release-notes.html", + "refsource": "CONFIRM", + "url": "http://www.movabletype.org/documentation/appendices/release-notes/movable-type-504-435-release-notes.html" + }, + { + "name": "JVN#36673836", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN36673836/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4347.json b/2010/4xxx/CVE-2010-4347.json index 6bb8523f74c..6c6790d0bcc 100644 --- a/2010/4xxx/CVE-2010-4347.json +++ b/2010/4xxx/CVE-2010-4347.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4347", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ACPI subsystem in the Linux kernel before 2.6.36.2 uses 0222 permissions for the debugfs custom_method file, which allows local users to gain privileges by placing a custom ACPI method in the ACPI interpreter tables, related to the acpi_debugfs_init function in drivers/acpi/debugfs.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-4347", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15774", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15774/" - }, - { - "name" : "[oss-security] 20101215 CVE Request: local privilege escalation via /sys/kernel/debug/acpi/custom_method", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/12/15/3" - }, - { - "name" : "[oss-security] 20101215 Re: CVE Request: local privilege escalation via /sys/kernel/debug/acpi/custom_method", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/12/15/7" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ed3aada1bf34c5a9e98af167f125f8a740fc726a", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ed3aada1bf34c5a9e98af167f125f8a740fc726a" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=663542", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=663542" - }, - { - "name" : "SUSE-SA:2011:001", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html" - }, - { - "name" : "SUSE-SA:2011:007", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" - }, - { - "name" : "45408", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45408" - }, - { - "name" : "42778", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42778" - }, - { - "name" : "ADV-2011-0012", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0012" - }, - { - "name" : "ADV-2011-0298", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0298" - }, - { - "name" : "kernel-debugfs-privilege-esc(64155)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64155" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ACPI subsystem in the Linux kernel before 2.6.36.2 uses 0222 permissions for the debugfs custom_method file, which allows local users to gain privileges by placing a custom ACPI method in the ACPI interpreter tables, related to the acpi_debugfs_init function in drivers/acpi/debugfs.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=663542", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=663542" + }, + { + "name": "42778", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42778" + }, + { + "name": "SUSE-SA:2011:001", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html" + }, + { + "name": "45408", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45408" + }, + { + "name": "SUSE-SA:2011:007", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" + }, + { + "name": "ADV-2011-0298", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0298" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2" + }, + { + "name": "[oss-security] 20101215 CVE Request: local privilege escalation via /sys/kernel/debug/acpi/custom_method", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/12/15/3" + }, + { + "name": "ADV-2011-0012", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0012" + }, + { + "name": "[oss-security] 20101215 Re: CVE Request: local privilege escalation via /sys/kernel/debug/acpi/custom_method", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/12/15/7" + }, + { + "name": "15774", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15774/" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ed3aada1bf34c5a9e98af167f125f8a740fc726a", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ed3aada1bf34c5a9e98af167f125f8a740fc726a" + }, + { + "name": "kernel-debugfs-privilege-esc(64155)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64155" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4420.json b/2010/4xxx/CVE-2010-4420.json index 548e9b68576..8ed0a8b73fe 100644 --- a/2010/4xxx/CVE-2010-4420.json +++ b/2010/4xxx/CVE-2010-4420.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4420", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows local users to affect confidentiality and integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-4420", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" - }, - { - "name" : "45855", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45855" - }, - { - "name" : "1024972", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024972" - }, - { - "name" : "42895", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42895" - }, - { - "name" : "ADV-2011-0139", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0139" - }, - { - "name" : "oracle-db-vault-unspecified(64760)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64760" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows local users to affect confidentiality and integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0139", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0139" + }, + { + "name": "oracle-db-vault-unspecified(64760)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64760" + }, + { + "name": "1024972", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024972" + }, + { + "name": "45855", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45855" + }, + { + "name": "42895", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42895" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4466.json b/2010/4xxx/CVE-2010-4466.json index b0ac61facfb..516cfb22691 100644 --- a/2010/4xxx/CVE-2010-4466.json +++ b/2010/4xxx/CVE-2010-4466.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4466", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux; 5.0 Update 27 and earlier for Windows; and 1.4.2_29 and earlier for Windows allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-4466", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html" - }, - { - "name" : "HPSBMU02797", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" - }, - { - "name" : "SSRT100867", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "RHSA-2011:0282", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0282.html" - }, - { - "name" : "RHSA-2011:0880", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0880.html" - }, - { - "name" : "SUSE-SA:2011:024", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html" - }, - { - "name" : "SUSE-SU-2011:0823", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html" - }, - { - "name" : "oval:org.mitre.oval:def:12837", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12837" - }, - { - "name" : "oval:org.mitre.oval:def:14271", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14271" - }, - { - "name" : "44954", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44954" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux; 5.0 Update 27 and earlier for Windows; and 1.4.2_29 and earlier for Windows allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "SUSE-SU-2011:0823", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html" + }, + { + "name": "oval:org.mitre.oval:def:14271", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14271" + }, + { + "name": "44954", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44954" + }, + { + "name": "RHSA-2011:0880", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html" + }, + { + "name": "RHSA-2011:0282", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0282.html" + }, + { + "name": "oval:org.mitre.oval:def:12837", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12837" + }, + { + "name": "SSRT100867", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" + }, + { + "name": "SUSE-SA:2011:024", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html" + }, + { + "name": "HPSBMU02797", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4829.json b/2010/4xxx/CVE-2010-4829.json index 5e6202bf203..63d7a0b9642 100644 --- a/2010/4xxx/CVE-2010-4829.json +++ b/2010/4xxx/CVE-2010-4829.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4829", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in processview.asp in Techno Dreams (T-Dreams) Cars Ads Package 2.0 allows remote attackers to execute arbitrary SQL commands via the key parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4829", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15677", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15677" - }, - { - "name" : "45200", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45200" - }, - { - "name" : "69635", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/69635" - }, - { - "name" : "42488", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42488" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in processview.asp in Techno Dreams (T-Dreams) Cars Ads Package 2.0 allows remote attackers to execute arbitrary SQL commands via the key parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42488", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42488" + }, + { + "name": "69635", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/69635" + }, + { + "name": "45200", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45200" + }, + { + "name": "15677", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15677" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4835.json b/2010/4xxx/CVE-2010-4835.json index ab6967507e8..91ba8fdfce4 100644 --- a/2010/4xxx/CVE-2010-4835.json +++ b/2010/4xxx/CVE-2010-4835.