From a2d1c05750d3ea71ac2bab71ed1e1d13085a1848 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 22:23:44 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0005.json | 210 +++++++++++----------- 2006/0xxx/CVE-2006-0078.json | 210 +++++++++++----------- 2006/0xxx/CVE-2006-0309.json | 190 ++++++++++---------- 2006/0xxx/CVE-2006-0375.json | 150 ++++++++-------- 2006/0xxx/CVE-2006-0491.json | 200 ++++++++++----------- 2006/0xxx/CVE-2006-0980.json | 150 ++++++++-------- 2006/1xxx/CVE-2006-1035.json | 150 ++++++++-------- 2006/1xxx/CVE-2006-1080.json | 170 +++++++++--------- 2006/3xxx/CVE-2006-3104.json | 200 ++++++++++----------- 2006/3xxx/CVE-2006-3455.json | 190 ++++++++++---------- 2006/3xxx/CVE-2006-3799.json | 170 +++++++++--------- 2006/3xxx/CVE-2006-3934.json | 180 +++++++++---------- 2006/4xxx/CVE-2006-4172.json | 190 ++++++++++---------- 2006/4xxx/CVE-2006-4394.json | 200 ++++++++++----------- 2006/4xxx/CVE-2006-4509.json | 170 +++++++++--------- 2006/4xxx/CVE-2006-4540.json | 180 +++++++++---------- 2006/4xxx/CVE-2006-4609.json | 170 +++++++++--------- 2006/4xxx/CVE-2006-4927.json | 290 +++++++++++++++--------------- 2010/2xxx/CVE-2010-2199.json | 130 +++++++------- 2010/2xxx/CVE-2010-2203.json | 160 ++++++++--------- 2010/2xxx/CVE-2010-2367.json | 140 +++++++-------- 2010/2xxx/CVE-2010-2889.json | 200 ++++++++++----------- 2010/3xxx/CVE-2010-3325.json | 150 ++++++++-------- 2010/3xxx/CVE-2010-3550.json | 300 +++++++++++++++---------------- 2010/3xxx/CVE-2010-3580.json | 130 +++++++------- 2010/3xxx/CVE-2010-3887.json | 120 ++++++------- 2010/4xxx/CVE-2010-4643.json | 330 +++++++++++++++++------------------ 2011/0xxx/CVE-2011-0074.json | 230 ++++++++++++------------ 2011/0xxx/CVE-2011-0101.json | 210 +++++++++++----------- 2011/0xxx/CVE-2011-0346.json | 260 +++++++++++++-------------- 2011/1xxx/CVE-2011-1282.json | 140 +++++++-------- 2011/1xxx/CVE-2011-1295.json | 220 +++++++++++------------ 2011/1xxx/CVE-2011-1732.json | 200 ++++++++++----------- 2011/5xxx/CVE-2011-5004.json | 160 ++++++++--------- 2011/5xxx/CVE-2011-5083.json | 160 ++++++++--------- 2011/5xxx/CVE-2011-5185.json | 130 +++++++------- 2014/3xxx/CVE-2014-3198.json | 160 ++++++++--------- 2014/3xxx/CVE-2014-3281.json | 140 +++++++-------- 2014/3xxx/CVE-2014-3408.json | 140 +++++++-------- 2014/3xxx/CVE-2014-3762.json | 34 ++-- 2014/3xxx/CVE-2014-3898.json | 160 ++++++++--------- 2014/6xxx/CVE-2014-6832.json | 140 +++++++-------- 2014/6xxx/CVE-2014-6966.json | 140 +++++++-------- 2014/7xxx/CVE-2014-7205.json | 170 +++++++++--------- 2014/7xxx/CVE-2014-7841.json | 330 +++++++++++++++++------------------ 2014/8xxx/CVE-2014-8012.json | 130 +++++++------- 2014/8xxx/CVE-2014-8221.json | 34 ++-- 2014/8xxx/CVE-2014-8404.json | 34 ++-- 2014/8xxx/CVE-2014-8540.json | 160 ++++++++--------- 2014/9xxx/CVE-2014-9577.json | 140 +++++++-------- 2016/2xxx/CVE-2016-2063.json | 140 +++++++-------- 2016/2xxx/CVE-2016-2098.json | 230 ++++++++++++------------ 2016/2xxx/CVE-2016-2269.json | 34 ++-- 2016/2xxx/CVE-2016-2892.json | 34 ++-- 2016/2xxx/CVE-2016-2931.json | 140 +++++++-------- 2016/6xxx/CVE-2016-6089.json | 146 ++++++++-------- 2016/6xxx/CVE-2016-6102.json | 146 ++++++++-------- 2016/6xxx/CVE-2016-6326.json | 34 ++-- 2016/6xxx/CVE-2016-6642.json | 130 +++++++------- 2017/5xxx/CVE-2017-5273.json | 34 ++-- 2017/5xxx/CVE-2017-5660.json | 138 +++++++-------- 2017/5xxx/CVE-2017-5807.json | 142 +++++++-------- 2017/5xxx/CVE-2017-5844.json | 190 ++++++++++---------- 63 files changed, 5095 insertions(+), 5095 deletions(-) diff --git a/2006/0xxx/CVE-2006-0005.json b/2006/0xxx/CVE-2006-0005.json index e268c17b95d..188360ca793 100644 --- a/2006/0xxx/CVE-2006-0005.json +++ b/2006/0xxx/CVE-2006-0005.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0005", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2006-0005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060214 Microsoft Windows Media Player Plugin Buffer Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=393" - }, - { - "name" : "MS06-006", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-006" - }, - { - "name" : "TA06-045A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-045A.html" - }, - { - "name" : "VU#692060", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/692060" - }, - { - "name" : "16644", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16644" - }, - { - "name" : "ADV-2006-0575", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0575" - }, - { - "name" : "oval:org.mitre.oval:def:1559", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1559" - }, - { - "name" : "1015628", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015628" - }, - { - "name" : "18852", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18852" - }, - { - "name" : "win-mediaplayer-plugin-embed-bo(24493)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24493" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0575", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0575" + }, + { + "name": "16644", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16644" + }, + { + "name": "win-mediaplayer-plugin-embed-bo(24493)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24493" + }, + { + "name": "1015628", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015628" + }, + { + "name": "VU#692060", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/692060" + }, + { + "name": "20060214 Microsoft Windows Media Player Plugin Buffer Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=393" + }, + { + "name": "MS06-006", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-006" + }, + { + "name": "oval:org.mitre.oval:def:1559", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1559" + }, + { + "name": "TA06-045A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-045A.html" + }, + { + "name": "18852", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18852" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0078.json b/2006/0xxx/CVE-2006-0078.json index 32a6f1f2f44..51938dbd37a 100644 --- a/2006/0xxx/CVE-2006-0078.json +++ b/2006/0xxx/CVE-2006-0078.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0078", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in B-net Software 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) shout variables to (a) shout.php, or the (3) title and (4) message variables to (b) guestbook.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0078", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060102 [eVuln] B-net Software Multiple XSS Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/420673/100/0/threaded" - }, - { - "name" : "20060825 Re: [eVuln] B-net Software Multiple XSS Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444320/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/10/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/10/summary.html" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=442067&group_id=117067", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=442067&group_id=117067" - }, - { - "name" : "16114", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16114" - }, - { - "name" : "ADV-2006-0018", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0018" - }, - { - "name" : "22190", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22190" - }, - { - "name" : "22191", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22191" - }, - { - "name" : "18271", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18271" - }, - { - "name" : "316", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/316" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in B-net Software 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) shout variables to (a) shout.php, or the (3) title and (4) message variables to (b) guestbook.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060102 [eVuln] B-net Software Multiple XSS Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/420673/100/0/threaded" + }, + { + "name": "ADV-2006-0018", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0018" + }, + { + "name": "http://evuln.com/vulns/10/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/10/summary.html" + }, + { + "name": "18271", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18271" + }, + { + "name": "20060825 Re: [eVuln] B-net Software Multiple XSS Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444320/100/0/threaded" + }, + { + "name": "16114", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16114" + }, + { + "name": "316", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/316" + }, + { + "name": "22191", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22191" + }, + { + "name": "22190", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22190" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=442067&group_id=117067", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=442067&group_id=117067" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0309.json b/2006/0xxx/CVE-2006-0309.json index 97ac2f077ea..97b72543f4e 100644 --- a/2006/0xxx/CVE-2006-0309.json +++ b/2006/0xxx/CVE-2006-0309.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0309", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows remote attackers on the local network, to cause a denial of service via IP packets with a null IP option length." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0309", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060113 Linksys VPN Router (BEFVP41) DoS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/421929/100/0/threaded" - }, - { - "name" : "20060116 Re: Linksys VPN Router (BEFVP41) DoS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/422064/100/0/threaded" - }, - { - "name" : "20060117 Re: Linksys VPN Router (BEFVP41) DoS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/422266/100/0/threaded" - }, - { - "name" : "16307", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16307" - }, - { - "name" : "ADV-2006-0238", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0238" - }, - { - "name" : "1015490", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015490" - }, - { - "name" : "18461", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18461" - }, - { - "name" : "linksys-null-length-dos(24125)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24125" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows remote attackers on the local network, to cause a denial of service via IP packets with a null IP option length." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0238", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0238" + }, + { + "name": "20060117 Re: Linksys VPN Router (BEFVP41) DoS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/422266/100/0/threaded" + }, + { + "name": "16307", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16307" + }, + { + "name": "20060113 Linksys VPN Router (BEFVP41) DoS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/421929/100/0/threaded" + }, + { + "name": "linksys-null-length-dos(24125)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24125" + }, + { + "name": "1015490", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015490" + }, + { + "name": "18461", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18461" + }, + { + "name": "20060116 Re: Linksys VPN Router (BEFVP41) DoS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/422064/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0375.json b/2006/0xxx/CVE-2006-0375.json index 119b84cc5b3..5cee4c4c8fc 100644 --- a/2006/0xxx/CVE-2006-0375.json +++ b/2006/0xxx/CVE-2006-0375.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0375", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 running firmware 1.1.21 on VxWorks uses a hardcoded Network Time Protocol (NTP) server in Taiwan, which could allow remote attackers to provide false time information, block access to time information, or conduct other attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0375", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060116 ACT P202S VoIP wireless phone multiple undocumented ports/services", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041434.html" - }, - { - "name" : "16288", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16288" - }, - { - "name" : "18514", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18514" - }, - { - "name" : "act-p202s-default-port(24149)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24149" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 running firmware 1.1.21 on VxWorks uses a hardcoded Network Time Protocol (NTP) server in Taiwan, which could allow remote attackers to provide false time information, block access to time information, or conduct other attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "act-p202s-default-port(24149)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24149" + }, + { + "name": "18514", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18514" + }, + { + "name": "20060116 ACT P202S VoIP wireless phone multiple undocumented ports/services", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041434.html" + }, + { + "name": "16288", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16288" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0491.json b/2006/0xxx/CVE-2006-0491.json index 8c409d0bb6a..e7c5f836d7c 100644 --- a/2006/0xxx/CVE-2006-0491.json +++ b/2006/0xxx/CVE-2006-0491.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0491", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in SZUserMgnt.class.php in SZUserMgnt 1.4 allows remote attackers to execute arbitrary SQL commands via the username parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0491", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060201 [eVuln] SZUserMgnt Authentication Bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/423658/100/0/threaded" - }, - { - "name" : "http://www.evuln.com/vulns/53/summary.html", - "refsource" : "MISC", - "url" : "http://www.evuln.com/vulns/53/summary.html" - }, - { - "name" : "16454", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16454" - }, - { - "name" : "ADV-2006-0366", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0366" - }, - { - "name" : "22809", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22809" - }, - { - "name" : "1015569", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015569" - }, - { - "name" : "18666", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18666" - }, - { - "name" : "396", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/396" - }, - { - "name" : "szusermgnt-username-sql-injection(24339)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24339" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in SZUserMgnt.class.php in SZUserMgnt 1.4 allows remote attackers to execute arbitrary SQL commands via the username parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.evuln.com/vulns/53/summary.html", + "refsource": "MISC", + "url": "http://www.evuln.com/vulns/53/summary.html" + }, + { + "name": "396", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/396" + }, + { + "name": "16454", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16454" + }, + { + "name": "ADV-2006-0366", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0366" + }, + { + "name": "1015569", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015569" + }, + { + "name": "22809", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22809" + }, + { + "name": "szusermgnt-username-sql-injection(24339)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24339" + }, + { + "name": "20060201 [eVuln] SZUserMgnt Authentication Bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/423658/100/0/threaded" + }, + { + "name": "18666", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18666" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0980.json b/2006/0xxx/CVE-2006-0980.json index 9e858c991fd..ed46e27f990 100644 --- a/2006/0xxx/CVE-2006-0980.json +++ b/2006/0xxx/CVE-2006-0980.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0980", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Jay Eckles CGI Calendar 2.7 allow remote attackers to inject arbitrary web script or HTML via the year parameter in (1) index.cgi and (2) viewday.