diff --git a/2006/0xxx/CVE-2006-0026.json b/2006/0xxx/CVE-2006-0026.json index fa6539bb308..ca84139d09c 100644 --- a/2006/0xxx/CVE-2006-0026.json +++ b/2006/0xxx/CVE-2006-0026.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0026", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2006-0026", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060718 ASP.DLL Include File Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-07/0316.html" - }, - { - "name" : "MS06-034", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-034" - }, - { - "name" : "TA06-192A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-192A.html" - }, - { - "name" : "VU#395588", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/395588" - }, - { - "name" : "18858", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18858" - }, - { - "name" : "ADV-2006-2752", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2752" - }, - { - "name" : "27152", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27152" - }, - { - "name" : "oval:org.mitre.oval:def:435", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A435" - }, - { - "name" : "1016466", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016466" - }, - { - "name" : "21006", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21006" - }, - { - "name" : "iis-asp-bo(26796)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26796" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060718 ASP.DLL Include File Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0316.html" + }, + { + "name": "MS06-034", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-034" + }, + { + "name": "oval:org.mitre.oval:def:435", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A435" + }, + { + "name": "27152", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27152" + }, + { + "name": "ADV-2006-2752", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2752" + }, + { + "name": "iis-asp-bo(26796)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26796" + }, + { + "name": "21006", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21006" + }, + { + "name": "18858", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18858" + }, + { + "name": "VU#395588", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/395588" + }, + { + "name": "1016466", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016466" + }, + { + "name": "TA06-192A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-192A.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0416.json b/2006/0xxx/CVE-2006-0416.json index 724722ebb05..a92ca2da081 100644 --- a/2006/0xxx/CVE-2006-0416.json +++ b/2006/0xxx/CVE-2006-0416.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0416", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SleeperChat 0.3f and earlier allows remote attackers to bypass authentication and create new entries via the txt parameter to (1) chat_no.php and (2) chat_if.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0416", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1015525", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015525" - }, - { - "name" : "sleeperchat-txt-security-bypass(24357)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24357" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SleeperChat 0.3f and earlier allows remote attackers to bypass authentication and create new entries via the txt parameter to (1) chat_no.php and (2) chat_if.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sleeperchat-txt-security-bypass(24357)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24357" + }, + { + "name": "1015525", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015525" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0977.json b/2006/0xxx/CVE-2006-0977.json index de5515223d7..98d53b11871 100644 --- a/2006/0xxx/CVE-2006-0977.json +++ b/2006/0xxx/CVE-2006-0977.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0977", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Craig Morrison Mail Transport System Professional (aka MTS Pro) acts as an open relay when configured to relay all mail through an external SMTP server, which allows remote attackers to relay mail by connecting to the MTS Pro server, then sending a MAIL FROM that specifies a domain that is local to the server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0977", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060225 Mail Transport System Professional--Open Relay Hole", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426181/100/0/threaded" - }, - { - "name" : "16840", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16840" - }, - { - "name" : "ADV-2006-0786", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0786" - }, - { - "name" : "19067", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19067" - }, - { - "name" : "mts-mail-relay(24985)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24985" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Craig Morrison Mail Transport System Professional (aka MTS Pro) acts as an open relay when configured to relay all mail through an external SMTP server, which allows remote attackers to relay mail by connecting to the MTS Pro server, then sending a MAIL FROM that specifies a domain that is local to the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0786", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0786" + }, + { + "name": "19067", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19067" + }, + { + "name": "16840", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16840" + }, + { + "name": "20060225 Mail Transport System Professional--Open Relay Hole", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426181/100/0/threaded" + }, + { + "name": "mts-mail-relay(24985)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24985" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1205.json b/2006/1xxx/CVE-2006-1205.json index d3ed208ba09..ec68044ea70 100644 --- a/2006/1xxx/CVE-2006-1205.json +++ b/2006/1xxx/CVE-2006-1205.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1205", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in myWebland myBloggie 2.1.3 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) confirmredirect and (2) post_id parameters in (a) delcomment.php, as reachable when mode=delcom from index.php; and the (3) del and (4) message parameters in (b) upload.php, the (5) errormsg parameter in (c) addcat.php, (d) edituser.php, (e) adduser.php, and (f) editcat.php, the (6) trackback_url parameter in (g) add.php, (7) id parameter in (h) deluser.php, (8) cat_id parameter in (i) delcat.php, and (9) post_id parameter in (j) del.php, as reachable from admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1205", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060309 MyBloggie: Multiple XSS Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/427182/100/0/threaded" - }, - { - "name" : "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0603-002.txt", - "refsource" : "MISC", - "url" : "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0603-002.txt" - }, - { - "name" : "17048", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17048" - }, - { - "name" : "23973", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23973" - }, - { - "name" : "23974", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23974" - }, - { - "name" : "23975", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23975" - }, - { - "name" : "23986", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23986" - }, - { - "name" : "23987", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23987" - }, - { - "name" : "23988", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23988" - }, - { - "name" : "23989", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23989" - }, - { - "name" : "23990", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23990" - }, - { - "name" : "23991", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23991" - }, - { - "name" : "23992", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23992" - }, - { - "name" : "mybloggie-index-admin-xss(25134)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25134" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in myWebland myBloggie 2.1.3 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) confirmredirect and (2) post_id parameters in (a) delcomment.php, as reachable when mode=delcom from index.php; and the (3) del and (4) message parameters in (b) upload.php, the (5) errormsg parameter in (c) addcat.php, (d) edituser.php, (e) adduser.php, and (f) editcat.php, the (6) trackback_url parameter in (g) add.php, (7) id parameter in (h) deluser.php, (8) cat_id parameter in (i) delcat.php, and (9) post_id parameter in (j) del.php, as reachable from admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23990", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23990" + }, + { + "name": "mybloggie-index-admin-xss(25134)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25134" + }, + { + "name": "23975", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23975" + }, + { + "name": "17048", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17048" + }, + { + "name": "23987", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23987" + }, + { + "name": "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0603-002.txt", + "refsource": "MISC", + "url": "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0603-002.txt" + }, + { + "name": "23989", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23989" + }, + { + "name": "20060309 MyBloggie: Multiple XSS Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/427182/100/0/threaded" + }, + { + "name": "23991", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23991" + }, + { + "name": "23992", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23992" + }, + { + "name": "23988", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23988" + }, + { + "name": "23973", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23973" + }, + { + "name": "23974", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23974" + }, + { + "name": "23986", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23986" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1492.json b/2006/1xxx/CVE-2006-1492.json index 86f638548c9..7b77aaf4774 100644 --- a/2006/1xxx/CVE-2006-1492.json +++ b/2006/1xxx/CVE-2006-1492.