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4835", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in OneOrZero AIMS 2.6.0 Members Edition allows remote authenticated users to read arbitrary files via directory traversal sequences in the controller parameter in a show_report action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4835", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15519", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15519" - }, - { - "name" : "http://packetstormsecurity.org/files/view/95814/oneorzeroaims-lfisql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/view/95814/oneorzeroaims-lfisql.txt" - }, - { - "name" : "http://www.xenuser.org/documents/security/OneOrZero_Aims_multiple_vulnerabilities.txt", - "refsource" : "MISC", - "url" : "http://www.xenuser.org/documents/security/OneOrZero_Aims_multiple_vulnerabilities.txt" - }, - { - "name" : "8375", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8375" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in OneOrZero AIMS 2.6.0 Members Edition allows remote authenticated users to read arbitrary files via directory traversal sequences in the controller parameter in a show_report action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8375", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8375" + }, + { + "name": "http://packetstormsecurity.org/files/view/95814/oneorzeroaims-lfisql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/view/95814/oneorzeroaims-lfisql.txt" + }, + { + "name": "15519", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15519" + }, + { + "name": "http://www.xenuser.org/documents/security/OneOrZero_Aims_multiple_vulnerabilities.txt", + "refsource": "MISC", + "url": "http://www.xenuser.org/documents/security/OneOrZero_Aims_multiple_vulnerabilities.txt" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0160.json b/2014/0xxx/CVE-2014-0160.json index 52c61ad6eda..3911e576c4e 100644 --- a/2014/0xxx/CVE-2014-0160.json +++ b/2014/0xxx/CVE-2014-0160.json @@ -1,667 +1,667 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0160", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0160", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded" - }, - { - "name" : "32745", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/32745" - }, - { - "name" : "32764", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/32764" - }, - { - "name" : "20140408 Re: heartbleed OpenSSL bug CVE-2014-0160", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Apr/91" - }, - { - "name" : "20140408 heartbleed OpenSSL bug CVE-2014-0160", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Apr/90" - }, - { - "name" : "20140409 Re: heartbleed OpenSSL bug CVE-2014-0160", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Apr/109" - }, - { - "name" : "20140412 Re: heartbleed OpenSSL bug CVE-2014-0160", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Apr/190" - }, - { - "name" : "20140411 MRI Rubies may contain statically linked, vulnerable OpenSSL", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Apr/173" - }, - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/23" - }, - { - "name" : "[syslog-ng-announce] 20140411 syslog-ng Premium Edition 5 LTS (5.0.4a) has been released", - "refsource" : "MLIST", - "url" : "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html" - }, - { - "name" : "http://heartbleed.com/", - "refsource" : "MISC", - "url" : "http://heartbleed.com/" - }, - { - "name" : "http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/", - "refsource" : "MISC", - "url" : "http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/" - }, - { - "name" : "https://blog.torproject.org/blog/openssl-bug-cve-2014-0160", - "refsource" : "MISC", - "url" : "https://blog.torproject.org/blog/openssl-bug-cve-2014-0160" - }, - { - "name" : "https://gist.github.com/chapmajs/10473815", - "refsource" : "MISC", - "url" : "https://gist.github.com/chapmajs/10473815" - }, - { - "name" : "https://www.cert.fi/en/reports/2014/vulnerability788210.html", - "refsource" : "MISC", - "url" : "https://www.cert.fi/en/reports/2014/vulnerability788210.html" - }, - { - "name" : "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3", - "refsource" : "CONFIRM", - "url" : "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3" - }, - { - "name" : "http://www.openssl.org/news/secadv_20140407.txt", - "refsource" : "CONFIRM", - "url" : "http://www.openssl.org/news/secadv_20140407.txt" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1084875", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1084875" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21670161", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21670161" - }, - { - "name" : "http://www.blackberry.com/btsc/KB35882", - "refsource" : "CONFIRM", - "url" : "http://www.blackberry.com/btsc/KB35882" - }, - { - "name" : "http://www.splunk.com/view/SP-CAAAMB3", - "refsource" : "CONFIRM", - "url" : "http://www.splunk.com/view/SP-CAAAMB3" - }, - { - "name" : "https://code.google.com/p/mod-spdy/issues/detail?id=85", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/mod-spdy/issues/detail?id=85" - }, - { - "name" : "http://www.f-secure.com/en/web/labs_global/fsc-2014-1", - "refsource" : "CONFIRM", - "url" : "http://www.f-secure.com/en/web/labs_global/fsc-2014-1" - }, - { - "name" : "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/", - "refsource" : "CONFIRM", - "url" : "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/" - }, - { - "name" : "http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/", - "refsource" : "CONFIRM", - "url" : "http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/" - }, - { - "name" : "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/", - "refsource" : "CONFIRM", - "url" : "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/" - }, - { - "name" : "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/", - "refsource" : "CONFIRM", - "url" : "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/" - }, - { - "name" : "http://cogentdatahub.com/ReleaseNotes.html", - "refsource" : "CONFIRM", - "url" : "http://cogentdatahub.com/ReleaseNotes.html" - }, - { - "name" : "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1", - "refsource" : "CONFIRM", - "url" : "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1" - }, - { - "name" : "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3", - "refsource" : "CONFIRM", - "url" : "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3" - }, - { - "name" : "http://www.kerio.com/support/kerio-control/release-history", - "refsource" : "CONFIRM", - "url" : "http://www.kerio.com/support/kerio-control/release-history" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0165.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0165.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=isg400001841", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=isg400001841" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=isg400001843", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=isg400001843" - }, - { - "name" : "https://filezilla-project.org/versions.php?type=server", - "refsource" : "CONFIRM", - "url" : "https://filezilla-project.org/versions.php?type=server" - }, - { - "name" : "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" - }, - { - "name" : "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0", - "refsource" : "CONFIRM", - "url" : "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0" - }, - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661" - }, - { - "name" : "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01", - "refsource" : "CONFIRM", - "url" : "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01" - }, - { - "name" : "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf" - }, - { - "name" : "http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf" - }, - { - "name" : "http://support.citrix.com/article/CTX140605", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX140605" - }, - { - "name" : "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html" - }, - { - "name" : "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", - "refsource" : "CONFIRM", - "url" : "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008" - }, - { - "name" : "20140409 OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed" - }, - { - "name" : "DSA-2896", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2896" - }, - { - "name" : "FEDORA-2014-4879", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html" - }, - { - "name" : "FEDORA-2014-4910", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html" - }, - { - "name" : "FEDORA-2014-9308", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html" - }, - { - "name" : "HPSBMU02995", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139722163017074&w=2" - }, - { - "name" : "HPSBMU03009", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139905458328378&w=2" - }, - { - "name" : "HPSBMU03022", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139869891830365&w=2" - }, - { - "name" : "HPSBMU03024", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139889113431619&w=2" - }, - { - "name" : "HPSBST03000", - "refsource" : "HP", - "url" : "https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken" - }, - { - "name" : "HPSBHF03136", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141287864628122&w=2" - }, - { - "name" : "HPSBHF03293", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142660345230545&w=2" - }, - { - "name" : "SSRT101846", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142660345230545&w=2" - }, - { - "name" : "HPSBGN03008", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139774054614965&w=2" - }, - { - "name" : "HPSBGN03010", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139774703817488&w=2" - }, - { - "name" : "HPSBGN03011", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139833395230364&w=2" - }, - { - "name" : "HPSBHF03021", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139835815211508&w=2" - }, - { - "name" : "HPSBMU02994", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