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0980", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060226 CGI Calendar XSS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426198/100/0/threaded" - }, - { - "name" : "ADV-2006-0764", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0764" - }, - { - "name" : "19066", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19066" - }, - { - "name" : "cgicalendar-index-viewday-xss(24946)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24946" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Jay Eckles CGI Calendar 2.7 allow remote attackers to inject arbitrary web script or HTML via the year parameter in (1) index.cgi and (2) viewday.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060226 CGI Calendar XSS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426198/100/0/threaded" + }, + { + "name": "ADV-2006-0764", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0764" + }, + { + "name": "19066", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19066" + }, + { + "name": "cgicalendar-index-viewday-xss(24946)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24946" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1035.json b/2006/1xxx/CVE-2006-1035.json index 46c3f3e316c..8dbe1b0d5e9 100644 --- a/2006/1xxx/CVE-2006-1035.json +++ b/2006/1xxx/CVE-2006-1035.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1035", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Diagnostics module 2.2 and earlier allows remote attackers to access diagnostics tests via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1035", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.integrigy.com/info/IntegrigySecurityAnalysis-OracleDiag0206.pdf", - "refsource" : "MISC", - "url" : "http://www.integrigy.com/info/IntegrigySecurityAnalysis-OracleDiag0206.pdf" - }, - { - "name" : "16844", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16844" - }, - { - "name" : "VU#298958", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/298958" - }, - { - "name" : "19076", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19076" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Diagnostics module 2.2 and earlier allows remote attackers to access diagnostics tests via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16844", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16844" + }, + { + "name": "http://www.integrigy.com/info/IntegrigySecurityAnalysis-OracleDiag0206.pdf", + "refsource": "MISC", + "url": "http://www.integrigy.com/info/IntegrigySecurityAnalysis-OracleDiag0206.pdf" + }, + { + "name": "19076", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19076" + }, + { + "name": "VU#298958", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/298958" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1080.json b/2006/1xxx/CVE-2006-1080.json index a1038c344fc..268113ca3e0 100644 --- a/2006/1xxx/CVE-2006-1080.json +++ b/2006/1xxx/CVE-2006-1080.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1080", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in login.php in Game-Panel 2.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter, possibly requiring a URL encoded value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1080", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060304 Game-Panel <= 2.1.6 XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426825/100/0/threaded" - }, - { - "name" : "http://notlegal.ws/gamepanel.txt", - "refsource" : "MISC", - "url" : "http://notlegal.ws/gamepanel.txt" - }, - { - "name" : "16979", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16979" - }, - { - "name" : "ADV-2006-0864", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0864" - }, - { - "name" : "19143", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19143" - }, - { - "name" : "gamepanel-login-xss(25144)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25144" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in login.php in Game-Panel 2.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter, possibly requiring a URL encoded value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060304 Game-Panel <= 2.1.6 XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426825/100/0/threaded" + }, + { + "name": "gamepanel-login-xss(25144)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25144" + }, + { + "name": "ADV-2006-0864", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0864" + }, + { + "name": "http://notlegal.ws/gamepanel.txt", + "refsource": "MISC", + "url": "http://notlegal.ws/gamepanel.txt" + }, + { + "name": "16979", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16979" + }, + { + "name": "19143", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19143" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3104.json b/2006/3xxx/CVE-2006-3104.json index a8eadf82f42..def19bbcb98 100644 --- a/2006/3xxx/CVE-2006-3104.json +++ b/2006/3xxx/CVE-2006-3104.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "users/index.php in Bitweaver 1.3 allows remote attackers to obtain sensitive information via an invalid sort_mode parameter, which reveals the installation path and database information in the resultant error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060617 bitweaver <= v1.3 multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437491/100/0/threaded" - }, - { - "name" : "http://retrogod.altervista.org/bitweaver_13_xpl.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/bitweaver_13_xpl.html" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=336854&group_id=141358", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=336854&group_id=141358" - }, - { - "name" : "http://www.bitweaver.org/articles/45", - "refsource" : "CONFIRM", - "url" : "http://www.bitweaver.org/articles/45" - }, - { - "name" : "ADV-2006-2405", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2405" - }, - { - "name" : "26589", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26589" - }, - { - "name" : "20695", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20695" - }, - { - "name" : "1115", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1115" - }, - { - "name" : "bitweaver-index-path-disclosure(27214)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27214" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "users/index.php in Bitweaver 1.3 allows remote attackers to obtain sensitive information via an invalid sort_mode parameter, which reveals the installation path and database information in the resultant error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=336854&group_id=141358", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=336854&group_id=141358" + }, + { + "name": "http://retrogod.altervista.org/bitweaver_13_xpl.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/bitweaver_13_xpl.html" + }, + { + "name": "26589", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26589" + }, + { + "name": "bitweaver-index-path-disclosure(27214)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27214" + }, + { + "name": "20695", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20695" + }, + { + "name": "http://www.bitweaver.org/articles/45", + "refsource": "CONFIRM", + "url": "http://www.bitweaver.org/articles/45" + }, + { + "name": "1115", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1115" + }, + { + "name": "ADV-2006-2405", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2405" + }, + { + "name": "20060617 bitweaver <= v1.3 multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437491/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3455.json b/2006/3xxx/CVE-2006-3455.json index 2e32b1eb600..d73df5903ac 100644 --- a/2006/3xxx/CVE-2006-3455.json +++ b/2006/3xxx/CVE-2006-3455.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3455", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate Edition 8.1 and 9.0.x up to 9.0.3, and Symantec Client Security 1.1 and 2.0.x up to 2.0.3, allows local users to execute arbitrary code via a modified address for the output buffer argument to the DeviceIOControl function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3455", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061023 Symantec Product Security: Symantec Device Driver Elevation of Privileg", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/449524/100/0/threaded" - }, - { - "name" : "http://www.symantec.com/avcenter/security/Content/2006.10.23.html", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/avcenter/security/Content/2006.10.23.html" - }, - { - "name" : "20684", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20684" - }, - { - "name" : "ADV-2006-4157", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4157" - }, - { - "name" : "1017108", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017108" - }, - { - "name" : "1017109", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017109" - }, - { - "name" : "22536", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22536" - }, - { - "name" : "symantec-savrt-privilege-escalation(29762)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29762" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate Edition 8.1 and 9.0.x up to 9.0.3, and Symantec Client Security 1.1 and 2.0.x up to 2.0.3, allows local users to execute arbitrary code via a modified address for the output buffer argument to the DeviceIOControl function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "symantec-savrt-privilege-escalation(29762)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29762" + }, + { + "name": "20684", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20684" + }, + { + "name": "ADV-2006-4157", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4157" + }, + { + "name": "http://www.symantec.com/avcenter/security/Content/2006.10.23.html", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/avcenter/security/Content/2006.10.23.html" + }, + { + "name": "20061023 Symantec Product Security: Symantec Device Driver Elevation of Privileg", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/449524/100/0/threaded" + }, + { + "name": "22536", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22536" + }, + { + "name": "1017108", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017108" + }, + { + "name": "1017109", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017109" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3799.json b/2006/3xxx/CVE-2006-3799.json index 586ab8d4686..8982f0892f1 100644 --- a/2006/3xxx/CVE-2006-3799.json +++ b/2006/3xxx/CVE-2006-3799.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3799", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL injection protection mechanisms via the login variable and certain other variables, by using lowercase \"union select\" or possibly other statements that do not match the uppercase \"UNION SELECT.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3799", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060718 DeluxeBB mutiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440435/100/0/threaded" - }, - { - "name" : "20060718 Advisory : DeluxeBB mutiple vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047989.html" - }, - { - "name" : "19052", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19052" - }, - { - "name" : "ADV-2006-2879", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2879" - }, - { - "name" : "21116", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21116" - }, - { - "name" : "1254", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1254" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL injection protection mechanisms via the login variable and certain other variables, by using lowercase \"union select\" or possibly other statements that do not match the uppercase \"UNION SELECT.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1254", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1254" + }, + { + "name": "19052", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19052" + }, + { + "name": "21116", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21116" + }, + { + "name": "20060718 Advisory : DeluxeBB mutiple vulnerabilities", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047989.html" + }, + { + "name": "ADV-2006-2879", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2879" + }, + { + "name": "20060718 DeluxeBB mutiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440435/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3934.json b/2006/3xxx/CVE-2006-3934.json index 262608119aa..f39635e5211 100644 --- a/2006/3xxx/CVE-2006-3934.json +++ b/2006/3xxx/CVE-2006-3934.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3934", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3934", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060726 Multiple vulnerabilities in OpenCMS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441182/100/0/threaded" - }, - { - "name" : "http://o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txt", - "refsource" : "MISC", - "url" : "http://o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txt" - }, - { - "name" : "http://www.opencms.org/export/download/opencms/opencms_6.2.2_src.zip", - "refsource" : "MISC", - "url" : "http://www.opencms.org/export/download/opencms/opencms_6.2.2_src.zip" - }, - { - "name" : "http://www.opencms.org/opencms/en/shownews.html?id=1002", - "refsource" : "MISC", - "url" : "http://www.opencms.org/opencms/en/shownews.html?id=1002" - }, - { - "name" : "21193", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21193" - }, - { - "name" : "1302", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1302" - }, - { - "name" : "opencms-downloadtrigger-file-access(28000)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28000" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21193", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21193" + }, + { + "name": "http://www.opencms.org/opencms/en/shownews.html?id=1002", + "refsource": "MISC", + "url": "http://www.opencms.org/opencms/en/shownews.html?id=1002" + }, + { + "name": "1302", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1302" + }, + { + "name": "20060726 Multiple vulnerabilities in OpenCMS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441182/100/0/threaded" + }, + { + "name": "opencms-downloadtrigger-file-access(28000)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28000" + }, + { + "name": "http://o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txt", + "refsource": "MISC", + "url": "http://o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txt" + }, + { + "name": "http://www.opencms.org/export/download/opencms/opencms_6.2.2_src.zip", + "refsource": "MISC", + "url": "http://www.opencms.org/export/download/opencms/opencms_6.2.2_src.zip" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4172.json b/2006/4xxx/CVE-2006-4172.json index e4c13b2442f..bc7a642c580 100644 --- a/2006/4xxx/CVE-2006-4172.json +++ b/2006/4xxx/CVE-2006-4172.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4172", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow vulnerability in the i386_set_ldt call in FreeBSD 5.5, and possibly earlier versions down to 5.2, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2006-4178." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4172", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060923 FreeBSD i386_set_ldt Integer Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=414" - }, - { - "name" : "20060925 iDefense Security Advisory 09.23.06: FreeBSD i386_set_ldt Integer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/446945/100/0/threaded" - }, - { - "name" : "20060923 [RISE-2006002] FreeBSD 5.x kernel i386_set_ldt() integer overflow vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-09/0376.html" - }, - { - "name" : "20158", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20158" - }, - { - "name" : "1016926", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016926" - }, - { - "name" : "1016928", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016928" - }, - { - "name" : "22064", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22064" - }, - { - "name" : "freebsd-i386setldt-overflow(29132)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29132" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow vulnerability in the i386_set_ldt call in FreeBSD 5.5, and possibly earlier versions down to 5.2, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2006-4178." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "freebsd-i386setldt-overflow(29132)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29132" + }, + { + "name": "20060925 iDefense Security Advisory 09.23.06: FreeBSD i386_set_ldt Integer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/446945/100/0/threaded" + }, + { + "name": "1016926", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016926" + }, + { + "name": "22064", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22064" + }, + { + "name": "20158", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20158" + }, + { + "name": "1016928", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016928" + }, + { + "name": "20060923 FreeBSD i386_set_ldt Integer Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=414" + }, + { + "name": "20060923 [RISE-2006002] FreeBSD 5.x kernel i386_set_ldt() integer overflow vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-09/0376.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4394.json b/2006/4xxx/CVE-2006-4394.json index be1da9854f8..1bd2ea10c65 100644 --- a/2006/4xxx/CVE-2006-4394.json +++ b/2006/4xxx/CVE-2006-4394.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4394", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A logic error in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, allows network accounts without GUIds to bypass service access controls and log into the system using loginwindow via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4394", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2006-09-29", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html" - }, - { - "name" : "TA06-275A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-275A.html" - }, - { - "name" : "VU#897628", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/897628" - }, - { - "name" : "20271", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20271" - }, - { - "name" : "ADV-2006-3852", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3852" - }, - { - "name" : "29272", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29272" - }, - { - "name" : "1016959", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016959" - }, - { - "name" : "22187", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22187" - }, - { - "name" : "macos-loginwindow-security-bypass(29293)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29293" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A logic error in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, allows network accounts without GUIds to bypass service access controls and log into the system using loginwindow via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016959", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016959" + }, + { + "name": "20271", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20271" + }, + { + "name": "macos-loginwindow-security-bypass(29293)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29293" + }, + { + "name": "29272", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29272" + }, + { + "name": "22187", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22187" + }, + { + "name": "ADV-2006-3852", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3852" + }, + { + "name": "VU#897628", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/897628" + }, + { + "name": "APPLE-SA-2006-09-29", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html" + }, + { + "name": "TA06-275A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-275A.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4509.json b/2006/4xxx/CVE-2006-4509.json index 909be3e2c34..58ecd015f1f 100644 --- a/2006/4xxx/CVE-2006-4509.json +++ b/2006/4xxx/CVE-2006-4509.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4509", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4509", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061022 Novell eDirectory evtFilteredMonitorEventsRequest Heap Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=427" - }, - { - "name" : "20663", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20663" - }, - { - "name" : "ADV-2006-4142", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4142" - }, - { - "name" : "1017104", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017104" - }, - { - "name" : "22506", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22506" - }, - { - "name" : "edirectory-monitoreventsrequest-bo(29764)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29764" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061022 Novell eDirectory evtFilteredMonitorEventsRequest Heap Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=427" + }, + { + "name": "20663", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20663" + }, + { + "name": "edirectory-monitoreventsrequest-bo(29764)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29764" + }, + { + "name": "22506", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22506" + }, + { + "name": "1017104", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017104" + }, + { + "name": "ADV-2006-4142", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4142" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4540.json b/2006/4xxx/CVE-2006-4540.json index 2c1ef4d47ad..7033af3c4e3 100644 --- a/2006/4xxx/CVE-2006-4540.json +++ b/2006/4xxx/CVE-2006-4540.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4540", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in learncenter.asp in Learn.com LearnCenter allows remote attackers to inject arbitrary web script or HTML via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4540", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060830 XXS in learncenter.asp", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444842" - }, - { - "name" : "20061024 Vendor ACK for LearnCenter XSS (CVE-2006-4540)", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2006-October/001093.html" - }, - { - "name" : "19781", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19781" - }, - { - "name" : "ADV-2006-3432", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3432" - }, - { - "name" : "28306", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28306" - }, - { - "name" : "21716", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21716" - }, - { - "name" : "learncenter-learncenter-xss(28694)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28694" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in learncenter.asp in Learn.com LearnCenter allows remote attackers to inject arbitrary web script or HTML via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060830 XXS in learncenter.asp", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444842" + }, + { + "name": "21716", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21716" + }, + { + "name": "learncenter-learncenter-xss(28694)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28694" + }, + { + "name": "28306", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28306" + }, + { + "name": "20061024 Vendor ACK for LearnCenter XSS (CVE-2006-4540)", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2006-October/001093.html" + }, + { + "name": "ADV-2006-3432", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3432" + }, + { + "name": "19781", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19781" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4609.json b/2006/4xxx/CVE-2006-4609.json index 5ee3980e176..94400bcb0d7 100644 --- a/2006/4xxx/CVE-2006-4609.json +++ b/2006/4xxx/CVE-2006-4609.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4609", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in the Content Management module (\"Content manager\") for PHProjekt 0.6.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the path_pre parameter in (1) cm_lib.inc.php, (2) doc/br.edithelp.php, (3) doc/de.edithelp.php, (4) doc/ct.edithelp.php, (5) userrating.php, and (6) listing.php, a different set of vectors than CVE-2006-4204. NOTE: a third-party researcher has disputed the impact of the cm_lib.inc.php vector, stating that it is limited to local file inclusion. CVE analysis as of 20060905 concurs, although use of ftp URLs is also possible. The remaining five vectors have also been disputed by the same third party, stating that the path_pre variable is initialized before it is used." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4609", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060821 PHProjekt v0.6.1 Remote File Inclusion Vulnerability (2)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444076/100/100/threaded" - }, - { - "name" : "20060823 Re: PHProjekt v0.6.1 Remote File Inclusion Vulnerability (2)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444220/100/100/threaded" - }, - { - "name" : "ADV-2006-3373", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3373" - }, - { - "name" : "28217", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28217" - }, - { - "name" : "21590", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21590" - }, - { - "name" : "1495", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1495" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in the Content Management module (\"Content manager\") for PHProjekt 0.6.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the path_pre parameter in (1) cm_lib.inc.php, (2) doc/br.edithelp.php, (3) doc/de.edithelp.php, (4) doc/ct.edithelp.php, (5) userrating.php, and (6) listing.php, a different set of vectors than CVE-2006-4204. NOTE: a third-party researcher has disputed the impact of the cm_lib.inc.php vector, stating that it is limited to local file inclusion. CVE analysis as of 20060905 concurs, although use of ftp URLs is also possible. The remaining five vectors have also been disputed by the same third party, stating that the path_pre variable is initialized before it is used." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3373", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3373" + }, + { + "name": "20060823 Re: PHProjekt v0.6.1 Remote File Inclusion Vulnerability (2)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444220/100/100/threaded" + }, + { + "name": "28217", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28217" + }, + { + "name": "20060821 PHProjekt v0.6.1 Remote File Inclusion Vulnerability (2)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444076/100/100/threaded" + }, + { + "name": "21590", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21590" + }, + { + "name": "1495", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1495" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4927.json b/2006/4xxx/CVE-2006-4927.json index ea6ef4f5343..53afa45c043 100644 --- a/2006/4xxx/CVE-2006-4927.json +++ b/2006/4xxx/CVE-2006-4927.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4927", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device drivers 20061.3.0.12 and later, as used in Symantec AntiVirus and security products, allow local users to gain privileges by overwriting critical system addresses using a crafted Irp to the IOCTL functions (1) 0x222AD3, (2) 0x222AD7, and (3) 0x222ADB." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4927", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061005 Symantec AntiVirus IOCTL Kernel Privilege Escalation Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=417" - }, - { - "name" : "20061005 [Reversemode Advisory] Symantec Antivirus Engine Privilege Escalation", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447849/100/0/threaded" - }, - { - "name" : "http://www.symantec.com/avcenter/security/Content/2006.10.05a.html", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/avcenter/security/Content/2006.10.05a.html" - }, - { - "name" : "VU#946820", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/946820" - }, - { - "name" : "20360", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20360" - }, - { - "name" : "ADV-2006-3928", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3928" - }, - { - "name" : "1016994", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016994" - }, - { - "name" : "1016995", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016995" - }, - { - "name" : "1016996", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016996" - }, - { - "name" : "1016997", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016997" - }, - { - "name" : "1016998", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016998" - }, - { - "name" : "1016999", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016999" - }, - { - "name" : "1017000", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017000" - }, - { - "name" : "1017001", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017001" - }, - { - "name" : "1017002", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017002" - }, - { - "name" : "22288", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22288" - }, - { - "name" : "1690", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1690" - }, - { - "name" : "symantec-ioctl-privilege-escalation(29360)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29360" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device drivers 20061.3.0.12 and later, as used in Symantec AntiVirus and security products, allow local users to gain privileges by overwriting critical system addresses using a crafted Irp to the IOCTL functions (1) 0x222AD3, (2) 0x222AD7, and (3) 0x222ADB." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016996", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016996" + }, + { + "name": "20061005 [Reversemode Advisory] Symantec Antivirus Engine Privilege Escalation", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447849/100/0/threaded" + }, + { + "name": "1017001", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017001" + }, + { + "name": "http://www.symantec.com/avcenter/security/Content/2006.10.05a.html", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/avcenter/security/Content/2006.10.05a.html" + }, + { + "name": "1017000", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017000" + }, + { + "name": "1016997", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016997" + }, + { + "name": "1016995", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016995" + }, + { + "name": "ADV-2006-3928", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3928" + }, + { + "name": "1016998", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016998" + }, + { + "name": "20061005 Symantec AntiVirus IOCTL Kernel Privilege Escalation Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=417" + }, + { + "name": "1016994", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016994" + }, + { + "name": "22288", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22288" + }, + { + "name": "20360", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20360" + }, + { + "name": "1016999", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016999" + }, + { + "name": "1017002", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017002" + }, + { + "name": "1690", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1690" + }, + { + "name": "symantec-ioctl-privilege-escalation(29360)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29360" + }, + { + "name": "VU#946820", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/946820" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2199.json b/2010/2xxx/CVE-2010-2199.json index a44adb1d59e..17ed806aee3 100644 --- a/2010/2xxx/CVE-2010-2199.json +++ b/2010/2xxx/CVE-2010-2199.