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1492", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in dir.php in Explorer XP allows remote attackers to read arbitrary files via the chemin parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1492", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060329 ExplorerXP : Directory Traversal and Cross Site Scripting", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1806.html" - }, - { - "name" : "http://www.silitix.com/explorerxp.php", - "refsource" : "MISC", - "url" : "http://www.silitix.com/explorerxp.php" - }, - { - "name" : "http://www.zataz.com/news/10871/Probleme-de-securite-decouvert-dans-le-logiciel-ExploreXP.html", - "refsource" : "MISC", - "url" : "http://www.zataz.com/news/10871/Probleme-de-securite-decouvert-dans-le-logiciel-ExploreXP.html" - }, - { - "name" : "17303", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17303" - }, - { - "name" : "ADV-2006-1165", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1165" - }, - { - "name" : "24259", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24259" - }, - { - "name" : "1015840", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015840" - }, - { - "name" : "19460", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19460" - }, - { - "name" : "explorerxp-dir-directory-traversal(25523)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25523" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in dir.php in Explorer XP allows remote attackers to read arbitrary files via the chemin parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060329 ExplorerXP : Directory Traversal and Cross Site Scripting", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1806.html" + }, + { + "name": "http://www.silitix.com/explorerxp.php", + "refsource": "MISC", + "url": "http://www.silitix.com/explorerxp.php" + }, + { + "name": "http://www.zataz.com/news/10871/Probleme-de-securite-decouvert-dans-le-logiciel-ExploreXP.html", + "refsource": "MISC", + "url": "http://www.zataz.com/news/10871/Probleme-de-securite-decouvert-dans-le-logiciel-ExploreXP.html" + }, + { + "name": "ADV-2006-1165", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1165" + }, + { + "name": "24259", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24259" + }, + { + "name": "19460", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19460" + }, + { + "name": "explorerxp-dir-directory-traversal(25523)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25523" + }, + { + "name": "17303", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17303" + }, + { + "name": "1015840", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015840" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1560.json b/2006/1xxx/CVE-2006-1560.json index 62db7749a36..07bb470525b 100644 --- a/2006/1xxx/CVE-2006-1560.json +++ b/2006/1xxx/CVE-2006-1560.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1560", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in SkinTech phpNewsManager 1.48 allow remote attackers to execute arbitrary SQL commands via unspecified parameters, possibly (1) id and (2) topicid, in (a) browse.php, (b) category.php, (c) gallery.php, (d) poll.php, and (e) possibly other unspecified scripts. NOTE: portions of the description details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1560", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060408 [eVuln] phpNewsManager Multiple SQL Injections", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/430311/100/0/threaded" - }, - { - "name" : "20060410 [eVuln] phpNewsManager Multiple SQL Injections", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/430478/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/110", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/110" - }, - { - "name" : "17301", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17301" - }, - { - "name" : "ADV-2006-1152", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1152" - }, - { - "name" : "24265", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24265" - }, - { - "name" : "24266", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24266" - }, - { - "name" : "24267", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24267" - }, - { - "name" : "24268", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24268" - }, - { - "name" : "19391", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19391" - }, - { - "name" : "680", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/680" - }, - { - "name" : "phpnewsmanager-multiple-sql-injection(25512)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25512" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in SkinTech phpNewsManager 1.48 allow remote attackers to execute arbitrary SQL commands via unspecified parameters, possibly (1) id and (2) topicid, in (a) browse.php, (b) category.php, (c) gallery.php, (d) poll.php, and (e) possibly other unspecified scripts. NOTE: portions of the description details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24268", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24268" + }, + { + "name": "24265", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24265" + }, + { + "name": "20060408 [eVuln] phpNewsManager Multiple SQL Injections", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/430311/100/0/threaded" + }, + { + "name": "phpnewsmanager-multiple-sql-injection(25512)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25512" + }, + { + "name": "19391", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19391" + }, + { + "name": "17301", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17301" + }, + { + "name": "680", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/680" + }, + { + "name": "20060410 [eVuln] phpNewsManager Multiple SQL Injections", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/430478/100/0/threaded" + }, + { + "name": "ADV-2006-1152", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1152" + }, + { + "name": "24266", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24266" + }, + { + "name": "http://evuln.com/vulns/110", + "refsource": "MISC", + "url": "http://evuln.com/vulns/110" + }, + { + "name": "24267", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24267" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1682.json b/2006/1xxx/CVE-2006-1682.json index 1b5b708003c..1cf9c05cfc0 100644 --- a/2006/1xxx/CVE-2006-1682.json +++ b/2006/1xxx/CVE-2006-1682.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1682", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in webplus.exe in TalentSoft Web+Shop 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the deptname parameter, possibly involving the webpshop/ department.wml script." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1682", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/04/web-shop-50-xss.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/04/web-shop-50-xss.html" - }, - { - "name" : "17418", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17418" - }, - { - "name" : "ADV-2006-1289", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1289" - }, - { - "name" : "19594", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19594" - }, - { - "name" : "webshop-deptname-xss(25721)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25721" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in webplus.exe in TalentSoft Web+Shop 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the deptname parameter, possibly involving the webpshop/ department.wml script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19594", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19594" + }, + { + "name": "17418", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17418" + }, + { + "name": "webshop-deptname-xss(25721)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25721" + }, + { + "name": "ADV-2006-1289", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1289" + }, + { + "name": "http://pridels0.blogspot.com/2006/04/web-shop-50-xss.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/04/web-shop-50-xss.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1816.json b/2006/1xxx/CVE-2006-1816.json index 4f905c15e30..4e04993d551 100644 --- a/2006/1xxx/CVE-2006-1816.json +++ b/2006/1xxx/CVE-2006-1816.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1816", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in VBulletin 3.5.1, 3.5.2, and 3.5.4 allows remote attackers to execute arbitrary code via a URL in the systempath parameter to (1) ImpExModule.php, (2) ImpExController.php, and (3) ImpExDisplay.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1816", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060412 Remote File Inclusion in VBulletin ImpEx", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/430881/100/0/threaded" - }, - { - "name" : "20070504 Remote File Include In Script impex", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/467666/100/0/threaded" - }, - { - "name" : "24690", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24690" - }, - { - "name" : "24691", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24691" - }, - { - "name" : "24692", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24692" - }, - { - "name" : "19352", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19352" - }, - { - "name" : "impex-multiple-file-inclusion(25789)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25789" - }, - { - "name" : "impex-systempath-file-include(34095)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34095" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in VBulletin 3.5.1, 3.5.2, and 3.5.4 allows remote attackers to execute arbitrary code via a URL in the systempath parameter to (1) ImpExModule.php, (2) ImpExController.php, and (3) ImpExDisplay.