139757726426985&w=2" - }, - { - "name" : "HPSBMU02997", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139757919027752&w=2" - }, - { - "name" : "HPSBMU02998", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139757819327350&w=2" - }, - { - "name" : "HPSBMU02999", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139765756720506&w=2" - }, - { - "name" : "HPSBMU03012", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139808058921905&w=2" - }, - { - "name" : "HPSBMU03013", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139824993005633&w=2" - }, - { - "name" : "HPSBMU03017", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139817727317190&w=2" - }, - { - "name" : "HPSBMU03018", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139817782017443&w=2" - }, - { - "name" : "HPSBMU03019", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139817685517037&w=2" - }, - { - "name" : "HPSBMU03020", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139836085512508&w=2" - }, - { - "name" : "HPSBMU03023", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139843768401936&w=2" - }, - { - "name" : "HPSBMU03025", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139869720529462&w=2" - }, - { - "name" : "HPSBMU03028", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139905243827825&w=2" - }, - { - "name" : "HPSBMU03029", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139905202427693&w=2" - }, - { - "name" : "HPSBMU03030", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139905351928096&w=2" - }, - { - "name" : "HPSBMU03032", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139905405728262&w=2" - }, - { - "name" : "HPSBMU03033", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139905295427946&w=2" - }, - { - "name" : "HPSBMU03037", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140724451518351&w=2" - }, - { - "name" : "HPSBMU03040", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140015787404650&w=2" - }, - { - "name" : "HPSBMU03044", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140075368411126&w=2" - }, - { - "name" : "HPSBMU03062", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140752315422991&w=2" - }, - { - "name" : "HPSBPI03014", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139835844111589&w=2" - }, - { - "name" : "HPSBPI03031", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139889295732144&w=2" - }, - { - "name" : "HPSBST03001", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139758572430452&w=2" - }, - { - "name" : "HPSBST03004", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139905653828999&w=2" - }, - { - "name" : "HPSBST03015", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139824923705461&w=2" - }, - { - "name" : "HPSBST03016", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139842151128341&w=2" - }, - { - "name" : "HPSBST03027", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139905868529690&w=2" - }, - { - "name" : "MDVSA-2015:062", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062" - }, - { - "name" : "RHSA-2014:0376", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0376.html" - }, - { - "name" : "RHSA-2014:0377", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0377.html" - }, - { - "name" : "RHSA-2014:0378", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0378.html" - }, - { - "name" : "RHSA-2014:0396", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0396.html" - }, - { - "name" : "SUSE-SA:2014:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html" - }, - { - "name" : "openSUSE-SU-2014:0492", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html" - }, - { - "name" : "openSUSE-SU-2014:0560", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html" - }, - { - "name" : "USN-2165-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2165-1" - }, - { - "name" : "TA14-098A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA14-098A" - }, - { - "name" : "VU#720951", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/720951" - }, - { - "name" : "66690", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66690" - }, - { - "name" : "1030026", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030026" - }, - { - "name" : "1030074", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030074" - }, - { - "name" : "1030077", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030077" - }, - { - "name" : "1030078", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030078" - }, - { - "name" : "1030079", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030079" - }, - { - "name" : "1030080", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030080" - }, - { - "name" : "1030081", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030081" - }, - { - "name" : "1030082", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030082" - }, - { - "name" : "57347", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57347" - }, - { - "name" : "57483", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57483" - }, - { - "name" : "57721", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57721" - }, - { - "name" : "57836", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57836" - }, - { - "name" : "57966", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57966" - }, - { - "name" : "57968", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57968" - }, - { - "name" : "59243", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59243" - }, - { - "name" : "59139", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59139" - }, - { - "name" : "59347", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59347" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217", + "refsource": "CONFIRM", + "url": "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217" + }, + { + "name": "1030077", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030077" + }, + { + "name": "20140408 heartbleed OpenSSL bug CVE-2014-0160", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Apr/90" + }, + { + "name": "http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/", + "refsource": "CONFIRM", + "url": "http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/" + }, + { + "name": "DSA-2896", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2896" + }, + { + "name": "HPSBGN03008", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139774054614965&w=2" + }, + { + "name": "HPSBMU03024", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139889113431619&w=2" + }, + { + "name": "RHSA-2014:0396", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0396.html" + }, + { + "name": "HPSBHF03021", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139835815211508&w=2" + }, + { + "name": "HPSBHF03136", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141287864628122&w=2" + }, + { + "name": "VU#720951", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/720951" + }, + { + "name": "http://www.splunk.com/view/SP-CAAAMB3", + "refsource": "CONFIRM", + "url": "http://www.splunk.com/view/SP-CAAAMB3" + }, + { + "name": "HPSBMU03033", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139905295427946&w=2" + }, + { + "name": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0", + "refsource": "CONFIRM", + "url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0" + }, + { + "name": "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf", + "refsource": "CONFIRM", + "url": "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf" + }, + { + "name": "HPSBGN03011", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139833395230364&w=2" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670161", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670161" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" + }, + { + "name": "openSUSE-SU-2014:0492", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html" + }, + { + "name": "SSRT101846", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142660345230545&w=2" + }, + { + "name": "20140409 Re: heartbleed OpenSSL bug CVE-2014-0160", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Apr/109" + }, + { + "name": "HPSBMU03037", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140724451518351&w=2" + }, + { + "name": "1030080", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030080" + }, + { + "name": "57836", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57836" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843" + }, + { + "name": "HPSBMU03012", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139808058921905&w=2" + }, + { + "name": "HPSBST03001", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139758572430452&w=2" + }, + { + "name": "66690", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66690" + }, + { + "name": "http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf", + "refsource": "CONFIRM", + "url": "http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf" + }, + { + "name": "https://filezilla-project.org/versions.php?type=server", + "refsource": "CONFIRM", + "url": "https://filezilla-project.org/versions.php?type=server" + }, + { + "name": "HPSBMU03023", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139843768401936&w=2" + }, + { + "name": "57483", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57483" + }, + { + "name": "20140409 OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed" + }, + { + "name": "http://www.kerio.com/support/kerio-control/release-history", + "refsource": "CONFIRM", + "url": "http://www.kerio.com/support/kerio-control/release-history" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0165.