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2199", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2199", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=125517", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=125517" - }, - { - "name" : "rpm-fsm-security-bypass(59416)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59416" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "rpm-fsm-security-bypass(59416)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59416" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=125517", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=125517" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2203.json b/2010/2xxx/CVE-2010-2203.json index 45f262fbfc0..2e6b7a2b653 100644 --- a/2010/2xxx/CVE-2010-2203.json +++ b/2010/2xxx/CVE-2010-2203.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2203", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 9.x before 9.3.3 on UNIX allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-2203", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-15.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-15.html" - }, - { - "name" : "41235", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41235" - }, - { - "name" : "oval:org.mitre.oval:def:14495", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14495" - }, - { - "name" : "1024159", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024159" - }, - { - "name" : "ADV-2010-1636", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1636" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 9.x before 9.3.3 on UNIX allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-1636", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1636" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-15.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-15.html" + }, + { + "name": "oval:org.mitre.oval:def:14495", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14495" + }, + { + "name": "41235", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41235" + }, + { + "name": "1024159", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024159" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2367.json b/2010/2xxx/CVE-2010-2367.json index df1522c8ad6..171d648a4cc 100644 --- a/2010/2xxx/CVE-2010-2367.json +++ b/2010/2xxx/CVE-2010-2367.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2367", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in search.cgi in AD-EDIT2 before 3.0.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2367", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://adedit.blogspot.com/2010/10/ad-edit2-xss.html", - "refsource" : "CONFIRM", - "url" : "http://adedit.blogspot.com/2010/10/ad-edit2-xss.html" - }, - { - "name" : "JVN#69191943", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN69191943/index.html" - }, - { - "name" : "JVNDB-2010-000036", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000036.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in search.cgi in AD-EDIT2 before 3.0.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://adedit.blogspot.com/2010/10/ad-edit2-xss.html", + "refsource": "CONFIRM", + "url": "http://adedit.blogspot.com/2010/10/ad-edit2-xss.html" + }, + { + "name": "JVNDB-2010-000036", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000036.html" + }, + { + "name": "JVN#69191943", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN69191943/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2889.json b/2010/2xxx/CVE-2010-2889.json index 00c59467085..dcf3cc93f10 100644 --- a/2010/2xxx/CVE-2010-2889.json +++ b/2010/2xxx/CVE-2010-2889.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2889", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-3626." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-2889", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html" - }, - { - "name" : "GLSA-201101-08", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201101-08.xml" - }, - { - "name" : "RHSA-2010:0743", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0743.html" - }, - { - "name" : "SUSE-SA:2010:048", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html" - }, - { - "name" : "SUSE-SR:2010:019", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" - }, - { - "name" : "TA10-279A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-279A.html" - }, - { - "name" : "oval:org.mitre.oval:def:7009", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7009" - }, - { - "name" : "43025", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43025" - }, - { - "name" : "ADV-2011-0191", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0191" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-3626." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2010:048", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html" + }, + { + "name": "ADV-2011-0191", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0191" + }, + { + "name": "43025", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43025" + }, + { + "name": "GLSA-201101-08", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201101-08.xml" + }, + { + "name": "RHSA-2010:0743", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0743.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-21.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-21.html" + }, + { + "name": "TA10-279A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-279A.html" + }, + { + "name": "SUSE-SR:2010:019", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" + }, + { + "name": "oval:org.mitre.oval:def:7009", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7009" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3325.json b/2010/3xxx/CVE-2010-3325.json index 6e3bfd1bb5f..79840a9dcb5 100644 --- a/2010/3xxx/CVE-2010-3325.json +++ b/2010/3xxx/CVE-2010-3325.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3325", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 8 does not properly handle unspecified special characters in Cascading Style Sheets (CSS) documents, which allows remote attackers to obtain sensitive information from a different (1) domain or (2) zone via a crafted web site, aka \"CSS Special Character Information Disclosure Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-3325", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/css/P8/documents/100113324", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100113324" - }, - { - "name" : "MS10-071", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071" - }, - { - "name" : "TA10-285A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-285A.html" - }, - { - "name" : "oval:org.mitre.oval:def:7410", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7410" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 8 does not properly handle unspecified special characters in Cascading Style Sheets (CSS) documents, which allows remote attackers to obtain sensitive information from a different (1) domain or (2) zone via a crafted web site, aka \"CSS Special Character Information Disclosure Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:7410", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7410" + }, + { + "name": "MS10-071", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071" + }, + { + "name": "TA10-285A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-285A.html" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100113324", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100113324" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3550.json b/2010/3xxx/CVE-2010-3550.json index f9cc0c0dfbc..e923a950d87 100644 --- a/2010/3xxx/CVE-2010-3550.json +++ b/2010/3xxx/CVE-2010-3550.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3550", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-3550", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100114315", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100114315" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100123193", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100123193" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" - }, - { - "name" : "HPSBUX02608", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" - }, - { - "name" : "SSRT100333", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "RHSA-2010:0770", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0770.html" - }, - { - "name" : "RHSA-2010:0807", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0807.html" - }, - { - "name" : "RHSA-2010:0873", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0873.html" - }, - { - "name" : "RHSA-2010:0987", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0987.html" - }, - { - "name" : "RHSA-2011:0880", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0880.html" - }, - { - "name" : "SUSE-SR:2010:019", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" - }, - { - "name" : "44040", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44040" - }, - { - "name" : "oval:org.mitre.oval:def:11619", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11619" - }, - { - "name" : "oval:org.mitre.oval:def:12422", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12422" - }, - { - "name" : "41967", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41967" - }, - { - "name" : "44954", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44954" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:12422", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12422" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100114315", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100114315" + }, + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "RHSA-2010:0770", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html" + }, + { + "name": "SSRT100333", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" + }, + { + "name": "RHSA-2010:0987", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html" + }, + { + "name": "44954", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44954" + }, + { + "name": "44040", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44040" + }, + { + "name": "RHSA-2011:0880", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html" + }, + { + "name": "RHSA-2010:0873", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" + }, + { + "name": "HPSBUX02608", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" + }, + { + "name": "oval:org.mitre.oval:def:11619", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11619" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100123193", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100123193" + }, + { + "name": "SUSE-SR:2010:019", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" + }, + { + "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" + }, + { + "name": "41967", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41967" + }, + { + "name": "RHSA-2010:0807", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3580.json b/2010/3xxx/CVE-2010-3580.json index eba6cb29e2b..5ca696ea14d 100644 --- a/2010/3xxx/CVE-2010-3580.json +++ b/2010/3xxx/CVE-2010-3580.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3580", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle OpenSolaris allows local users to affect availability via unknown vectors related to Kernel/File System." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-3580", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - }, - { - "name" : "TA10-287A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle OpenSolaris allows local users to affect availability via unknown vectors related to Kernel/File System." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + }, + { + "name": "TA10-287A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3887.json b/2010/3xxx/CVE-2010-3887.json index 57a9520da2d..fad352564d6 100644 --- a/2010/3xxx/CVE-2010-3887.json +++ b/2010/3xxx/CVE-2010-3887.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3887", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Limit Mail feature in the Parental Controls functionality in Mail on Apple Mac OS X does not properly enforce the correspondence whitelist, which allows remote attackers to bypass intended access restrictions and conduct e-mail communication by leveraging knowledge of a child's e-mail address and a parent's e-mail address, related to parental notification of unapproved e-mail addresses." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3887", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.kamens.us/2010/08/03/mac-os-x-mail-parental-controls-vulnerability/", - "refsource" : "MISC", - "url" : "http://blog.kamens.us/2010/08/03/mac-os-x-mail-parental-controls-vulnerability/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Limit Mail feature in the Parental Controls functionality in Mail on Apple Mac OS X does not properly enforce the correspondence whitelist, which allows remote attackers to bypass intended access restrictions and conduct e-mail communication by leveraging knowledge of a child's e-mail address and a parent's e-mail address, related to parental notification of unapproved e-mail addresses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.kamens.us/2010/08/03/mac-os-x-mail-parental-controls-vulnerability/", + "refsource": "MISC", + "url": "http://blog.kamens.us/2010/08/03/mac-os-x-mail-parental-controls-vulnerability/" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4643.json b/2010/4xxx/CVE-2010-4643.json index da69dcc0ef1..09e7b57d635 100644 --- a/2010/4xxx/CVE-2010-4643.json +++ b/2010/4xxx/CVE-2010-4643.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4643", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-4643", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.openoffice.org/security/cves/CVE-2010-4643.html", - "refsource" : "CONFIRM", - "url" : "http://www.openoffice.org/security/cves/CVE-2010-4643.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=667588", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=667588" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" - }, - { - "name" : "DSA-2151", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2151" - }, - { - "name" : "GLSA-201408-19", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml" - }, - { - "name" : "MDVSA-2011:027", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:027" - }, - { - "name" : "RHSA-2011:0181", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0181.html" - }, - { - "name" : "RHSA-2011:0182", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0182.html" - }, - { - "name" : "USN-1056-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1056-1" - }, - { - "name" : "46031", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46031" - }, - { - "name" : "70718", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70718" - }, - { - "name" : "1025002", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025002" - }, - { - "name" : "43065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43065" - }, - { - "name" : "42999", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42999" - }, - { - "name" : "43105", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43105" - }, - { - "name" : "43118", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43118" - }, - { - "name" : "60799", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60799" - }, - { - "name" : "40775", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40775" - }, - { - "name" : "ADV-2011-0230", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0230" - }, - { - "name" : "ADV-2011-0232", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0232" - }, - { - "name" : "ADV-2011-0279", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0279" - }, - { - "name" : "ooo-tga-bo(65441)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65441" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40775", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40775" + }, + { + "name": "46031", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46031" + }, + { + "name": "DSA-2151", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2151" + }, + { + "name": "60799", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60799" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" + }, + { + "name": "GLSA-201408-19", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml" + }, + { + "name": "43118", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43118" + }, + { + "name": "43065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43065" + }, + { + "name": "ADV-2011-0230", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0230" + }, + { + "name": "1025002", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025002" + }, + { + "name": "ADV-2011-0232", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0232" + }, + { + "name": "70718", + "refsource": "OSVDB", + "url": "http://osvdb.org/70718" + }, + { + "name": "RHSA-2011:0182", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0182.