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070504 Remote File Include In Script impex", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/467666/100/0/threaded" + }, + { + "name": "20060412 Remote File Inclusion in VBulletin ImpEx", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/430881/100/0/threaded" + }, + { + "name": "impex-systempath-file-include(34095)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34095" + }, + { + "name": "19352", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19352" + }, + { + "name": "impex-multiple-file-inclusion(25789)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25789" + }, + { + "name": "24692", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24692" + }, + { + "name": "24691", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24691" + }, + { + "name": "24690", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24690" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1941.json b/2006/1xxx/CVE-2006-1941.json index d1735d4a054..5d24a5d406b 100644 --- a/2006/1xxx/CVE-2006-1941.json +++ b/2006/1xxx/CVE-2006-1941.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1941", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Neon Responder 5.4 for LANsurveyor allows remote attackers to cause a denial of service (application outage) via a crafted Clock Synchronisation packet that triggers an access violation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1941", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060417 Neon Responder (Dos,Exploit)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431157/100/0/threaded" - }, - { - "name" : "17569", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17569" - }, - { - "name" : "ADV-2006-1442", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1442" - }, - { - "name" : "1015950", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015950" - }, - { - "name" : "19702", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19702" - }, - { - "name" : "731", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/731" - }, - { - "name" : "776", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/776" - }, - { - "name" : "neonresponder-clocksynchronization-dos(25904)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25904" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Neon Responder 5.4 for LANsurveyor allows remote attackers to cause a denial of service (application outage) via a crafted Clock Synchronisation packet that triggers an access violation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-1442", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1442" + }, + { + "name": "731", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/731" + }, + { + "name": "neonresponder-clocksynchronization-dos(25904)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25904" + }, + { + "name": "17569", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17569" + }, + { + "name": "1015950", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015950" + }, + { + "name": "776", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/776" + }, + { + "name": "20060417 Neon Responder (Dos,Exploit)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431157/100/0/threaded" + }, + { + "name": "19702", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19702" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3440.json b/2006/3xxx/CVE-2006-3440.json index 13a4f2e1a92..390818863b6 100644 --- a/2006/3xxx/CVE-2006-3440.json +++ b/2006/3xxx/CVE-2006-3440.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3440", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka \"Winsock Hostname Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2006-3440", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS06-041", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-041" - }, - { - "name" : "TA06-220A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" - }, - { - "name" : "VU#908276", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/908276" - }, - { - "name" : "19319", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19319" - }, - { - "name" : "ADV-2006-3211", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3211" - }, - { - "name" : "oval:org.mitre.oval:def:747", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A747" - }, - { - "name" : "1016653", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016653" - }, - { - "name" : "21394", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21394" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka \"Winsock Hostname Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS06-041", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-041" + }, + { + "name": "1016653", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016653" + }, + { + "name": "ADV-2006-3211", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3211" + }, + { + "name": "oval:org.mitre.oval:def:747", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A747" + }, + { + "name": "19319", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19319" + }, + { + "name": "21394", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21394" + }, + { + "name": "TA06-220A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" + }, + { + "name": "VU#908276", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/908276" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4018.json b/2006/4xxx/CVE-2006-4018.json index e7c84f977e5..311b05fc861 100644 --- a/2006/4xxx/CVE-2006-4018.json +++ b/2006/4xxx/CVE-2006-4018.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4018", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the pefromupx function in libclamav/upx.c in Clam AntiVirus (ClamAV) 0.81 through 0.88.3 allows remote attackers to execute arbitrary code via a crafted UPX packed file containing sections with large rsize values." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060809 [Overflow.pl] Clam AntiVirus Win32-UPX Heap Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/442681/100/0/threaded" - }, - { - "name" : "http://www.overflow.pl/adv/clamav_upx_heap.txt", - "refsource" : "MISC", - "url" : "http://www.overflow.pl/adv/clamav_upx_heap.txt" - }, - { - "name" : "http://www.clamav.net/security/0.88.4.html", - "refsource" : "CONFIRM", - "url" : "http://www.clamav.net/security/0.88.4.html" - }, - { - "name" : "http://kolab.org/security/kolab-vendor-notice-10.txt", - "refsource" : "CONFIRM", - "url" : "http://kolab.org/security/kolab-vendor-notice-10.txt" - }, - { - "name" : "DSA-1153", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1153" - }, - { - "name" : "GLSA-200608-13", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200608-13.xml" - }, - { - "name" : "MDKSA-2006:138", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:138" - }, - { - "name" : "SUSE-SA:2006:046", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_46_clamav.html" - }, - { - "name" : "2006-0046", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2006/0046/" - }, - { - "name" : "19381", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19381" - }, - { - "name" : "ADV-2006-3175", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3175" - }, - { - "name" : "ADV-2006-3275", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3275" - }, - { - "name" : "1016645", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016645" - }, - { - "name" : "21374", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21374" - }, - { - "name" : "21368", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21368" - }, - { - "name" : "21433", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21433" - }, - { - "name" : "21457", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21457" - }, - { - "name" : "21443", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21443" - }, - { - "name" : "21497", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21497" - }, - { - "name" : "21562", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21562" - }, - { - "name" : "clamav-pefromupx-bo(28286)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28286" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the pefromupx function in libclamav/upx.c in Clam AntiVirus (ClamAV) 0.81 through 0.88.3 allows remote attackers to execute arbitrary code via a crafted UPX packed file containing sections with large rsize values." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3175", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3175" + }, + { + "name": "20060809 [Overflow.pl] Clam AntiVirus Win32-UPX Heap Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/442681/100/0/threaded" + }, + { + "name": "21562", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21562" + }, + { + "name": "SUSE-SA:2006:046", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_46_clamav.html" + }, + { + "name": "21368", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21368" + }, + { + "name": "21433", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21433" + }, + { + "name": "GLSA-200608-13", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200608-13.xml" + }, + { + "name": "21497", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21497" + }, + { + "name": "http://kolab.org/security/kolab-vendor-notice-10.txt", + "refsource": "CONFIRM", + "url": "http://kolab.org/security/kolab-vendor-notice-10.txt" + }, + { + "name": "DSA-1153", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1153" + }, + { + "name": "21443", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21443" + }, + { + "name": "MDKSA-2006:138", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:138" + }, + { + "name": "19381", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19381" + }, + { + "name": "1016645", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016645" + }, + { + "name": "http://www.overflow.pl/adv/clamav_upx_heap.txt", + "refsource": "MISC", + "url": "http://www.overflow.pl/adv/clamav_upx_heap.txt" + }, + { + "name": "http://www.clamav.net/security/0.88.4.html", + "refsource": "CONFIRM", + "url": "http://www.clamav.net/security/0.88.4.html" + }, + { + "name": "clamav-pefromupx-bo(28286)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28286" + }, + { + "name": "2006-0046", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2006/0046/" + }, + { + "name": "21457", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21457" + }, + { + "name": "21374", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21374" + }, + { + "name": "ADV-2006-3275", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3275" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4422.json b/2006/4xxx/CVE-2006-4422.json index 94e1cc1408b..b9dcd279c21 100644 --- a/2006/4xxx/CVE-2006-4422.json +++ b/2006/4xxx/CVE-2006-4422.