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0165.html" + }, + { + "name": "http://www.blackberry.com/btsc/KB35882", + "refsource": "CONFIRM", + "url": "http://www.blackberry.com/btsc/KB35882" + }, + { + "name": "HPSBHF03293", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142660345230545&w=2" + }, + { + "name": "HPSBMU03044", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140075368411126&w=2" + }, + { + "name": "HPSBMU03030", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139905351928096&w=2" + }, + { + "name": "1030081", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030081" + }, + { + "name": "FEDORA-2014-4879", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" + }, + { + "name": "FEDORA-2014-4910", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1084875", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1084875" + }, + { + "name": "FEDORA-2014-9308", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841" + }, + { + "name": "HPSBMU03013", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139824993005633&w=2" + }, + { + "name": "1030079", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030079" + }, + { + "name": "RHSA-2014:0377", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0377.html" + }, + { + "name": "HPSBMU02995", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139722163017074&w=2" + }, + { + "name": "HPSBPI03031", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139889295732144&w=2" + }, + { + "name": "https://code.google.com/p/mod-spdy/issues/detail?id=85", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/mod-spdy/issues/detail?id=85" + }, + { + "name": "HPSBMU02999", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139765756720506&w=2" + }, + { + "name": "HPSBGN03010", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139774703817488&w=2" + }, + { + "name": "HPSBMU03029", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139905202427693&w=2" + }, + { + "name": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/", + "refsource": "CONFIRM", + "url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/" + }, + { + "name": "http://heartbleed.com/", + "refsource": "MISC", + "url": "http://heartbleed.com/" + }, + { + "name": "HPSBMU03018", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139817782017443&w=2" + }, + { + "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01", + "refsource": "CONFIRM", + "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01" + }, + { + "name": "HPSBMU03040", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140015787404650&w=2" + }, + { + "name": "http://cogentdatahub.com/ReleaseNotes.html", + "refsource": "CONFIRM", + "url": "http://cogentdatahub.com/ReleaseNotes.html" + }, + { + "name": "HPSBMU03025", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139869720529462&w=2" + }, + { + "name": "HPSBST03016", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139842151128341&w=2" + }, + { + "name": "HPSBMU03028", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139905243827825&w=2" + }, + { + "name": "HPSBMU03009", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139905458328378&w=2" + }, + { + "name": "http://www.f-secure.com/en/web/labs_global/fsc-2014-1", + "refsource": "CONFIRM", + "url": "http://www.f-secure.com/en/web/labs_global/fsc-2014-1" + }, + { + "name": "TA14-098A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA14-098A" + }, + { + "name": "57347", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57347" + }, + { + "name": "[syslog-ng-announce] 20140411 syslog-ng Premium Edition 5 LTS (5.0.4a) has been released", + "refsource": "MLIST", + "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html" + }, + { + "name": "20140411 MRI Rubies may contain statically linked, vulnerable OpenSSL", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Apr/173" + }, + { + "name": "https://blog.torproject.org/blog/openssl-bug-cve-2014-0160", + "refsource": "MISC", + "url": "https://blog.torproject.org/blog/openssl-bug-cve-2014-0160" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html" + }, + { + "name": "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html", + "refsource": "CONFIRM", + "url": "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html" + }, + { + "name": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3", + "refsource": "CONFIRM", + "url": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3" + }, + { + "name": "HPSBST03000", + "refsource": "HP", + "url": "https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/23" + }, + { + "name": "HPSBST03004", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139905653828999&w=2" + }, + { + "name": "USN-2165-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2165-1" + }, + { + "name": "RHSA-2014:0378", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0378.html" + }, + { + "name": "HPSBMU02997", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139757919027752&w=2" + }, + { + "name": "SUSE-SA:2014:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html" + }, + { + "name": "32764", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/32764" + }, + { + "name": "HPSBMU02994", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139757726426985&w=2" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00" + }, + { + "name": "HPSBMU03022", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139869891830365&w=2" + }, + { + "name": "HPSBST03027", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139905868529690&w=2" + }, + { + "name": "HPSBMU03019", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139817685517037&w=2" + }, + { + "name": "HPSBMU03062", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140752315422991&w=2" + }, + { + "name": "20140408 Re: heartbleed OpenSSL bug CVE-2014-0160", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Apr/91" + }, + { + "name": "1030078", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030078" + }, + { + "name": "59243", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59243" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661" + }, + { + "name": "HPSBMU03020", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139836085512508&w=2" + }, + { + "name": "HPSBST03015", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139824923705461&w=2" + }, + { + "name": "RHSA-2014:0376", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0376.html" + }, + { + "name": "HPSBPI03014", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139835844111589&w=2" + }, + { + "name": "MDVSA-2015:062", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062" + }, + { + "name": "https://www.cert.fi/en/reports/2014/vulnerability788210.html", + "refsource": "MISC", + "url": "https://www.cert.fi/en/reports/2014/vulnerability788210.html" + }, + { + "name": "57721", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57721" + }, + { + "name": "57968", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57968" + }, + { + "name": "http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/", + "refsource": "MISC", + "url": "http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/" + }, + { + "name": "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3", + "refsource": "CONFIRM", + "url": "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3" + }, + { + "name": "openSUSE-SU-2014:0560", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html" + }, + { + "name": "HPSBMU03032", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139905405728262&w=2" + }, + { + "name": "1030082", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030082" + }, + { + "name": "HPSBMU02998", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139757819327350&w=2" + }, + { + "name": "32745", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/32745" + }, + { + "name": "20140412 Re: heartbleed OpenSSL bug CVE-2014-0160", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Apr/190" + }, + { + "name": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/", + "refsource": "CONFIRM", + "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/" + }, + { + "name": "HPSBMU03017", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139817727317190&w=2" + }, + { + "name": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", + "refsource": "CONFIRM", + "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008" + }, + { + "name": "http://www.openssl.org/news/secadv_20140407.txt", + "refsource": "CONFIRM", + "url": "http://www.openssl.org/news/secadv_20140407.txt" + }, + { + "name": "https://gist.github.com/chapmajs/10473815", + "refsource": "MISC", + "url": "https://gist.github.com/chapmajs/10473815" + }, + { + "name": "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1", + "refsource": "CONFIRM", + "url": "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1" + }, + { + "name": "1030074", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030074" + }, + { + "name": "http://support.citrix.com/article/CTX140605", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX140605" + }, + { + "name": "59139", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59139" + }, + { + "name": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/", + "refsource": "CONFIRM", + "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/" + }, + { + "name": "57966", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57966" + }, + { + "name": "1030026", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030026" + }, + { + "name": "59347", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59347" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0274.json b/2014/0xxx/CVE-2014-0274.json index 66b4902a4fe..437d1be3c67 100644 --- a/2014/0xxx/CVE-2014-0274.json +++ b/2014/0xxx/CVE-2014-0274.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0274", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-0270, CVE-2014-0273, and CVE-2014-0288." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-0274", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-010", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-010" - }, - { - "name" : "65372", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65372" - }, - { - "name" : "103173", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/103173" - }, - { - "name" : "1029741", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029741" - }, - { - "name" : "56796", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56796" - }, - { - "name" : "ms-ie-cve20140274-code-exec(90764)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90764" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-0270, CVE-2014-0273, and CVE-2014-0288." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS14-010", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-010" + }, + { + "name": "ms-ie-cve20140274-code-exec(90764)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90764" + }, + { + "name": "65372", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65372" + }, + { + "name": "1029741", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029741" + }, + { + "name": "56796", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56796" + }, + { + "name": "103173", + "refsource": "OSVDB", + "url": "http://osvdb.org/103173" + } + ] + } +} \ No newline at end of file diff --git a/2014/10xxx/CVE-2014-10061.json b/2014/10xxx/CVE-2014-10061.json index aa5d952b5be..b4b573f5b3c 100644 --- a/2014/10xxx/CVE-2014-10061.json +++ b/2014/10xxx/CVE-2014-10061.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-10061", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-10061", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4441.json b/2014/4xxx/CVE-2014-4441.json index 6f25a987c4f..6cd585dd31f 100644 --- a/2014/4xxx/CVE-2014-4441.json +++ b/2014/4xxx/CVE-2014-4441.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4441", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NetFS Client Framework in Apple OS X before 10.10 does not ensure that the disabling of File Sharing is always possible, which allows remote attackers to read or write to files by leveraging a state in which File Sharing is permanently enabled." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4441", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/kb/HT6535", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT6535" - }, - { - "name" : "APPLE-SA-2014-10-16-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" - }, - { - "name" : "1031063", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031063" - }, - { - "name" : "macosx-cve20144441-info-disc(97627)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97627" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NetFS Client Framework in Apple OS X before 10.10 does not ensure that the disabling of File Sharing is always possible, which allows remote attackers to read or write to files by leveraging a state in which File Sharing is permanently enabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2014-10-16-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" + }, + { + "name": "1031063", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031063" + }, + { + "name": "https://support.apple.com/kb/HT6535", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT6535" + }, + { + "name": "macosx-cve20144441-info-disc(97627)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97627" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4484.json b/2014/4xxx/CVE-2014-4484.json index d33189aed44..19ae5461127 100644 --- a/2014/4xxx/CVE-2014-4484.json +++ b/2014/4xxx/CVE-2014-4484.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4484", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .dfont file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4484", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/HT204244", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204244" - }, - { - "name" : "http://support.apple.com/HT204245", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204245" - }, - { - "name" : "http://support.apple.com/HT204246", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204246" - }, - { - "name" : "APPLE-SA-2015-01-27-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html" - }, - { - "name" : "APPLE-SA-2015-01-27-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-01-27-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" - }, - { - "name" : "1031650", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031650" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .dfont file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/HT204245", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204245" + }, + { + "name": "http://support.apple.com/HT204246", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204246" + }, + { + "name": "1031650", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031650" + }, + { + "name": "APPLE-SA-2015-01-27-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html" + }, + { + "name": "http://support.apple.com/HT204244", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204244" + }, + { + "name": "APPLE-SA-2015-01-27-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html" + }, + { + "name": "APPLE-SA-2015-01-27-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4886.json b/2014/4xxx/CVE-2014-4886.json index 37148e911fc..1b5dfa3f837 100644 --- a/2014/4xxx/CVE-2014-4886.json +++ b/2014/4xxx/CVE-2014-4886.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4886", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4886", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8048.json b/2014/8xxx/CVE-2014-8048.json index d808c99d4c3..cf0503fd6a7 100644 --- a/2014/8xxx/CVE-2014-8048.json +++ b/2014/8xxx/CVE-2014-8048.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8048", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8048", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8303.json b/2014/8xxx/CVE-2014-8303.json index e2d46ec3c58..e50a3a64a4d 100644 --- a/2014/8xxx/CVE-2014-8303.json +++ b/2014/8xxx/CVE-2014-8303.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8303", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4 and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to event parsing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8303", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.splunk.com/view/SP-CAAANHS", - "refsource" : "CONFIRM", - "url" : "http://www.splunk.com/view/SP-CAAANHS" - }, - { - "name" : "1030994", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030994" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4 and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to event parsing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030994", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030994" + }, + { + "name": "http://www.splunk.com/view/SP-CAAANHS", + "refsource": "CONFIRM", + "url": "http://www.splunk.com/view/SP-CAAANHS" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8723.json b/2014/8xxx/CVE-2014-8723.json index 4f07f3822ee..bf724112c81 100644 --- a/2014/8xxx/CVE-2014-8723.json +++ b/2014/8xxx/CVE-2014-8723.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8723", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) plugins/anonymous_data.php or (2) plugins/InnovationPlugin.php, which reveals the installation path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8723", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://rossmarks.uk/portfolio.php", - "refsource" : "MISC", - "url" : "http://rossmarks.uk/portfolio.php" - }, - { - "name" : "http://rossmarks.uk/whitepapers/getSimple_cms_3.3.4.txt", - "refsource" : "MISC", - "url" : "http://rossmarks.uk/whitepapers/getSimple_cms_3.3.4.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) plugins/anonymous_data.php or (2) plugins/InnovationPlugin.php, which reveals the installation path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://rossmarks.uk/whitepapers/getSimple_cms_3.3.4.txt", + "refsource": "MISC", + "url": "http://rossmarks.uk/whitepapers/getSimple_cms_3.3.4.txt" + }, + { + "name": "http://rossmarks.uk/portfolio.php", + "refsource": "MISC", + "url": "http://rossmarks.uk/portfolio.php" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8760.json b/2014/8xxx/CVE-2014-8760.json index 419c0a808d5..1d2160b9c6d 100644 --- a/2014/8xxx/CVE-2014-8760.json +++ b/2014/8xxx/CVE-2014-8760.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8760", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ejabberd before 2.1.13 does not enforce the starttls_required setting when compression is used, which causes clients to establish connections without encryption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8760", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Operators] 20141013 ejabberd: compression allows circumvention of encryption", - "refsource" : "MLIST", - "url" : "http://mail.jabber.org/pipermail/operators/2014-October/002438.html" - }, - { - "name" : "[oss-security] 20141013 CVE request: ejabberd compression allows cirucumvention of encryption despite starttls_required", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q4/312" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1153839", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1153839" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0417.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0417.html" - }, - { - "name" : "https://github.com/processone/ejabberd/commit/7bdc1151b", - "refsource" : "CONFIRM", - "url" : "https://github.com/processone/ejabberd/commit/7bdc1151b" - }, - { - "name" : "MDVSA-2014:207", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:207" - }, - { - "name" : "MDVSA-2015:175", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:175" - }, - { - "name" : "70415", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70415" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ejabberd before 2.1.13 does not enforce the starttls_required setting when compression is used, which causes clients to establish connections without encryption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20141013 CVE request: ejabberd compression allows cirucumvention of encryption despite starttls_required", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q4/312" + }, + { + "name": "[Operators] 20141013 ejabberd: compression allows circumvention of encryption", + "refsource": "MLIST", + "url": "http://mail.jabber.org/pipermail/operators/2014-October/002438.html" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0417.