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=667588", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=667588" + }, + { + "name": "USN-1056-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1056-1" + }, + { + "name": "RHSA-2011:0181", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0181.html" + }, + { + "name": "ADV-2011-0279", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0279" + }, + { + "name": "ooo-tga-bo(65441)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65441" + }, + { + "name": "43105", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43105" + }, + { + "name": "MDVSA-2011:027", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:027" + }, + { + "name": "42999", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42999" + }, + { + "name": "http://www.openoffice.org/security/cves/CVE-2010-4643.html", + "refsource": "CONFIRM", + "url": "http://www.openoffice.org/security/cves/CVE-2010-4643.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0074.json b/2011/0xxx/CVE-2011-0074.json index 600f1ef7e73..bfde2a47809 100644 --- a/2011/0xxx/CVE-2011-0074.json +++ b/2011/0xxx/CVE-2011-0074.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0074", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0075, CVE-2011-0077, and CVE-2011-0078." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0074", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-12.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-12.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=619021", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=619021" - }, - { - "name" : "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird", - "refsource" : "CONFIRM", - "url" : "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird" - }, - { - "name" : "http://downloads.avaya.com/css/P8/documents/100134543", - "refsource" : "CONFIRM", - "url" : "http://downloads.avaya.com/css/P8/documents/100134543" - }, - { - "name" : "http://downloads.avaya.com/css/P8/documents/100144158", - "refsource" : "CONFIRM", - "url" : "http://downloads.avaya.com/css/P8/documents/100144158" - }, - { - "name" : "DSA-2227", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2227" - }, - { - "name" : "DSA-2228", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2228" - }, - { - "name" : "DSA-2235", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2235" - }, - { - "name" : "MDVSA-2011:080", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:080" - }, - { - "name" : "MDVSA-2011:079", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079" - }, - { - "name" : "47646", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47646" - }, - { - "name" : "oval:org.mitre.oval:def:14317", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14317" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0075, CVE-2011-0077, and CVE-2011-0078." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2228", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2228" + }, + { + "name": "MDVSA-2011:079", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079" + }, + { + "name": "oval:org.mitre.oval:def:14317", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14317" + }, + { + "name": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird", + "refsource": "CONFIRM", + "url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird" + }, + { + "name": "DSA-2235", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2235" + }, + { + "name": "http://downloads.avaya.com/css/P8/documents/100134543", + "refsource": "CONFIRM", + "url": "http://downloads.avaya.com/css/P8/documents/100134543" + }, + { + "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-12.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-12.html" + }, + { + "name": "47646", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47646" + }, + { + "name": "MDVSA-2011:080", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:080" + }, + { + "name": "DSA-2227", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2227" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=619021", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=619021" + }, + { + "name": "http://downloads.avaya.com/css/P8/documents/100144158", + "refsource": "CONFIRM", + "url": "http://downloads.avaya.com/css/P8/documents/100144158" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0101.json b/2011/0xxx/CVE-2011-0101.json index 2f77b30c23e..4a0a764083d 100644 --- a/2011/0xxx/CVE-2011-0101.json +++ b/2011/0xxx/CVE-2011-0101.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0101", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RealTimeData record, related to a stTopic field, double-byte characters, and an incorrect pointer calculation, aka \"Excel Record Parsing WriteAV Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-0101", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110412 ZDI-11-120: Microsoft Office Excel RealTimeData Record Parsing Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/517463/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-120", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-120" - }, - { - "name" : "MS11-021", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021" - }, - { - "name" : "TA11-102A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" - }, - { - "name" : "47243", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47243" - }, - { - "name" : "71766", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/71766" - }, - { - "name" : "oval:org.mitre.oval:def:11676", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11676" - }, - { - "name" : "1025337", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025337" - }, - { - "name" : "39122", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39122" - }, - { - "name" : "ADV-2011-0940", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0940" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RealTimeData record, related to a stTopic field, double-byte characters, and an incorrect pointer calculation, aka \"Excel Record Parsing WriteAV Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA11-102A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" + }, + { + "name": "39122", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39122" + }, + { + "name": "71766", + "refsource": "OSVDB", + "url": "http://osvdb.org/71766" + }, + { + "name": "20110412 ZDI-11-120: Microsoft Office Excel RealTimeData Record Parsing Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/517463/100/0/threaded" + }, + { + "name": "47243", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47243" + }, + { + "name": "oval:org.mitre.oval:def:11676", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11676" + }, + { + "name": "1025337", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025337" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-120", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-120" + }, + { + "name": "MS11-021", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021" + }, + { + "name": "ADV-2011-0940", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0940" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0346.json b/2011/0xxx/CVE-2011-0346.json index 0388326447b..b47d7df022a 100644 --- a/2011/0xxx/CVE-2011-0346.json +++ b/2011/0xxx/CVE-2011-0346.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0346", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, aka \"MSHTML Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0346", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110101 Announcing cross_fuzz, a potential 0-day in circulation, and more", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/515506/100/0/threaded" - }, - { - "name" : "20110101 Announcing cross_fuzz, a potential 0-day in circulation, and more", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0698.html" - }, - { - "name" : "http://lcamtuf.blogspot.com/2011/01/announcing-crossfuzz-potential-0-day-in.html", - "refsource" : "MISC", - "url" : "http://lcamtuf.blogspot.com/2011/01/announcing-crossfuzz-potential-0-day-in.html" - }, - { - "name" : "http://lcamtuf.coredump.cx/cross_fuzz/fuzzer_timeline.txt", - "refsource" : "MISC", - "url" : "http://lcamtuf.coredump.cx/cross_fuzz/fuzzer_timeline.txt" - }, - { - "name" : "http://lcamtuf.coredump.cx/cross_fuzz/known_vuln.txt", - "refsource" : "MISC", - "url" : "http://lcamtuf.coredump.cx/cross_fuzz/known_vuln.txt" - }, - { - "name" : "http://lcamtuf.coredump.cx/cross_fuzz/msie_crash.txt", - "refsource" : "MISC", - "url" : "http://lcamtuf.coredump.cx/cross_fuzz/msie_crash.txt" - }, - { - "name" : "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx", - "refsource" : "MISC", - "url" : "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx" - }, - { - "name" : "MS11-018", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018" - }, - { - "name" : "TA11-102A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" - }, - { - "name" : "VU#427980", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/427980" - }, - { - "name" : "45639", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45639" - }, - { - "name" : "oval:org.mitre.oval:def:11882", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11882" - }, - { - "name" : "1024940", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024940" - }, - { - "name" : "ADV-2011-0026", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0026" - }, - { - "name" : "ms-ie-releaseinterface-code-execution(64482)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64482" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, aka \"MSHTML Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0026", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0026" + }, + { + "name": "TA11-102A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" + }, + { + "name": "http://lcamtuf.blogspot.com/2011/01/announcing-crossfuzz-potential-0-day-in.html", + "refsource": "MISC", + "url": "http://lcamtuf.blogspot.com/2011/01/announcing-crossfuzz-potential-0-day-in.html" + }, + { + "name": "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx", + "refsource": "MISC", + "url": "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx" + }, + { + "name": "oval:org.mitre.oval:def:11882", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11882" + }, + { + "name": "ms-ie-releaseinterface-code-execution(64482)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64482" + }, + { + "name": "45639", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45639" + }, + { + "name": "MS11-018", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018" + }, + { + "name": "20110101 Announcing cross_fuzz, a potential 0-day in circulation, and more", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0698.html" + }, + { + "name": "20110101 Announcing cross_fuzz, a potential 0-day in circulation, and more", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/515506/100/0/threaded" + }, + { + "name": "http://lcamtuf.coredump.cx/cross_fuzz/known_vuln.txt", + "refsource": "MISC", + "url": "http://lcamtuf.coredump.cx/cross_fuzz/known_vuln.txt" + }, + { + "name": "1024940", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024940" + }, + { + "name": "http://lcamtuf.coredump.cx/cross_fuzz/msie_crash.txt", + "refsource": "MISC", + "url": "http://lcamtuf.coredump.cx/cross_fuzz/msie_crash.txt" + }, + { + "name": "VU#427980", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/427980" + }, + { + "name": "http://lcamtuf.coredump.cx/cross_fuzz/fuzzer_timeline.txt", + "refsource": "MISC", + "url": "http://lcamtuf.coredump.cx/cross_fuzz/fuzzer_timeline.txt" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1282.json b/2011/1xxx/CVE-2011-1282.json index 2ca6b807d38..1bb39de9aa9 100644 --- a/2011/1xxx/CVE-2011-1282.json +++ b/2011/1xxx/CVE-2011-1282.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1282", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly initialize memory and consequently uses a NULL pointer in an unspecified function call, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka \"CSRSS Local EOP SrvSetConsoleLocalEUDC Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1282", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-056", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-056" - }, - { - "name" : "TA11-193A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-193A.html" - }, - { - "name" : "oval:org.mitre.oval:def:12402", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12402" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly initialize memory and consequently uses a NULL pointer in an unspecified function call, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka \"CSRSS Local EOP SrvSetConsoleLocalEUDC Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:12402", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12402" + }, + { + "name": "TA11-193A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-193A.html" + }, + { + "name": "MS11-056", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-056" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1295.json b/2011/1xxx/CVE-2011-1295.json index ced5d978c7e..6e0469bd1d7 100644 --- a/2011/1xxx/CVE-2011-1295.json +++ b/2011/1xxx/CVE-2011-1295.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1295", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari before 5.0.6, does not properly handle node parentage, which allows remote attackers to cause a denial of service (DOM tree corruption), conduct cross-site scripting (XSS) attacks, or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1295", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=74991", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=74991" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/03/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/03/stable-channel-update.html" - }, - { - "name" : "http://support.apple.com/kb/HT4808", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4808" - }, - { - "name" : "http://support.apple.com/kb/HT4999", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4999" - }, - { - "name" : "APPLE-SA-2011-07-20-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html" - }, - { - "name" : "APPLE-SA-2011-10-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" - }, - { - "name" : "47029", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47029" - }, - { - "name" : "oval:org.mitre.oval:def:14269", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14269" - }, - { - "name" : "43859", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43859" - }, - { - "name" : "ADV-2011-0765", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0765" - }, - { - "name" : "google-chrome-node-code-exec(66302)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66302" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari before 5.0.6, does not properly handle node parentage, which allows remote attackers to cause a denial of service (DOM tree corruption), conduct cross-site scripting (XSS) attacks, or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0765", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0765" + }, + { + "name": "APPLE-SA-2011-10-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" + }, + { + "name": "43859", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43859" + }, + { + "name": "47029", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47029" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/03/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/03/stable-channel-update.html" + }, + { + "name": "oval:org.mitre.oval:def:14269", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14269" + }, + { + "name": "http://support.apple.com/kb/HT4999", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4999" + }, + { + "name": "google-chrome-node-code-exec(66302)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66302" + }, + { + "name": "http://support.apple.com/kb/HT4808", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4808" + }, + { + "name": "APPLE-SA-2011-07-20-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=74991", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=74991" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1732.json b/2011/1xxx/CVE-2011-1732.json index ac91cf42ef2..dd5dac35466 100644 --- a/2011/1xxx/CVE-2011-1732.json +++ b/2011/1xxx/CVE-2011-1732.