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4422", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** PHP remote file inclusion vulnerability in includes/phpdig/libs/search_function.php in Jetbox CMS 2.1 allows remote attackers to execute arbitrary PHP code via a URL in the relative_script_path parameter, a different vector than CVE-2006-2270. NOTE: this issue has been disputed, and as of 20060830, CVE analysis concurs with the dispute. In addition, it is likely that the vulnerability is actually in a third party module, phpDig 1.8.8." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4422", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060825 Jetbox CMS search_function.php Remote File", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444422/100/0/threaded" - }, - { - "name" : "20060828 JetBox cms (search_function.php) Remote File Include", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444527/100/0/threaded" - }, - { - "name" : "20060829 AW: JetBox cms (search_function.php) Remote File Include", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444640/100/0/threaded" - }, - { - "name" : "20060829 Re: AW: JetBox cms (search_function.php) Remote File Include", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444740/100/0/threaded" - }, - { - "name" : "20060830 Re: JetBox cms (search_function.php) Remote File Include", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444822/100/0/threaded" - }, - { - "name" : "20060831 AW: AW: JetBox cms (search_function.php) Remote File Include", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444826/100/0/threaded" - }, - { - "name" : "20060829 Jetbox CMS file include - CVE dispute", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2006-August/000997.html" - }, - { - "name" : "20060829 Jetbox CMS file include - CVE dispute", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2006-August/001003.html" - }, - { - "name" : "19722", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19722" - }, - { - "name" : "28299", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28299" - }, - { - "name" : "1016765", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016765" - }, - { - "name" : "jetboxcms-search-file-include(28588)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28588" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** PHP remote file inclusion vulnerability in includes/phpdig/libs/search_function.php in Jetbox CMS 2.1 allows remote attackers to execute arbitrary PHP code via a URL in the relative_script_path parameter, a different vector than CVE-2006-2270. NOTE: this issue has been disputed, and as of 20060830, CVE analysis concurs with the dispute. In addition, it is likely that the vulnerability is actually in a third party module, phpDig 1.8.8." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060825 Jetbox CMS search_function.php Remote File", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444422/100/0/threaded" + }, + { + "name": "20060829 Re: AW: JetBox cms (search_function.php) Remote File Include", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444740/100/0/threaded" + }, + { + "name": "jetboxcms-search-file-include(28588)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28588" + }, + { + "name": "20060829 Jetbox CMS file include - CVE dispute", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2006-August/000997.html" + }, + { + "name": "1016765", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016765" + }, + { + "name": "19722", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19722" + }, + { + "name": "20060829 AW: JetBox cms (search_function.php) Remote File Include", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444640/100/0/threaded" + }, + { + "name": "20060830 Re: JetBox cms (search_function.php) Remote File Include", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444822/100/0/threaded" + }, + { + "name": "28299", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28299" + }, + { + "name": "20060829 Jetbox CMS file include - CVE dispute", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2006-August/001003.html" + }, + { + "name": "20060831 AW: AW: JetBox cms (search_function.php) Remote File Include", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444826/100/0/threaded" + }, + { + "name": "20060828 JetBox cms (search_function.php) Remote File Include", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444527/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4544.json b/2006/4xxx/CVE-2006-4544.json index 9a5d4db2243..ed576f412b2 100644 --- a/2006/4xxx/CVE-2006-4544.json +++ b/2006/4xxx/CVE-2006-4544.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4544", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in ExBB 1.9.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the exbb[home_path] parameter in files in the modules directory including (1) birstday/birst.php (2) birstday/select.php, (3) birstday/profile_show.php, (4) newusergreatings/pm_newreg.php, (5) punish/p_error.php, (6) punish/profile.php, and (7) threadstop/threadstop.php. NOTE: the (8) modules/userstop/userstop.php vector might overlap CVE-2006-4488, although it is for a slightly different product from the same vendor." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4544", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060831 [ECHO_ADV_46$2006] ExBB v1.9.1 (exbb[home_path]) Multiple Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444825/100/0/threaded" - }, - { - "name" : "http://advisories.echo.or.id/adv/adv46-matdhule-2006.txt", - "refsource" : "MISC", - "url" : "http://advisories.echo.or.id/adv/adv46-matdhule-2006.txt" - }, - { - "name" : "19787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19787" - }, - { - "name" : "1016773", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016773" - }, - { - "name" : "1501", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1501" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in ExBB 1.9.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the exbb[home_path] parameter in files in the modules directory including (1) birstday/birst.php (2) birstday/select.php, (3) birstday/profile_show.php, (4) newusergreatings/pm_newreg.php, (5) punish/p_error.php, (6) punish/profile.php, and (7) threadstop/threadstop.php. NOTE: the (8) modules/userstop/userstop.php vector might overlap CVE-2006-4488, although it is for a slightly different product from the same vendor." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1501", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1501" + }, + { + "name": "20060831 [ECHO_ADV_46$2006] ExBB v1.9.1 (exbb[home_path]) Multiple Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444825/100/0/threaded" + }, + { + "name": "19787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19787" + }, + { + "name": "1016773", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016773" + }, + { + "name": "http://advisories.echo.or.id/adv/adv46-matdhule-2006.txt", + "refsource": "MISC", + "url": "http://advisories.echo.or.id/adv/adv46-matdhule-2006.txt" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4979.json b/2006/4xxx/CVE-2006-4979.json index 59ca2f4e315..a4f4c4d3977 100644 --- a/2006/4xxx/CVE-2006-4979.json +++ b/2006/4xxx/CVE-2006-4979.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4979", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Direct static code injection vulnerability in cfgphpquiz/install.php in Walter Beschmout PhpQuiz 1.2 and earlier allows remote attackers to inject arbitrary PHP code in config.inc.php via modified configuration settings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4979", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060916 PHPQuiz Multiple Remote Vulnerabilites", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/446315/100/0/threaded" - }, - { - "name" : "2376", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2376" - }, - { - "name" : "http://www.morx.org/phpquiz.txt", - "refsource" : "MISC", - "url" : "http://www.morx.org/phpquiz.txt" - }, - { - "name" : "20065", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20065" - }, - { - "name" : "ADV-2006-3693", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3693" - }, - { - "name" : "22015", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22015" - }, - { - "name" : "1627", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1627" - }, - { - "name" : "phpquiz-install-code-execution(28997)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28997" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Direct static code injection vulnerability in cfgphpquiz/install.php in Walter Beschmout PhpQuiz 1.2 and earlier allows remote attackers to inject arbitrary PHP code in config.inc.php via modified configuration settings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2376", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2376" + }, + { + "name": "ADV-2006-3693", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3693" + }, + { + "name": "http://www.morx.org/phpquiz.txt", + "refsource": "MISC", + "url": "http://www.morx.org/phpquiz.txt" + }, + { + "name": "phpquiz-install-code-execution(28997)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28997" + }, + { + "name": "1627", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1627" + }, + { + "name": "22015", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22015" + }, + { + "name": "20065", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20065" + }, + { + "name": "20060916 PHPQuiz Multiple Remote Vulnerabilites", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/446315/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2284.json b/2010/2xxx/CVE-2010-2284.json index f7632ce61c0..78ceb783adb 100644 --- a/2010/2xxx/CVE-2010-2284.json +++ b/2010/2xxx/CVE-2010-2284.