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0417.html" + }, + { + "name": "https://github.com/processone/ejabberd/commit/7bdc1151b", + "refsource": "CONFIRM", + "url": "https://github.com/processone/ejabberd/commit/7bdc1151b" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1153839", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1153839" + }, + { + "name": "MDVSA-2014:207", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:207" + }, + { + "name": "70415", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70415" + }, + { + "name": "MDVSA-2015:175", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:175" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8771.json b/2014/8xxx/CVE-2014-8771.json index b9253583579..85a473700de 100644 --- a/2014/8xxx/CVE-2014-8771.json +++ b/2014/8xxx/CVE-2014-8771.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8771", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the admin area in X3 CMS 0.5.1 and 0.5.1.1 allow remote attackers to hijack the authentication of administrators via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8771", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hacktivity.websecgeeks.com/x3-cms-xss-and-csrf/", - "refsource" : "MISC", - "url" : "http://hacktivity.websecgeeks.com/x3-cms-xss-and-csrf/" - }, - { - "name" : "http://www.x3cms.net/en/news/article/8bb9a4f84d956653b4daa19ee7c529fa/x3_cms_0.5.2", - "refsource" : "CONFIRM", - "url" : "http://www.x3cms.net/en/news/article/8bb9a4f84d956653b4daa19ee7c529fa/x3_cms_0.5.2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the admin area in X3 CMS 0.5.1 and 0.5.1.1 allow remote attackers to hijack the authentication of administrators via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.x3cms.net/en/news/article/8bb9a4f84d956653b4daa19ee7c529fa/x3_cms_0.5.2", + "refsource": "CONFIRM", + "url": "http://www.x3cms.net/en/news/article/8bb9a4f84d956653b4daa19ee7c529fa/x3_cms_0.5.2" + }, + { + "name": "http://hacktivity.websecgeeks.com/x3-cms-xss-and-csrf/", + "refsource": "MISC", + "url": "http://hacktivity.websecgeeks.com/x3-cms-xss-and-csrf/" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9184.json b/2014/9xxx/CVE-2014-9184.json index 52f4c806f5f..5bb26568bc1 100644 --- a/2014/9xxx/CVE-2014-9184.json +++ b/2014/9xxx/CVE-2014-9184.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9184", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ZTE ZXDSL 831CII allows remote attackers to bypass authentication via a direct request to (1) main.cgi, (2) adminpasswd.cgi, (3) userpasswd.cgi, (4) upload.cgi, (5) conprocess.cgi, or (6) connect.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9184", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/129015/ZTE-ZXDSL-831CII-Insecure-Direct-Object-Reference.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129015/ZTE-ZXDSL-831CII-Insecure-Direct-Object-Reference.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ZTE ZXDSL 831CII allows remote attackers to bypass authentication via a direct request to (1) main.cgi, (2) adminpasswd.cgi, (3) userpasswd.cgi, (4) upload.cgi, (5) conprocess.cgi, or (6) connect.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/129015/ZTE-ZXDSL-831CII-Insecure-Direct-Object-Reference.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129015/ZTE-ZXDSL-831CII-Insecure-Direct-Object-Reference.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9440.json b/2014/9xxx/CVE-2014-9440.json index d744afd5c44..731f3676c94 100644 --- a/2014/9xxx/CVE-2014-9440.json +++ b/2014/9xxx/CVE-2014-9440.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9440", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in browse.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the category parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9440", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35591", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35591" - }, - { - "name" : "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html" - }, - { - "name" : "phpmyrecipes-browse-sql-injection(99531)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99531" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in browse.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the category parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35591", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35591" + }, + { + "name": "phpmyrecipes-browse-sql-injection(99531)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99531" + }, + { + "name": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9523.json b/2014/9xxx/CVE-2014-9523.json index ae039e18692..54216017efb 100644 --- a/2014/9xxx/CVE-2014-9523.json +++ b/2014/9xxx/CVE-2014-9523.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9523", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the Our Team Showcase (our-team-enhanced) plugin before 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or (2) conduct cross-site scripting (XSS) attacks via the sc_our_team_member_count parameter in the sc_team_settings page to wp-admin/edit.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9523", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/129499/WordPress-Our-Team-Showcase-1.2-CSRF-XSS.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129499/WordPress-Our-Team-Showcase-1.2-CSRF-XSS.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Our Team Showcase (our-team-enhanced) plugin before 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or (2) conduct cross-site scripting (XSS) attacks via the sc_our_team_member_count parameter in the sc_team_settings page to wp-admin/edit.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/129499/WordPress-Our-Team-Showcase-1.2-CSRF-XSS.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129499/WordPress-Our-Team-Showcase-1.2-CSRF-XSS.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9605.json b/2014/9xxx/CVE-2014-9605.json index 61fdf16116f..97d82efd68a 100644 --- a/2014/9xxx/CVE-2014-9605.json +++ b/2014/9xxx/CVE-2014-9605.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9605", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and create a system backup tarball, restart the server, or stop the filters on the server via a ' (single quote) character in the login and password parameters to webupgrade/webupgrade.php. NOTE: this was originally reported as an SQL injection vulnerability, but this may be inaccurate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9605", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "37928", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/37928/" - }, - { - "name" : "https://helpdesk.netsweeper.com/docs/3.1/release_notes/netsweeper_releasenotes/3_1_10_0_release_notes/3.1.10_release_notes.htm", - "refsource" : "CONFIRM", - "url" : "https://helpdesk.netsweeper.com/docs/3.1/release_notes/netsweeper_releasenotes/3_1_10_0_release_notes/3.1.10_release_notes.htm" - }, - { - "name" : "https://helpdesk.netsweeper.com/docs/4.0/release_notes/netsweeper_releasenotes/4_0_9_release_notes/4.0.9_release_notes.htm", - "refsource" : "CONFIRM", - "url" : "https://helpdesk.netsweeper.com/docs/4.0/release_notes/netsweeper_releasenotes/4_0_9_release_notes/4.0.9_release_notes.htm" - }, - { - "name" : "https://helpdesk.netsweeper.com/docs/4.1/release_notes/netsweeper_releasenotes/4_1_release_notes/4_1_2_release_notes/4.1.2_release_notes.htm", - "refsource" : "CONFIRM", - "url" : "https://helpdesk.netsweeper.com/docs/4.1/release_notes/netsweeper_releasenotes/4_1_release_notes/4_1_2_release_notes/4.1.2_release_notes.htm" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and create a system backup tarball, restart the server, or stop the filters on the server via a ' (single quote) character in the login and password parameters to webupgrade/webupgrade.php. NOTE: this was originally reported as an SQL injection vulnerability, but this may be inaccurate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpdesk.netsweeper.com/docs/4.1/release_notes/netsweeper_releasenotes/4_1_release_notes/4_1_2_release_notes/4.1.2_release_notes.htm", + "refsource": "CONFIRM", + "url": "https://helpdesk.netsweeper.com/docs/4.1/release_notes/netsweeper_releasenotes/4_1_release_notes/4_1_2_release_notes/4.1.2_release_notes.htm" + }, + { + "name": "https://helpdesk.netsweeper.com/docs/3.1/release_notes/netsweeper_releasenotes/3_1_10_0_release_notes/3.1.10_release_notes.htm", + "refsource": "CONFIRM", + "url": "https://helpdesk.netsweeper.com/docs/3.1/release_notes/netsweeper_releasenotes/3_1_10_0_release_notes/3.1.10_release_notes.htm" + }, + { + "name": "37928", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/37928/" + }, + { + "name": "https://helpdesk.netsweeper.com/docs/4.0/release_notes/netsweeper_releasenotes/4_0_9_release_notes/4.0.9_release_notes.htm", + "refsource": "CONFIRM", + "url": "https://helpdesk.netsweeper.com/docs/4.0/release_notes/netsweeper_releasenotes/4_0_9_release_notes/4.0.9_release_notes.htm" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9611.json b/2014/9xxx/CVE-2014-9611.json index 99874e6503f..a88e97a64d4 100644 --- a/2014/9xxx/CVE-2014-9611.json +++ b/2014/9xxx/CVE-2014-9611.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9611", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Netsweeper before 4.0.5 allows remote attackers to bypass authentication and create arbitrary accounts and policies via a request to webadmin/nslam/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9611", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "37931", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/37931/" - }, - { - "name" : "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Netsweeper before 4.0.5 allows remote attackers to bypass authentication and create arbitrary accounts and policies via a request to webadmin/nslam/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html" + }, + { + "name": "37931", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/37931/" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9663.json b/2014/9xxx/CVE-2014-9663.json index 911a243dd58..281d8bcf205 100644 --- a/2014/9xxx/CVE-2014-9663.json +++ b/2014/9xxx/CVE-2014-9663.