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1732", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed stutil message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-1732", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110429 ZDI-11-148: HP Data Protector Backup Client Service stutil Message Processing Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/517766/100/0/threaded" - }, - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-11-148/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-11-148/" - }, - { - "name" : "HPSBMA02668", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240" - }, - { - "name" : "SSRT100474", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240" - }, - { - "name" : "47638", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47638" - }, - { - "name" : "72191", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/72191" - }, - { - "name" : "1025454", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025454" - }, - { - "name" : "44402", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44402" - }, - { - "name" : "openview-storage-code-exec(67205)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67205" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed stutil message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "72191", + "refsource": "OSVDB", + "url": "http://osvdb.org/72191" + }, + { + "name": "openview-storage-code-exec(67205)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67205" + }, + { + "name": "20110429 ZDI-11-148: HP Data Protector Backup Client Service stutil Message Processing Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/517766/100/0/threaded" + }, + { + "name": "47638", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47638" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-11-148/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-11-148/" + }, + { + "name": "HPSBMA02668", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240" + }, + { + "name": "SSRT100474", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240" + }, + { + "name": "44402", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44402" + }, + { + "name": "1025454", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025454" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5004.json b/2011/5xxx/CVE-2011-5004.json index df7c24c9e8f..883b67292ec 100644 --- a/2011/5xxx/CVE-2011-5004.json +++ b/2011/5xxx/CVE-2011-5004.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5004", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in models/importcsv.php in the Fabrik (com_fabrik) component before 2.1.1 for Joomla! allows remote authenticated users with Manager privileges to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5004", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vulnerability-lab.com/get_content.php?id=342", - "refsource" : "MISC", - "url" : "http://www.vulnerability-lab.com/get_content.php?id=342" - }, - { - "name" : "http://www.ohloh.net/p/3417/commits/145749116", - "refsource" : "CONFIRM", - "url" : "http://www.ohloh.net/p/3417/commits/145749116" - }, - { - "name" : "50823", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50823" - }, - { - "name" : "77371", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/77371" - }, - { - "name" : "47036", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47036" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in models/importcsv.php in the Fabrik (com_fabrik) component before 2.1.1 for Joomla! allows remote authenticated users with Manager privileges to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ohloh.net/p/3417/commits/145749116", + "refsource": "CONFIRM", + "url": "http://www.ohloh.net/p/3417/commits/145749116" + }, + { + "name": "77371", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/77371" + }, + { + "name": "http://www.vulnerability-lab.com/get_content.php?id=342", + "refsource": "MISC", + "url": "http://www.vulnerability-lab.com/get_content.php?id=342" + }, + { + "name": "50823", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50823" + }, + { + "name": "47036", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47036" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5083.json b/2011/5xxx/CVE-2011-5083.json index 9c019df4428..d37dd30153c 100644 --- a/2011/5xxx/CVE-2011-5083.json +++ b/2011/5xxx/CVE-2011-5083.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5083", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in inc/swf/swfupload.swf in Dotclear 2.3.1 and 2.4.2 allows remote attackers to execute arbitrary code by uploading a file with an executable PHP extension, then accessing it via a direct request to the file in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5083", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18529", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18529" - }, - { - "name" : "http://cxsecurity.com/issue/WLB-2011090012", - "refsource" : "MISC", - "url" : "http://cxsecurity.com/issue/WLB-2011090012" - }, - { - "name" : "http://vigilance.fr/vulnerability/Dotclear-file-upload-via-swfupload-swf-11396", - "refsource" : "MISC", - "url" : "http://vigilance.fr/vulnerability/Dotclear-file-upload-via-swfupload-swf-11396" - }, - { - "name" : "52173", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52173" - }, - { - "name" : "79665", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/79665" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in inc/swf/swfupload.swf in Dotclear 2.3.1 and 2.4.2 allows remote attackers to execute arbitrary code by uploading a file with an executable PHP extension, then accessing it via a direct request to the file in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "79665", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/79665" + }, + { + "name": "http://cxsecurity.com/issue/WLB-2011090012", + "refsource": "MISC", + "url": "http://cxsecurity.com/issue/WLB-2011090012" + }, + { + "name": "18529", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18529" + }, + { + "name": "52173", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52173" + }, + { + "name": "http://vigilance.fr/vulnerability/Dotclear-file-upload-via-swfupload-swf-11396", + "refsource": "MISC", + "url": "http://vigilance.fr/vulnerability/Dotclear-file-upload-via-swfupload-swf-11396" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5185.json b/2011/5xxx/CVE-2011-5185.json index bd858c62963..8e3dd32cfa0 100644 --- a/2011/5xxx/CVE-2011-5185.json +++ b/2011/5xxx/CVE-2011-5185.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5185", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in video_comments.php in Online Subtitles Workshop before 2.0 rev 131 allows remote attackers to inject arbitrary web script or HTML via the comment parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18035", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18035" - }, - { - "name" : "http://onlinesubtitles.svn.sourceforge.net/viewvc/onlinesubtitles/video_comments.php?r1=31&r2=131&pathrev=146", - "refsource" : "CONFIRM", - "url" : "http://onlinesubtitles.svn.sourceforge.net/viewvc/onlinesubtitles/video_comments.php?r1=31&r2=131&pathrev=146" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in video_comments.php in Online Subtitles Workshop before 2.0 rev 131 allows remote attackers to inject arbitrary web script or HTML via the comment parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18035", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18035" + }, + { + "name": "http://onlinesubtitles.svn.sourceforge.net/viewvc/onlinesubtitles/video_comments.php?r1=31&r2=131&pathrev=146", + "refsource": "CONFIRM", + "url": "http://onlinesubtitles.svn.sourceforge.net/viewvc/onlinesubtitles/video_comments.php?r1=31&r2=131&pathrev=146" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3198.json b/2014/3xxx/CVE-2014-3198.json index 8749212eadc..4d7d55a2999 100644 --- a/2014/3xxx/CVE-2014-3198.json +++ b/2014/3xxx/CVE-2014-3198.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3198", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Instance::HandleInputEvent function in pdf/instance.cc in the PDFium component in Google Chrome before 38.0.2125.101 interprets a certain -1 value as an index instead of a no-visible-page error code, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-3198", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html" - }, - { - "name" : "https://codereview.chromium.org/560133004", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/560133004" - }, - { - "name" : "https://crbug.com/415307", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/415307" - }, - { - "name" : "RHSA-2014:1626", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1626.html" - }, - { - "name" : "70273", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70273" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Instance::HandleInputEvent function in pdf/instance.cc in the PDFium component in Google Chrome before 38.0.2125.101 interprets a certain -1 value as an index instead of a no-visible-page error code, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:1626", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1626.html" + }, + { + "name": "https://crbug.com/415307", + "refsource": "CONFIRM", + "url": "https://crbug.com/415307" + }, + { + "name": "70273", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70273" + }, + { + "name": "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html" + }, + { + "name": "https://codereview.chromium.org/560133004", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/560133004" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3281.json b/2014/3xxx/CVE-2014-3281.json index 878649de2a0..f54a8b4eb0f 100644 --- a/2014/3xxx/CVE-2014-3281.json +++ b/2014/3xxx/CVE-2014-3281.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3281", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to obtain potentially sensitive user information by visiting an unspecified BVSMWeb web page, aka Bug IDs CSCun46071 and CSCun46101." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3281", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140606 Cisco Unified Communications Domain Manager BVSMWeb Information Disclosure Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3281" - }, - { - "name" : "67925", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67925" - }, - { - "name" : "58657", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58657" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to obtain potentially sensitive user information by visiting an unspecified BVSMWeb web page, aka Bug IDs CSCun46071 and CSCun46101." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "58657", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58657" + }, + { + "name": "67925", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67925" + }, + { + "name": "20140606 Cisco Unified Communications Domain Manager BVSMWeb Information Disclosure Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3281" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3408.json b/2014/3xxx/CVE-2014-3408.json index 54d2c082ab5..6efcc931f2a 100644 --- a/2014/3xxx/CVE-2014-3408.json +++ b/2014/3xxx/CVE-2014-3408.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3408", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the web framework in Cisco Prime Optical 10 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq80763." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3408", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36099", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36099" - }, - { - "name" : "20141015 Cisco Prime Optical Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3408" - }, - { - "name" : "70594", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70594" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the web framework in Cisco Prime Optical 10 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq80763." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70594", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70594" + }, + { + "name": "20141015 Cisco Prime Optical Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3408" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36099", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36099" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3762.json b/2014/3xxx/CVE-2014-3762.json index 8f936a6f673..9927572c5a8 100644 --- a/2014/3xxx/CVE-2014-3762.json +++ b/2014/3xxx/CVE-2014-3762.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3762", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3762", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3898.json b/2014/3xxx/CVE-2014-3898.json index bfee920bb4b..d08053888aa 100644 --- a/2014/3xxx/CVE-2014-3898.json +++ b/2014/3xxx/CVE-2014-3898.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3898", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Fujitsu ServerView Operations Manager 5.00.09 through 6.30.05 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-3898", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://jp.fujitsu.com/platform/server/primequest/products/2000/catalog/manual/support/note_140729_svom.html", - "refsource" : "CONFIRM", - "url" : "http://jp.fujitsu.com/platform/server/primequest/products/2000/catalog/manual/support/note_140729_svom.html" - }, - { - "name" : "http://jp.fujitsu.com/platform/server/primergy/note/page20.html", - "refsource" : "CONFIRM", - "url" : "http://jp.fujitsu.com/platform/server/primergy/note/page20.html" - }, - { - "name" : "JVN#22534185", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN22534185/index.html" - }, - { - "name" : "JVNDB-2014-000091", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000091" - }, - { - "name" : "59210", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59210" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Fujitsu ServerView Operations Manager 5.00.09 through 6.30.05 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2014-000091", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000091" + }, + { + "name": "http://jp.fujitsu.com/platform/server/primequest/products/2000/catalog/manual/support/note_140729_svom.html", + "refsource": "CONFIRM", + "url": "http://jp.fujitsu.com/platform/server/primequest/products/2000/catalog/manual/support/note_140729_svom.html" + }, + { + "name": "JVN#22534185", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN22534185/index.html" + }, + { + "name": "59210", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59210" + }, + { + "name": "http://jp.fujitsu.com/platform/server/primergy/note/page20.html", + "refsource": "CONFIRM", + "url": "http://jp.fujitsu.com/platform/server/primergy/note/page20.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6832.json b/2014/6xxx/CVE-2014-6832.json index f514d6e1266..44580e91402 100644 --- a/2014/6xxx/CVE-2014-6832.json +++ b/2014/6xxx/CVE-2014-6832.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6832", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Bersa Forum (aka com.gcspublishing.bersaforum) application 3.9.16 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6832", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#505761", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/505761" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Bersa Forum (aka com.gcspublishing.bersaforum) application 3.9.16 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#505761", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/505761" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6966.json b/2014/6xxx/CVE-2014-6966.json index 0ae30bc1701..080b3ac97c3 100644 --- a/2014/6xxx/CVE-2014-6966.json +++ b/2014/6xxx/CVE-2014-6966.