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2284", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2284", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100610 CVE request for new wireshark vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/06/11/1" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2010-05.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2010-05.html" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2010-06.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2010-06.html" - }, - { - "name" : "MDVSA-2010:113", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:113" - }, - { - "name" : "MDVSA-2010:144", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:144" - }, - { - "name" : "SUSE-SR:2011:001", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "40728", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40728" - }, - { - "name" : "oval:org.mitre.oval:def:11888", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11888" - }, - { - "name" : "40112", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40112" - }, - { - "name" : "42877", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42877" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2010-1418", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1418" - }, - { - "name" : "ADV-2011-0076", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0076" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SR:2011:001", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2010-05.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2010-05.html" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2010-06.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2010-06.html" + }, + { + "name": "[oss-security] 20100610 CVE request for new wireshark vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/06/11/1" + }, + { + "name": "oval:org.mitre.oval:def:11888", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11888" + }, + { + "name": "42877", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42877" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "ADV-2011-0076", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0076" + }, + { + "name": "MDVSA-2010:144", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:144" + }, + { + "name": "40112", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40112" + }, + { + "name": "40728", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40728" + }, + { + "name": "ADV-2010-1418", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1418" + }, + { + "name": "MDVSA-2010:113", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:113" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2539.json b/2010/2xxx/CVE-2010-2539.json index 4e5468bd8f1..9323828a5d9 100644 --- a/2010/2xxx/CVE-2010-2539.json +++ b/2010/2xxx/CVE-2010-2539.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2539", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the msTmpFile function in maputil.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 allows local users to cause a denial of service via vectors involving names of temporary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2539", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[mapserver-users] 20100709 MapServer 5.6.4 and 4.10.6 released with important security fixes", - "refsource" : "MLIST", - "url" : "http://lists.osgeo.org/pipermail/mapserver-users/2010-July/066052.html" - }, - { - "name" : "[oss-security] 20100721 CVE id request: mapserver", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127973381215859&w=2" - }, - { - "name" : "[oss-security] 20100721 Re: CVE id request: mapserver", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127973754121922&w=2" - }, - { - "name" : "http://trac.osgeo.org/mapserver/ticket/3484", - "refsource" : "CONFIRM", - "url" : "http://trac.osgeo.org/mapserver/ticket/3484" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=617312", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=617312" - }, - { - "name" : "41855", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41855" - }, - { - "name" : "mapserver-mstmpfile-bo(60851)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60851" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the msTmpFile function in maputil.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 allows local users to cause a denial of service via vectors involving names of temporary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[mapserver-users] 20100709 MapServer 5.6.4 and 4.10.6 released with important security fixes", + "refsource": "MLIST", + "url": "http://lists.osgeo.org/pipermail/mapserver-users/2010-July/066052.html" + }, + { + "name": "mapserver-mstmpfile-bo(60851)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60851" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=617312", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=617312" + }, + { + "name": "41855", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41855" + }, + { + "name": "http://trac.osgeo.org/mapserver/ticket/3484", + "refsource": "CONFIRM", + "url": "http://trac.osgeo.org/mapserver/ticket/3484" + }, + { + "name": "[oss-security] 20100721 Re: CVE id request: mapserver", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127973754121922&w=2" + }, + { + "name": "[oss-security] 20100721 CVE id request: mapserver", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127973381215859&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2758.json b/2010/2xxx/CVE-2010-2758.json index 2734eb2d08f..932aecf67a6 100644 --- a/2010/2xxx/CVE-2010-2758.json +++ b/2010/2xxx/CVE-2010-2758.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2758", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 generates different error messages depending on whether a product exists, which makes it easier for remote attackers to guess product names via unspecified use of the (1) Reports or (2) Duplicates page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2758", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.bugzilla.org/security/3.2.7/", - "refsource" : "CONFIRM", - "url" : "http://www.bugzilla.org/security/3.2.7/" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=519835", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=519835" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=577139", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=577139" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=623423", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=623423" - }, - { - "name" : "FEDORA-2010-13072", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html" - }, - { - "name" : "FEDORA-2010-13086", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html" - }, - { - "name" : "FEDORA-2010-13171", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html" - }, - { - "name" : "42275", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42275" - }, - { - "name" : "40892", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40892" - }, - { - "name" : "41128", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41128" - }, - { - "name" : "ADV-2010-2035", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2035" - }, - { - "name" : "ADV-2010-2205", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2205" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 generates different error messages depending on whether a product exists, which makes it easier for remote attackers to guess product names via unspecified use of the (1) Reports or (2) Duplicates page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=519835", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=519835" + }, + { + "name": "ADV-2010-2035", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2035" + }, + { + "name": "FEDORA-2010-13072", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html" + }, + { + "name": "FEDORA-2010-13171", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html" + }, + { + "name": "40892", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40892" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=623423", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=623423" + }, + { + "name": "FEDORA-2010-13086", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html" + }, + { + "name": "42275", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42275" + }, + { + "name": "http://www.bugzilla.org/security/3.2.7/", + "refsource": "CONFIRM", + "url": "http://www.bugzilla.org/security/3.2.7/" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=577139", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=577139" + }, + { + "name": "41128", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41128" + }, + { + "name": "ADV-2010-2205", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2205" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2960.json b/2010/2xxx/CVE-2010-2960.json index 3622bc193db..eac86e2297a 100644 --- a/2010/2xxx/CVE-2010-2960.json +++ b/2010/2xxx/CVE-2010-2960.