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9663", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9663", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/google-security-research/issues/detail?id=184", - "refsource" : "MISC", - "url" : "http://code.google.com/p/google-security-research/issues/detail?id=184" - }, - { - "name" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=9bd20b7304aae61de5d50ac359cf27132bafd4c1", - "refsource" : "CONFIRM", - "url" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=9bd20b7304aae61de5d50ac359cf27132bafd4c1" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2015-0083.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2015-0083.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" - }, - { - "name" : "DSA-3188", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3188" - }, - { - "name" : "FEDORA-2015-2216", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html" - }, - { - "name" : "FEDORA-2015-2237", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html" - }, - { - "name" : "GLSA-201503-05", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201503-05" - }, - { - "name" : "MDVSA-2015:055", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:055" - }, - { - "name" : "RHSA-2015:0696", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0696.html" - }, - { - "name" : "openSUSE-SU-2015:0627", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html" - }, - { - "name" : "USN-2510-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2510-1" - }, - { - "name" : "USN-2739-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2739-1" - }, - { - "name" : "72986", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/google-security-research/issues/detail?id=184", + "refsource": "MISC", + "url": "http://code.google.com/p/google-security-research/issues/detail?id=184" + }, + { + "name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=9bd20b7304aae61de5d50ac359cf27132bafd4c1", + "refsource": "CONFIRM", + "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=9bd20b7304aae61de5d50ac359cf27132bafd4c1" + }, + { + "name": "DSA-3188", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3188" + }, + { + "name": "GLSA-201503-05", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201503-05" + }, + { + "name": "72986", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72986" + }, + { + "name": "USN-2739-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2739-1" + }, + { + "name": "openSUSE-SU-2015:0627", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html" + }, + { + "name": "http://advisories.mageia.org/MGASA-2015-0083.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2015-0083.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" + }, + { + "name": "RHSA-2015:0696", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0696.html" + }, + { + "name": "FEDORA-2015-2216", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html" + }, + { + "name": "MDVSA-2015:055", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:055" + }, + { + "name": "USN-2510-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2510-1" + }, + { + "name": "FEDORA-2015-2237", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3107.json b/2016/3xxx/CVE-2016-3107.json index 03a57074c4d..4c02873c3f0 100644 --- a/2016/3xxx/CVE-2016-3107.json +++ b/2016/3xxx/CVE-2016-3107.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3107", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the \"/etc/pki/pulp/nodes/\" directory, which allows local users to gain access to sensitive data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-3107", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160519 Pulp 2.8.3 Released to address multiple CVEs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/05/20/1" - }, - { - "name" : "https://bugzilla.redhat.com/attachment.cgi?id=1146471", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/attachment.cgi?id=1146471" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1325930", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1325930" - }, - { - "name" : "https://pulp.plan.io/issues/1833", - "refsource" : "CONFIRM", - "url" : "https://pulp.plan.io/issues/1833" - }, - { - "name" : "RHBA-2016:1501", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHBA-2016:1501" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the \"/etc/pki/pulp/nodes/\" directory, which allows local users to gain access to sensitive data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1325930", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1325930" + }, + { + "name": "https://pulp.plan.io/issues/1833", + "refsource": "CONFIRM", + "url": "https://pulp.plan.io/issues/1833" + }, + { + "name": "https://bugzilla.redhat.com/attachment.cgi?id=1146471", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/attachment.cgi?id=1146471" + }, + { + "name": "RHBA-2016:1501", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHBA-2016:1501" + }, + { + "name": "[oss-security] 20160519 Pulp 2.8.3 Released to address multiple CVEs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/05/20/1" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3180.json b/2016/3xxx/CVE-2016-3180.json index 29cecc81c94..49cc1ee8c7e 100644 --- a/2016/3xxx/CVE-2016-3180.json +++ b/2016/3xxx/CVE-2016-3180.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3180", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Tor Browser Launcher (aka torbrowser-launcher) before 0.2.4, during the initial run, allows man-in-the-middle attackers to bypass the PGP signature verification and execute arbitrary code via a Trojan horse tar file and a signature file with the valid tarball and signature." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3180", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/micahflee/torbrowser-launcher/issues/229", - "refsource" : "CONFIRM", - "url" : "https://github.com/micahflee/torbrowser-launcher/issues/229" - }, - { - "name" : "96140", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96140" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Tor Browser Launcher (aka torbrowser-launcher) before 0.2.4, during the initial run, allows man-in-the-middle attackers to bypass the PGP signature verification and execute arbitrary code via a Trojan horse tar file and a signature file with the valid tarball and signature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/micahflee/torbrowser-launcher/issues/229", + "refsource": "CONFIRM", + "url": "https://github.com/micahflee/torbrowser-launcher/issues/229" + }, + { + "name": "96140", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96140" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3329.json b/2016/3xxx/CVE-2016-3329.json index 2bfef785d16..d29e6fd3fb1 100644 --- a/2016/3xxx/CVE-2016-3329.json +++ b/2016/3xxx/CVE-2016-3329.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3329", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to determine the existence of files via a crafted webpage, aka \"Internet Explorer Information Disclosure Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3329", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-095", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-095" - }, - { - "name" : "MS16-096", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-096" - }, - { - "name" : "92286", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92286" - }, - { - "name" : "1036562", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036562" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to determine the existence of files via a crafted webpage, aka \"Internet Explorer Information Disclosure Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-095", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-095" + }, + { + "name": "1036562", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036562" + }, + { + "name": "92286", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92286" + }, + { + "name": "MS16-096", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-096" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3430.json b/2016/3xxx/CVE-2016-3430.json index 32ee51bb883..db603548da6 100644 --- a/2016/3xxx/CVE-2016-3430.json +++ b/2016/3xxx/CVE-2016-3430.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3430", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3430", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6176.json b/2016/6xxx/CVE-2016-6176.json index 22191fc957b..df136a33a5d 100644 --- a/2016/6xxx/CVE-2016-6176.json +++ b/2016/6xxx/CVE-2016-6176.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6176", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6176", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6277.json b/2016/6xxx/CVE-2016-6277.json index 0ce9e5a5197..9363821dc9c 100644 --- a/2016/6xxx/CVE-2016-6277.json +++ b/2016/6xxx/CVE-2016-6277.