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6966", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The West Bend School District (aka net.parentlink.westbend) application 4.0.500 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6966", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#402889", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/402889" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The West Bend School District (aka net.parentlink.westbend) application 4.0.500 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#402889", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/402889" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7205.json b/2014/7xxx/CVE-2014-7205.json index f9d744d55c4..4324011d575 100644 --- a/2014/7xxx/CVE-2014-7205.json +++ b/2014/7xxx/CVE-2014-7205.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7205", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for the hapi server framework for Node.js allows remote attackers to execute arbitrary Javascript code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7205", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40689", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40689/" - }, - { - "name" : "[oss-security] 20140924 Re: CVE request: various NodeJS module vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/09/30/10" - }, - { - "name" : "https://nodesecurity.io/advisories/bassmaster_js_injection", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/bassmaster_js_injection" - }, - { - "name" : "https://github.com/hapijs/bassmaster/commit/b751602d8cb7194ee62a61e085069679525138c4", - "refsource" : "CONFIRM", - "url" : "https://github.com/hapijs/bassmaster/commit/b751602d8cb7194ee62a61e085069679525138c4" - }, - { - "name" : "70180", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70180" - }, - { - "name" : "bassmaster-cve20147205-code-exec(96730)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96730" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for the hapi server framework for Node.js allows remote attackers to execute arbitrary Javascript code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/bassmaster_js_injection", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/bassmaster_js_injection" + }, + { + "name": "[oss-security] 20140924 Re: CVE request: various NodeJS module vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/09/30/10" + }, + { + "name": "70180", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70180" + }, + { + "name": "bassmaster-cve20147205-code-exec(96730)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96730" + }, + { + "name": "40689", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40689/" + }, + { + "name": "https://github.com/hapijs/bassmaster/commit/b751602d8cb7194ee62a61e085069679525138c4", + "refsource": "CONFIRM", + "url": "https://github.com/hapijs/bassmaster/commit/b751602d8cb7194ee62a61e085069679525138c4" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7841.json b/2014/7xxx/CVE-2014-7841.json index 7c7ba03237e..bfc6c514451 100644 --- a/2014/7xxx/CVE-2014-7841.json +++ b/2014/7xxx/CVE-2014-7841.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7841", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-7841", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141113 CVE-2014-7841 Linux kernel: net: sctp: NULL pointer dereference in af->from_addr_param on malformed packet", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/11/13/6" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e40607cbe270a9e8360907cb1e62ddf0736e4864", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e40607cbe270a9e8360907cb1e62ddf0736e4864" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1163087", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1163087" - }, - { - "name" : "https://github.com/torvalds/linux/commit/e40607cbe270a9e8360907cb1e62ddf0736e4864", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/e40607cbe270a9e8360907cb1e62ddf0736e4864" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2015-3004.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2015-3004.html" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2015-3005.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2015-3005.html" - }, - { - "name" : "https://support.f5.com/kb/en-us/solutions/public/16000/000/sol16016.html", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/kb/en-us/solutions/public/16000/000/sol16016.html" - }, - { - "name" : "DSA-3093", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3093" - }, - { - "name" : "RHSA-2015:0087", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0087.html" - }, - { - "name" : "RHSA-2015:0285", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0285.html" - }, - { - "name" : "RHSA-2015:0284", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0284.html" - }, - { - "name" : "RHSA-2015:0102", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0102.html" - }, - { - "name" : "RHSA-2015:0695", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0695.html" - }, - { - "name" : "SUSE-SU-2015:0481", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html" - }, - { - "name" : "SUSE-SU-2015:0529", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html" - }, - { - "name" : "openSUSE-SU-2015:0566", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html" - }, - { - "name" : "SUSE-SU-2015:0652", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html" - }, - { - "name" : "71081", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71081" - }, - { - "name" : "62305", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62305" - }, - { - "name" : "62597", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62597" - }, - { - "name" : "62735", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62735" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62735", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62735" + }, + { + "name": "RHSA-2015:0695", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0695.html" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2015-3004.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2015-3004.html" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e40607cbe270a9e8360907cb1e62ddf0736e4864", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e40607cbe270a9e8360907cb1e62ddf0736e4864" + }, + { + "name": "[oss-security] 20141113 CVE-2014-7841 Linux kernel: net: sctp: NULL pointer dereference in af->from_addr_param on malformed packet", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/11/13/6" + }, + { + "name": "https://support.f5.com/kb/en-us/solutions/public/16000/000/sol16016.html", + "refsource": "CONFIRM", + "url": "https://support.f5.com/kb/en-us/solutions/public/16000/000/sol16016.html" + }, + { + "name": "SUSE-SU-2015:0652", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html" + }, + { + "name": "RHSA-2015:0285", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0285.html" + }, + { + "name": "RHSA-2015:0087", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0087.html" + }, + { + "name": "DSA-3093", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3093" + }, + { + "name": "SUSE-SU-2015:0481", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html" + }, + { + "name": "71081", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71081" + }, + { + "name": "openSUSE-SU-2015:0566", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1163087", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1163087" + }, + { + "name": "RHSA-2015:0284", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0284.html" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2015-3005.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2015-3005.html" + }, + { + "name": "SUSE-SU-2015:0529", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/e40607cbe270a9e8360907cb1e62ddf0736e4864", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/e40607cbe270a9e8360907cb1e62ddf0736e4864" + }, + { + "name": "62597", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62597" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4" + }, + { + "name": "RHSA-2015:0102", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0102.html" + }, + { + "name": "62305", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62305" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8012.json b/2014/8xxx/CVE-2014-8012.json index 436bf143b2a..8758f2946dc 100644 --- a/2014/8xxx/CVE-2014-8012.json +++ b/2014/8xxx/CVE-2014-8012.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8012", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the WebVPN Portal Login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via crafted attributes in a cookie, aka Bug ID CSCuh24695." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-8012", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141217 Cisco Adaptive Security Appliance DOM Cross-Site Scripting Vulnerability in WebVPN Portal", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8012" - }, - { - "name" : "1031395", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031395" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the WebVPN Portal Login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via crafted attributes in a cookie, aka Bug ID CSCuh24695." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031395", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031395" + }, + { + "name": "20141217 Cisco Adaptive Security Appliance DOM Cross-Site Scripting Vulnerability in WebVPN Portal", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8012" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8221.json b/2014/8xxx/CVE-2014-8221.json index 0a4fdfca821..1882e5e531d 100644 --- a/2014/8xxx/CVE-2014-8221.json +++ b/2014/8xxx/CVE-2014-8221.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8221", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8221", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8404.json b/2014/8xxx/CVE-2014-8404.json index 6cf70669bff..162ad6cec01 100644 --- a/2014/8xxx/CVE-2014-8404.json +++ b/2014/8xxx/CVE-2014-8404.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8404", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8404", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8540.json b/2014/8xxx/CVE-2014-8540.json index 6aa19693dc0..9f217731bd0 100644 --- a/2014/8xxx/CVE-2014-8540.json +++ b/2014/8xxx/CVE-2014-8540.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8540", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8540", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141031 Re: CVE request for GitLab groups API", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/10/31/2" - }, - { - "name" : "https://about.gitlab.com/2014/10/30/gitlab-7-4-3-released/", - "refsource" : "CONFIRM", - "url" : "https://about.gitlab.com/2014/10/30/gitlab-7-4-3-released/" - }, - { - "name" : "https://gitlab.com/gitlab-org/gitlab-ce/commit/a2dfff418bf2532ebb5aee88414107929b17eefd", - "refsource" : "CONFIRM", - "url" : "https://gitlab.com/gitlab-org/gitlab-ce/commit/a2dfff418bf2532ebb5aee88414107929b17eefd" - }, - { - "name" : "70841", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70841" - }, - { - "name" : "gitlab-cve20148540-security-bypass(98449)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98449" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "gitlab-cve20148540-security-bypass(98449)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98449" + }, + { + "name": "70841", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70841" + }, + { + "name": "[oss-security] 20141031 Re: CVE request for GitLab groups API", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/10/31/2" + }, + { + "name": "https://gitlab.com/gitlab-org/gitlab-ce/commit/a2dfff418bf2532ebb5aee88414107929b17eefd", + "refsource": "CONFIRM", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/commit/a2dfff418bf2532ebb5aee88414107929b17eefd" + }, + { + "name": "https://about.gitlab.com/2014/10/30/gitlab-7-4-3-released/", + "refsource": "CONFIRM", + "url": "https://about.gitlab.com/2014/10/30/gitlab-7-4-3-released/" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9577.json b/2014/9xxx/CVE-2014-9577.json index ec051f65388..1beee300b8f 100644 --- a/2014/9xxx/CVE-2014-9577.json +++ b/2014/9xxx/CVE-2014-9577.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9577", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VDG Security SENSE (formerly DIVA) 2.3.13 sends the user database when a user logs in, which allows remote authenticated users to obtain usernames and password hashes by logging in to TCP port 51410 and reading the response." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9577", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141218 SEC Consult SA-20141218-0 :: Multiple critical vulnerabilities in VDG Security SENSE (formerly DIVA)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/76" - }, - { - "name" : "http://packetstormsecurity.com/files/129656/VDG-Security-SENSE-2.3.13-File-Disclosure-Bypass-Buffer-Overflow.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129656/VDG-Security-SENSE-2.3.13-File-Disclosure-Bypass-Buffer-Overflow.html" - }, - { - "name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-0_VDG_Security_SENSE_Multiple_critical_vulnerabilities_v10.txt", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-0_VDG_Security_SENSE_Multiple_critical_vulnerabilities_v10.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VDG Security SENSE (formerly DIVA) 2.3.13 sends the user database when a user logs in, which allows remote authenticated users to obtain usernames and password hashes by logging in to TCP port 51410 and reading the response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141218 SEC Consult SA-20141218-0 :: Multiple critical vulnerabilities in VDG Security SENSE (formerly DIVA)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/76" + }, + { + "name": "http://packetstormsecurity.com/files/129656/VDG-Security-SENSE-2.3.13-File-Disclosure-Bypass-Buffer-Overflow.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129656/VDG-Security-SENSE-2.3.13-File-Disclosure-Bypass-Buffer-Overflow.html" + }, + { + "name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-0_VDG_Security_SENSE_Multiple_critical_vulnerabilities_v10.txt", + "refsource": "MISC", + "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-0_VDG_Security_SENSE_Multiple_critical_vulnerabilities_v10.txt" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2063.json b/2016/2xxx/CVE-2016-2063.json index 26b7f31f37e..056f0055c56 100644 --- a/2016/2xxx/CVE-2016-2063.json +++ b/2016/2xxx/CVE-2016-2063.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2063", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the supply_lm_input_write function in drivers/thermal/supply_lm_core.c in the MSM Thermal driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted application that sends a large amount of data through the debugfs interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2063", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=ab3f46119ca10de87a11fe966b0723c48f27acd4", - "refsource" : "CONFIRM", - "url" : "https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=ab3f46119ca10de87a11fe966b0723c48f27acd4" - }, - { - "name" : "https://www.codeaurora.org/stack-overflow-msm-thermal-driver-allows-kernel-memory-corruption-cve-2016-2063", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/stack-overflow-msm-thermal-driver-allows-kernel-memory-corruption-cve-2016-2063" - }, - { - "name" : "92381", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92381" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the supply_lm_input_write function in drivers/thermal/supply_lm_core.c in the MSM Thermal driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted application that sends a large amount of data through the debugfs interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92381", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92381" + }, + { + "name": "https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=ab3f46119ca10de87a11fe966b0723c48f27acd4", + "refsource": "CONFIRM", + "url": "https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=ab3f46119ca10de87a11fe966b0723c48f27acd4" + }, + { + "name": "https://www.codeaurora.org/stack-overflow-msm-thermal-driver-allows-kernel-memory-corruption-cve-2016-2063", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/stack-overflow-msm-thermal-driver-allows-kernel-memory-corruption-cve-2016-2063" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2098.json b/2016/2xxx/CVE-2016-2098.json index acfcc40d687..bed24281be8 100644 --- a/2016/2xxx/CVE-2016-2098.json +++ b/2016/2xxx/CVE-2016-2098.