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2960", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The keyctl_session_to_parent function in security/keys/keyctl.c in the Linux kernel 2.6.35.4 and earlier expects that a certain parent session keyring exists, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2010-2960", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100902 CVE-2010-2960 kernel: keyctl_session_to_parent null ptr deref", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/02/1" - }, - { - "name" : "http://twitter.com/taviso/statuses/22777866582", - "refsource" : "MISC", - "url" : "http://twitter.com/taviso/statuses/22777866582" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=627440", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=627440" - }, - { - "name" : "SUSE-SA:2010:050", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html" - }, - { - "name" : "SUSE-SA:2011:007", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" - }, - { - "name" : "USN-1000-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1000-1" - }, - { - "name" : "42932", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42932" - }, - { - "name" : "1024384", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024384" - }, - { - "name" : "41263", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41263" - }, - { - "name" : "ADV-2011-0298", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0298" - }, - { - "name" : "linux-kernel-keyctl-dos(61557)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61557" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The keyctl_session_to_parent function in security/keys/keyctl.c in the Linux kernel 2.6.35.4 and earlier expects that a certain parent session keyring exists, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1000-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1000-1" + }, + { + "name": "[oss-security] 20100902 CVE-2010-2960 kernel: keyctl_session_to_parent null ptr deref", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/02/1" + }, + { + "name": "linux-kernel-keyctl-dos(61557)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61557" + }, + { + "name": "42932", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42932" + }, + { + "name": "SUSE-SA:2011:007", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" + }, + { + "name": "ADV-2011-0298", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0298" + }, + { + "name": "41263", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41263" + }, + { + "name": "SUSE-SA:2010:050", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html" + }, + { + "name": "http://twitter.com/taviso/statuses/22777866582", + "refsource": "MISC", + "url": "http://twitter.com/taviso/statuses/22777866582" + }, + { + "name": "1024384", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024384" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=627440", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=627440" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3148.json b/2010/3xxx/CVE-2010-3148.json index 79f5edf83fe..14e1bb7282f 100644 --- a/2010/3xxx/CVE-2010-3148.json +++ b/2010/3xxx/CVE-2010-3148.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3148", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka \"Microsoft Visio Insecure Library Loading Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3148", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14744", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14744/" - }, - { - "name" : "MS11-055", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-055" - }, - { - "name" : "TA11-193A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-193A.html" - }, - { - "name" : "oval:org.mitre.oval:def:7122", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7122" - }, - { - "name" : "ADV-2010-2192", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2192" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka \"Microsoft Visio Insecure Library Loading Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS11-055", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-055" + }, + { + "name": "ADV-2010-2192", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2192" + }, + { + "name": "TA11-193A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-193A.html" + }, + { + "name": "oval:org.mitre.oval:def:7122", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7122" + }, + { + "name": "14744", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14744/" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3674.json b/2010/3xxx/CVE-2010-3674.json index 9af66a928e8..eef31782d79 100644 --- a/2010/3xxx/CVE-2010-3674.json +++ b/2010/3xxx/CVE-2010-3674.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3674", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3674", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3687.json b/2010/3xxx/CVE-2010-3687.json index 0b31cece9a7..66e241b6e62 100644 --- a/2010/3xxx/CVE-2010-3687.json +++ b/2010/3xxx/CVE-2010-3687.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3687", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to bypass validation have an unspecified impact by \"[injecting] arbitrary values into validated fields,\" as demonstrated using the (1) Email and (2) URL fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3687", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/extensions/repository/view/powermail/1.5.4", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/extensions/repository/view/powermail/1.5.4" - }, - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-019", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-019" - }, - { - "name" : "41530", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41530" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to bypass validation have an unspecified impact by \"[injecting] arbitrary values into validated fields,\" as demonstrated using the (1) Email and (2) URL fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-019", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-019" + }, + { + "name": "http://typo3.org/extensions/repository/view/powermail/1.5.4", + "refsource": "CONFIRM", + "url": "http://typo3.org/extensions/repository/view/powermail/1.5.4" + }, + { + "name": "41530", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41530" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3899.json b/2010/3xxx/CVE-2010-3899.json index 6e7cc270075..624bc0f9aea 100644 --- a/2010/3xxx/CVE-2010-3899.json +++ b/2010/3xxx/CVE-2010-3899.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3899", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM OmniFind Enterprise Edition 8.x and 9.x performs web crawls with an unlimited recursion depth, which allows remote web servers to cause a denial of service (infinite loop) via a crafted series of documents." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3899", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101109 IBM OmniFind - several vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514688/100/0/threaded" - }, - { - "name" : "15476", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15476" - }, - { - "name" : "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt", - "refsource" : "MISC", - "url" : "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt" - }, - { - "name" : "44740", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44740" - }, - { - "name" : "69078", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/69078" - }, - { - "name" : "ADV-2010-2933", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2933" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM OmniFind Enterprise Edition 8.x and 9.x performs web crawls with an unlimited recursion depth, which allows remote web servers to cause a denial of service (infinite loop) via a crafted series of documents." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69078", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/69078" + }, + { + "name": "15476", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15476" + }, + { + "name": "20101109 IBM OmniFind - several vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514688/100/0/threaded" + }, + { + "name": "44740", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44740" + }, + { + "name": "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt", + "refsource": "MISC", + "url": "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt" + }, + { + "name": "ADV-2010-2933", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2933" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3978.json b/2010/3xxx/CVE-2010-3978.json index 053c27f6151..bd9e0fa4156 100644 --- a/2010/3xxx/CVE-2010-3978.json +++ b/2010/3xxx/CVE-2010-3978.