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6277", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6277", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40889", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40889/" - }, - { - "name" : "41598", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41598/" - }, - { - "name" : "http://www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/", - "refsource" : "MISC", - "url" : "http://www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/" - }, - { - "name" : "https://kalypto.org/research/netgear-vulnerability-expanded/", - "refsource" : "MISC", - "url" : "https://kalypto.org/research/netgear-vulnerability-expanded/" - }, - { - "name" : "http://kb.netgear.com/000036386/CVE-2016-582384", - "refsource" : "CONFIRM", - "url" : "http://kb.netgear.com/000036386/CVE-2016-582384" - }, - { - "name" : "VU#582384", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/582384" - }, - { - "name" : "94819", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94819" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40889", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40889/" + }, + { + "name": "41598", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41598/" + }, + { + "name": "http://kb.netgear.com/000036386/CVE-2016-582384", + "refsource": "CONFIRM", + "url": "http://kb.netgear.com/000036386/CVE-2016-582384" + }, + { + "name": "http://www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/", + "refsource": "MISC", + "url": "http://www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/" + }, + { + "name": "VU#582384", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/582384" + }, + { + "name": "94819", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94819" + }, + { + "name": "https://kalypto.org/research/netgear-vulnerability-expanded/", + "refsource": "MISC", + "url": "https://kalypto.org/research/netgear-vulnerability-expanded/" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6854.json b/2016/6xxx/CVE-2016-6854.json index bd5e1e43201..a3fc87baa45 100644 --- a/2016/6xxx/CVE-2016-6854.json +++ b/2016/6xxx/CVE-2016-6854.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6854", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code which got injected to a mail with inline PGP signature gets executed when verifying the signature. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6854", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160913 Open-Xchange Security Advisory 2016-09-13 (2)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/539395/100/0/threaded" - }, - { - "name" : "40377", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40377/" - }, - { - "name" : "http://packetstormsecurity.com/files/138701/Open-Xchange-Guard-2.4.2-Cross-Site-Scripting.html", - "refsource" : "CONFIRM", - "url" : "http://packetstormsecurity.com/files/138701/Open-Xchange-Guard-2.4.2-Cross-Site-Scripting.html" - }, - { - "name" : "92920", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92920" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code which got injected to a mail with inline PGP signature gets executed when verifying the signature. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92920", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92920" + }, + { + "name": "http://packetstormsecurity.com/files/138701/Open-Xchange-Guard-2.4.2-Cross-Site-Scripting.html", + "refsource": "CONFIRM", + "url": "http://packetstormsecurity.com/files/138701/Open-Xchange-Guard-2.4.2-Cross-Site-Scripting.html" + }, + { + "name": "40377", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40377/" + }, + { + "name": "20160913 Open-Xchange Security Advisory 2016-09-13 (2)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/539395/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6990.json b/2016/6xxx/CVE-2016-6990.json index 87bf820af36..5a70a6eef52 100644 --- a/2016/6xxx/CVE-2016-6990.json +++ b/2016/6xxx/CVE-2016-6990.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6990", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, and CVE-2016-6989." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-6990", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html" - }, - { - "name" : "GLSA-201610-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201610-10" - }, - { - "name" : "RHSA-2016:2057", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2057.html" - }, - { - "name" : "93490", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93490" - }, - { - "name" : "1036985", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036985" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, and CVE-2016-6989." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201610-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201610-10" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html" + }, + { + "name": "93490", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93490" + }, + { + "name": "RHSA-2016:2057", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2057.html" + }, + { + "name": "1036985", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036985" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7369.json b/2016/7xxx/CVE-2016-7369.json index 61be8a4298c..3c11db1f8dc 100644 --- a/2016/7xxx/CVE-2016-7369.json +++ b/2016/7xxx/CVE-2016-7369.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7369", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7369", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7469.json b/2016/7xxx/CVE-2016-7469.json index 8ad08fd59cb..90e1398fe2d 100644 --- a/2016/7xxx/CVE-2016-7469.json +++ b/2016/7xxx/CVE-2016-7469.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "ID" : "CVE-2016-7469", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM,WebAccelerator,WOM,WebSafe", - "version" : { - "version_data" : [ - { - "version_value" : "12.0.0 - 12.1.2" - }, - { - "version_value" : "11.4.0 - 11.6.1" - }, - { - "version_value" : "11.2.1" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM and WebSafe version 12.0.0 - 12.1.2, 11.4.0 - 11.6.1, and 11.2.1 allows an authenticated user to inject arbitrary web script or HTML. Exploitation requires Resource Administrator or Administrator privileges, and it could cause the Configuration utility client to become unstable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "cross-site scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "ID": "CVE-2016-7469", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM,WebAccelerator,WOM,WebSafe", + "version": { + "version_data": [ + { + "version_value": "12.0.0 - 12.1.2" + }, + { + "version_value": "11.4.0 - 11.6.1" + }, + { + "version_value": "11.2.1" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/article/K97285349", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K97285349" - }, - { - "name" : "95320", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95320" - }, - { - "name" : "1037559", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037559" - }, - { - "name" : "1037560", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037560" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM and WebSafe version 12.0.0 - 12.1.2, 11.4.0 - 11.6.1, and 11.2.1 allows an authenticated user to inject arbitrary web script or HTML. Exploitation requires Resource Administrator or Administrator privileges, and it could cause the Configuration utility client to become unstable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "cross-site scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.f5.com/csp/article/K97285349", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K97285349" + }, + { + "name": "1037559", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037559" + }, + { + "name": "95320", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95320" + }, + { + "name": "1037560", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037560" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7573.json b/2016/7xxx/CVE-2016-7573.json index a89848c0f5a..7220ded8d34 100644 --- a/2016/7xxx/CVE-2016-7573.json +++ b/2016/7xxx/CVE-2016-7573.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7573", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7573", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7647.json b/2016/7xxx/CVE-2016-7647.json index c23cb2b0534..4f14a92d4a8 100644 --- a/2016/7xxx/CVE-2016-7647.json +++ b/2016/7xxx/CVE-2016-7647.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7647", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7647", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7700.json b/2016/7xxx/CVE-2016-7700.json index 3d2b111aeeb..66d406fc534 100644 --- a/2016/7xxx/CVE-2016-7700.json +++ b/2016/7xxx/CVE-2016-7700.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7700", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7700", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8211.json b/2016/8xxx/CVE-2016-8211.json index 676ab8204d3..cad3c440c97 100644 --- a/2016/8xxx/CVE-2016-8211.json +++ b/2016/8xxx/CVE-2016-8211.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2016-8211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "EMC Data Protection Advisor EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446", - "version" : { - "version_data" : [ - { - "version_value" : "EMC Data Protection Advisor EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users to compromise the affected system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2016-8211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMC Data Protection Advisor EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446", + "version": { + "version_data": [ + { + "version_value": "EMC Data Protection Advisor EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securityfocus.com/archive/1/540067/30/0/threaded", - "refsource" : "CONFIRM", - "url" : "http://www.securityfocus.com/archive/1/540067/30/0/threaded" - }, - { - "name" : "95833", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95833" - }, - { - "name" : "1037729", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037729" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users to compromise the affected system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.securityfocus.com/archive/1/540067/30/0/threaded", + "refsource": "CONFIRM", + "url": "http://www.securityfocus.com/archive/1/540067/30/0/threaded" + }, + { + "name": "95833", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95833" + }, + { + "name": "1037729", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037729" + } + ] + } +} \ No newline at end of file