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-2098", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-2098", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40086", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40086/" - }, - { - "name" : "[ruby-security-ann] 20160229 [CVE-2016-2098] Possible remote code execution vulnerability in Action Pack", - "refsource" : "MLIST", - "url" : "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ" - }, - { - "name" : "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/", - "refsource" : "CONFIRM", - "url" : "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/" - }, - { - "name" : "DSA-3509", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3509" - }, - { - "name" : "SUSE-SU-2016:0854", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html" - }, - { - "name" : "SUSE-SU-2016:0867", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html" - }, - { - "name" : "SUSE-SU-2016:0967", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html" - }, - { - "name" : "openSUSE-SU-2016:0790", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html" - }, - { - "name" : "openSUSE-SU-2016:0835", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html" - }, - { - "name" : "SUSE-SU-2016:1146", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html" - }, - { - "name" : "83725", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/83725" - }, - { - "name" : "1035122", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035122" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2016:0867", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html" + }, + { + "name": "SUSE-SU-2016:0967", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html" + }, + { + "name": "DSA-3509", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3509" + }, + { + "name": "83725", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/83725" + }, + { + "name": "1035122", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035122" + }, + { + "name": "40086", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40086/" + }, + { + "name": "SUSE-SU-2016:0854", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html" + }, + { + "name": "openSUSE-SU-2016:0790", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html" + }, + { + "name": "SUSE-SU-2016:1146", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html" + }, + { + "name": "openSUSE-SU-2016:0835", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html" + }, + { + "name": "[ruby-security-ann] 20160229 [CVE-2016-2098] Possible remote code execution vulnerability in Action Pack", + "refsource": "MLIST", + "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ" + }, + { + "name": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/", + "refsource": "CONFIRM", + "url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2269.json b/2016/2xxx/CVE-2016-2269.json index 93a43ce5c36..9dd92e5e614 100644 --- a/2016/2xxx/CVE-2016-2269.json +++ b/2016/2xxx/CVE-2016-2269.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2269", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2269", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2892.json b/2016/2xxx/CVE-2016-2892.json index e25f6944afd..e0e8b5c1c62 100644 --- a/2016/2xxx/CVE-2016-2892.json +++ b/2016/2xxx/CVE-2016-2892.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2892", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2892", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2931.json b/2016/2xxx/CVE-2016-2931.json index 8323bfb6c94..72ccb627123 100644 --- a/2016/2xxx/CVE-2016-2931.json +++ b/2016/2xxx/CVE-2016-2931.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2931", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive cleartext information by sniffing the network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-2931", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21991876", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21991876" - }, - { - "name" : "IV89791", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89791" - }, - { - "name" : "94984", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94984" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive cleartext information by sniffing the network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21991876", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991876" + }, + { + "name": "IV89791", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89791" + }, + { + "name": "94984", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94984" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6089.json b/2016/6xxx/CVE-2016-6089.json index c428d913185..83daa5ea5ee 100644 --- a/2016/6xxx/CVE-2016-6089.json +++ b/2016/6xxx/CVE-2016-6089.json @@ -1,75 +1,75 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-6089", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MQ", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.0.1" - }, - { - "version_value" : "9.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write to a file or delete files in a directory they should not have access to due to improper access controls. IBM X-Force ID: 117926." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "File Manipulation" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-6089", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MQ", + "version": { + "version_data": [ + { + "version_value": "9.0.0.1" + }, + { + "version_value": "9.0.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/117926", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/117926" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22003509", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22003509" - }, - { - "name" : "98770", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98770" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write to a file or delete files in a directory they should not have access to due to improper access controls. IBM X-Force ID: 117926." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "File Manipulation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/117926", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/117926" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22003509", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22003509" + }, + { + "name": "98770", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98770" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6102.json b/2016/6xxx/CVE-2016-6102.json index 010dfbd9b61..9a7d63a9736 100644 --- a/2016/6xxx/CVE-2016-6102.json +++ b/2016/6xxx/CVE-2016-6102.json @@ -1,75 +1,75 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-6102", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Key Lifecycle Manager", - "version" : { - "version_data" : [ - { - "version_value" : "2.5" - }, - { - "version_value" : "2.6" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM Reference #: 2000359." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-6102", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Key Lifecycle Manager", + "version": { + "version_data": [ + { + "version_value": "2.5" + }, + { + "version_value": "2.6" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22000359", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22000359" - }, - { - "name" : "96976", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96976" - }, - { - "name" : "1038093", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038093" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM Reference #: 2000359." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96976", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96976" + }, + { + "name": "1038093", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038093" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22000359", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22000359" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6326.json b/2016/6xxx/CVE-2016-6326.json index 9c1922963e7..558491f8bc4 100644 --- a/2016/6xxx/CVE-2016-6326.json +++ b/2016/6xxx/CVE-2016-6326.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6326", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6326", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6642.json b/2016/6xxx/CVE-2016-6642.json index 0417f5a7acc..670b2d20d2e 100644 --- a/2016/6xxx/CVE-2016-6642.json +++ b/2016/6xxx/CVE-2016-6642.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6642", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to hijack the authentication of administrators for requests that upload files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2016-6642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160913 ESA-2016-104: EMC ViPR SRM Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2016/Sep/17" - }, - { - "name" : "92945", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92945" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to hijack the authentication of administrators for requests that upload files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92945", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92945" + }, + { + "name": "20160913 ESA-2016-104: EMC ViPR SRM Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2016/Sep/17" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5273.json b/2017/5xxx/CVE-2017-5273.json index 8385bbd9091..5c50e3fdbbd 100644 --- a/2017/5xxx/CVE-2017-5273.json +++ b/2017/5xxx/CVE-2017-5273.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5273", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5273", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5660.json b/2017/5xxx/CVE-2017-5660.json index df3cc73e054..d13fa93457c 100644 --- a/2017/5xxx/CVE-2017-5660.json +++ b/2017/5xxx/CVE-2017-5660.json @@ -1,71 +1,71 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-02-27T00:00:00", - "ID" : "CVE-2017-5660", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Traffic Server", - "version" : { - "version_data" : [ - { - "version_value" : "6.2.0 and prior" - }, - { - "version_value" : "7.0.0 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding. This can have issues when interacting with upstream proxies and the wrong host being used." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-02-27T00:00:00", + "ID": "CVE-2017-5660", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Traffic Server", + "version": { + "version_data": [ + { + "version_value": "6.2.0 and prior" + }, + { + "version_value": "7.0.0 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[dev] 20180227 [ANNOUNCE] Apache Traffic Server host header and line folding - CVE-2017-5660", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/22d84783d94c53a5132ec89f002fe5165c87561a9428bcb6713b3c98@%3Cdev.trafficserver.apache.org%3E" - }, - { - "name" : "DSA-4128", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4128" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding. This can have issues when interacting with upstream proxies and the wrong host being used." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4128", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4128" + }, + { + "name": "[dev] 20180227 [ANNOUNCE] Apache Traffic Server host header and line folding - CVE-2017-5660", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/22d84783d94c53a5132ec89f002fe5165c87561a9428bcb6713b3c98@%3Cdev.trafficserver.apache.org%3E" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5807.json b/2017/5xxx/CVE-2017-5807.json index 113c4dbd711..eaca338ea4e 100644 --- a/2017/5xxx/CVE-2017-5807.json +++ b/2017/5xxx/CVE-2017-5807.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-08-02T00:00:00", - "ID" : "CVE-2017-5807", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Data Protector", - "version" : { - "version_data" : [ - { - "version_value" : "prior to 8.17 and 9.09" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Arbitrary Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-08-02T00:00:00", + "ID": "CVE-2017-5807", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Data Protector", + "version": { + "version_data": [ + { + "version_value": "prior to 8.17 and 9.09" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tenable.com/security/research/tra-2017-26", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2017-26" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03732en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03732en_us" - }, - { - "name" : "100088", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100088" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Arbitrary Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03732en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03732en_us" + }, + { + "name": "https://www.tenable.com/security/research/tra-2017-26", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2017-26" + }, + { + "name": "100088", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100088" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5844.json b/2017/5xxx/CVE-2017-5844.json index 33592de6774..4bc1d7679c6 100644 --- a/2017/5xxx/CVE-2017-5844.json +++ b/2017/5xxx/CVE-2017-5844.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5844", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted ASF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5844", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170201 Multiple memory access issues in gstreamer", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/01/7" - }, - { - "name" : "[oss-security] 20170202 Re: Multiple memory access issues in gstreamer", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/02/9" - }, - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=777525", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=777525" - }, - { - "name" : "https://gstreamer.freedesktop.org/releases/1.10/#1.10.3", - "refsource" : "CONFIRM", - "url" : "https://gstreamer.freedesktop.org/releases/1.10/#1.10.3" - }, - { - "name" : "DSA-3819", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3819" - }, - { - "name" : "GLSA-201705-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-10" - }, - { - "name" : "RHSA-2017:2060", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2060" - }, - { - "name" : "96001", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96001" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted ASF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96001", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96001" + }, + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=777525", + "refsource": "CONFIRM", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=777525" + }, + { + "name": "DSA-3819", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3819" + }, + { + "name": "RHSA-2017:2060", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2060" + }, + { + "name": "[oss-security] 20170202 Re: Multiple memory access issues in gstreamer", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/02/9" + }, + { + "name": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.3", + "refsource": "CONFIRM", + "url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.3" + }, + { + "name": "GLSA-201705-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-10" + }, + { + "name": "[oss-security] 20170201 Multiple memory access issues in gstreamer", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/01/7" + } + ] + } +} \ No newline at end of file