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3978", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Spree 0.11.x before 0.11.2 and 0.30.x before 0.30.0 exchanges data using JavaScript Object Notation (JSON) without a mechanism for validating requests, which allows remote attackers to obtain sensitive information via vectors involving (1) admin/products.json, (2) admin/users.json, or (3) admin/overview/get_report_data, related to a \"JSON hijacking\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3978", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101108 Spree e-commerce JSON Hijacking Vulnerabilities - CVE-2010-3978", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514674/100/0/threaded" - }, - { - "name" : "http://twitter.com/conviso/statuses/29555076248", - "refsource" : "MISC", - "url" : "http://twitter.com/conviso/statuses/29555076248" - }, - { - "name" : "http://www.conviso.com.br/json-hijacking-vulnerability/", - "refsource" : "MISC", - "url" : "http://www.conviso.com.br/json-hijacking-vulnerability/" - }, - { - "name" : "http://www.conviso.com.br/security-advisory-spree-e-commerce-json-v-0-11x/", - "refsource" : "MISC", - "url" : "http://www.conviso.com.br/security-advisory-spree-e-commerce-json-v-0-11x/" - }, - { - "name" : "http://spreecommerce.com/blog/2010/11/02/json-hijacking-vulnerability/", - "refsource" : "CONFIRM", - "url" : "http://spreecommerce.com/blog/2010/11/02/json-hijacking-vulnerability/" - }, - { - "name" : "http://spreecommerce.com/blog/2010/11/09/spree-0-30-0-released/", - "refsource" : "CONFIRM", - "url" : "http://spreecommerce.com/blog/2010/11/09/spree-0-30-0-released/" - }, - { - "name" : "https://github.com/railsdog/spree/commit/19944bd999c310d9b10d16a41f48ebac97dc4fac", - "refsource" : "CONFIRM", - "url" : "https://github.com/railsdog/spree/commit/19944bd999c310d9b10d16a41f48ebac97dc4fac" - }, - { - "name" : "https://github.com/railsdog/spree/commit/d881b2bb610ea33e2364ff16feb8e702dfeda135", - "refsource" : "CONFIRM", - "url" : "https://github.com/railsdog/spree/commit/d881b2bb610ea33e2364ff16feb8e702dfeda135" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Spree 0.11.x before 0.11.2 and 0.30.x before 0.30.0 exchanges data using JavaScript Object Notation (JSON) without a mechanism for validating requests, which allows remote attackers to obtain sensitive information via vectors involving (1) admin/products.json, (2) admin/users.json, or (3) admin/overview/get_report_data, related to a \"JSON hijacking\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.conviso.com.br/json-hijacking-vulnerability/", + "refsource": "MISC", + "url": "http://www.conviso.com.br/json-hijacking-vulnerability/" + }, + { + "name": "http://spreecommerce.com/blog/2010/11/02/json-hijacking-vulnerability/", + "refsource": "CONFIRM", + "url": "http://spreecommerce.com/blog/2010/11/02/json-hijacking-vulnerability/" + }, + { + "name": "https://github.com/railsdog/spree/commit/19944bd999c310d9b10d16a41f48ebac97dc4fac", + "refsource": "CONFIRM", + "url": "https://github.com/railsdog/spree/commit/19944bd999c310d9b10d16a41f48ebac97dc4fac" + }, + { + "name": "http://spreecommerce.com/blog/2010/11/09/spree-0-30-0-released/", + "refsource": "CONFIRM", + "url": "http://spreecommerce.com/blog/2010/11/09/spree-0-30-0-released/" + }, + { + "name": "https://github.com/railsdog/spree/commit/d881b2bb610ea33e2364ff16feb8e702dfeda135", + "refsource": "CONFIRM", + "url": "https://github.com/railsdog/spree/commit/d881b2bb610ea33e2364ff16feb8e702dfeda135" + }, + { + "name": "http://www.conviso.com.br/security-advisory-spree-e-commerce-json-v-0-11x/", + "refsource": "MISC", + "url": "http://www.conviso.com.br/security-advisory-spree-e-commerce-json-v-0-11x/" + }, + { + "name": "http://twitter.com/conviso/statuses/29555076248", + "refsource": "MISC", + "url": "http://twitter.com/conviso/statuses/29555076248" + }, + { + "name": "20101108 Spree e-commerce JSON Hijacking Vulnerabilities - CVE-2010-3978", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514674/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4144.json b/2010/4xxx/CVE-2010-4144.json index 64eac3e7220..b9782178db3 100644 --- a/2010/4xxx/CVE-2010-4144.json +++ b/2010/4xxx/CVE-2010-4144.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4144", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in radyo.asp in Kisisel Radyo Script allows remote attackers to execute arbitrary SQL commands via the Id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4144", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15270", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15270" - }, - { - "name" : "http://packetstormsecurity.org/1010-exploits/kisiselradyoscript-disclose.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1010-exploits/kisiselradyoscript-disclose.txt" - }, - { - "name" : "44155", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44155" - }, - { - "name" : "41816", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41816" - }, - { - "name" : "kisiselradyoscript-radyo-sql-injection(62600)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62600" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in radyo.asp in Kisisel Radyo Script allows remote attackers to execute arbitrary SQL commands via the Id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/1010-exploits/kisiselradyoscript-disclose.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1010-exploits/kisiselradyoscript-disclose.txt" + }, + { + "name": "kisiselradyoscript-radyo-sql-injection(62600)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62600" + }, + { + "name": "44155", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44155" + }, + { + "name": "41816", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41816" + }, + { + "name": "15270", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15270" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4566.json b/2010/4xxx/CVE-2010-4566.json index 1b5709b5d9e..2672f5128e3 100644 --- a/2010/4xxx/CVE-2010-4566.json +++ b/2010/4xxx/CVE-2010-4566.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4566", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via shell metacharacters in the password field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4566", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "16916", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/16916" - }, - { - "name" : "http://www.vsecurity.com/resources/advisory/20101221-1", - "refsource" : "MISC", - "url" : "http://www.vsecurity.com/resources/advisory/20101221-1" - }, - { - "name" : "http://support.citrix.com/article/CTX127613", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX127613" - }, - { - "name" : "70099", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/70099" - }, - { - "name" : "1024893", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024893" - }, - { - "name" : "8119", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8119" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via shell metacharacters in the password field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024893", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024893" + }, + { + "name": "http://www.vsecurity.com/resources/advisory/20101221-1", + "refsource": "MISC", + "url": "http://www.vsecurity.com/resources/advisory/20101221-1" + }, + { + "name": "http://support.citrix.com/article/CTX127613", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX127613" + }, + { + "name": "8119", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8119" + }, + { + "name": "70099", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/70099" + }, + { + "name": "16916", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/16916" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1203.json b/2011/1xxx/CVE-2011-1203.json index df4148f865b..275923bc434 100644 --- a/2011/1xxx/CVE-2011-1203.json +++ b/2011/1xxx/CVE-2011-1203.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1203", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 10.0.648.127 does not properly handle SVG cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a \"stale pointer.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1203", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=73746", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=73746" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html" - }, - { - "name" : "http://support.apple.com/kb/HT4808", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4808" - }, - { - "name" : "http://support.apple.com/kb/HT4981", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4981" - }, - { - "name" : "http://support.apple.com/kb/HT4999", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4999" - }, - { - "name" : "APPLE-SA-2011-07-20-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html" - }, - { - "name" : "APPLE-SA-2011-10-11-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" - }, - { - "name" : "APPLE-SA-2011-10-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" - }, - { - "name" : "46785", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46785" - }, - { - "name" : "oval:org.mitre.oval:def:14355", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14355" - }, - { - "name" : "ADV-2011-0628", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0628" - }, - { - "name" : "google-svg-cursor-dos(65967)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65967" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 10.0.648.127 does not properly handle SVG cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a \"stale pointer.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4981", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4981" + }, + { + "name": "46785", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46785" + }, + { + "name": "APPLE-SA-2011-10-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" + }, + { + "name": "oval:org.mitre.oval:def:14355", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14355" + }, + { + "name": "APPLE-SA-2011-10-11-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html" + }, + { + "name": "http://support.apple.com/kb/HT4999", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4999" + }, + { + "name": "http://support.apple.com/kb/HT4808", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4808" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=73746", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=73746" + }, + { + "name": "google-svg-cursor-dos(65967)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65967" + }, + { + "name": "APPLE-SA-2011-07-20-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html" + }, + { + "name": "ADV-2011-0628", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0628" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5043.json b/2011/5xxx/CVE-2011-5043.json index cb0ed1c6f5f..6f7b9a7888b 100644 --- a/2011/5xxx/CVE-2011-5043.json +++ b/2011/5xxx/CVE-2011-5043.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5043", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TomatoSoft Free Mp3 Player 1.0 allows remote attackers to cause a denial of service (application crash) via a long string in an MP3 file, possibly a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5043", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18254", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18254" - }, - { - "name" : "freemp3-mp3-dos(71870)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71870" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TomatoSoft Free Mp3 Player 1.0 allows remote attackers to cause a denial of service (application crash) via a long string in an MP3 file, possibly a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18254", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18254" + }, + { + "name": "freemp3-mp3-dos(71870)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71870" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5085.json b/2011/5xxx/CVE-2011-5085.json index bd80d2a4334..4ecfae32cd4 100644 --- a/2011/5xxx/CVE-2011-5085.json +++ b/2011/5xxx/CVE-2011-5085.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5085", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Movable Type 4.x before 4.36 and 5.x before 5.05 allows remote attackers to read or modify data via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5085", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.movabletype.org/2011/05/movable_type_51_and_505_436_security_update.html", - "refsource" : "CONFIRM", - "url" : "http://www.movabletype.org/2011/05/movable_type_51_and_505_436_security_update.html" - }, - { - "name" : "DSA-2423", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2423" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Movable Type 4.x before 4.36 and 5.x before 5.05 allows remote attackers to read or modify data via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2423", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2423" + }, + { + "name": "http://www.movabletype.org/2011/05/movable_type_51_and_505_436_security_update.html", + "refsource": "CONFIRM", + "url": "http://www.movabletype.org/2011/05/movable_type_51_and_505_436_security_update.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3026.json b/2014/3xxx/CVE-2014-3026.json index 4a62a544667..1fd3882d84c 100644 --- a/2014/3xxx/CVE-2014-3026.json +++ b/2014/3xxx/CVE-2014-3026.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3026", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in IBM Maximo Asset Management 7.5 through 7.5.0.6, and 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-3026", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21678798", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21678798" - }, - { - "name" : "59570", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59570" - }, - { - "name" : "ibm-maximo-cve20143026-header-injection(93065)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93065" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in IBM Maximo Asset Management 7.5 through 7.5.0.6, and 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-maximo-cve20143026-header-injection(93065)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93065" + }, + { + "name": "59570", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59570" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678798", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678798" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3502.json b/2014/3xxx/CVE-2014-3502.json index 858036ce6ed..a01d2cd5d25 100644 --- a/2014/3xxx/CVE-2014-3502.json +++ b/2014/3xxx/CVE-2014-3502.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3502", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3502", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cordova.apache.org/announcements/2014/08/04/android-351.html", - "refsource" : "CONFIRM", - "url" : "http://cordova.apache.org/announcements/2014/08/04/android-351.html" - }, - { - "name" : "http://cordova.apache.org/announcements/2014/08/06/android-351-update.html", - "refsource" : "CONFIRM", - "url" : "http://cordova.apache.org/announcements/2014/08/06/android-351-update.html" - }, - { - "name" : "69046", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69046" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69046", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69046" + }, + { + "name": "http://cordova.apache.org/announcements/2014/08/04/android-351.html", + "refsource": "CONFIRM", + "url": "http://cordova.apache.org/announcements/2014/08/04/android-351.html" + }, + { + "name": "http://cordova.apache.org/announcements/2014/08/06/android-351-update.html", + "refsource": "CONFIRM", + "url": "http://cordova.apache.org/announcements/2014/08/06/android-351-update.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3632.json b/2014/3xxx/CVE-2014-3632.json index b638f9d0029..cb4589e4e88 100644 --- a/2014/3xxx/CVE-2014-3632.json +++ b/2014/3xxx/CVE-2014-3632.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3632", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2-4, as used in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6, allows remote attackers to gain privileges via a crafted configuration file. NOTE: this vulnerability exists because of a CVE-2013-6433 regression." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3632", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2014:1339", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1339.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2-4, as used in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6, allows remote attackers to gain privileges via a crafted configuration file. NOTE: this vulnerability exists because of a CVE-2013-6433 regression." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:1339", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1339.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7238.json b/2014/7xxx/CVE-2014-7238.json index 26a57cd23e8..71b4165ea07 100644 --- a/2014/7xxx/CVE-2014-7238.json +++ b/2014/7xxx/CVE-2014-7238.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7238", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7238", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7781.json b/2014/7xxx/CVE-2014-7781.json index fe7508e4721..1761d9863a7 100644 --- a/2014/7xxx/CVE-2014-7781.json +++ b/2014/7xxx/CVE-2014-7781.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7781", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Marijuana Handbook Lite - Weed (aka com.fallacystudios.marijuanahandbooklite) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7781", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#997329", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/997329" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Marijuana Handbook Lite - Weed (aka com.fallacystudios.marijuanahandbooklite) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#997329", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/997329" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7805.json b/2014/7xxx/CVE-2014-7805.json index 79d4c0b1388..c65d7e6c107 100644 --- a/2014/7xxx/CVE-2014-7805.json +++ b/2014/7xxx/CVE-2014-7805.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7805", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7805", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7927.json b/2014/7xxx/CVE-2014-7927.json index 2ad53011958..87e7c5cfd26 100644 --- a/2014/7xxx/CVE-2014-7927.json +++ b/2014/7xxx/CVE-2014-7927.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7927", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SimplifiedLowering::DoLoadBuffer function in compiler/simplified-lowering.cc in Google V8, as used in Google Chrome before 40.0.2214.91, does not properly choose an integer data type, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-7927", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=444695", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=444695" - }, - { - "name" : "https://codereview.chromium.org/824843002", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/824843002" - }, - { - "name" : "GLSA-201502-13", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-13.xml" - }, - { - "name" : "RHSA-2015:0093", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0093.html" - }, - { - "name" : "openSUSE-SU-2015:0441", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html" - }, - { - "name" : "USN-2476-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2476-1" - }, - { - "name" : "72288", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72288" - }, - { - "name" : "1031623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031623" - }, - { - "name" : "62575", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62575" - }, - { - "name" : "62383", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62383" - }, - { - "name" : "62665", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62665" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SimplifiedLowering::DoLoadBuffer function in compiler/simplified-lowering.cc in Google V8, as used in Google Chrome before 40.0.2214.91, does not properly choose an integer data type, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62665", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62665" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=444695", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=444695" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html" + }, + { + "name": "62575", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62575" + }, + { + "name": "USN-2476-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2476-1" + }, + { + "name": "72288", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72288" + }, + { + "name": "GLSA-201502-13", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-13.xml" + }, + { + "name": "1031623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031623" + }, + { + "name": "openSUSE-SU-2015:0441", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html" + }, + { + "name": "RHSA-2015:0093", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0093.html" + }, + { + "name": "62383", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62383" + }, + { + "name": "https://codereview.chromium.org/824843002", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/824843002" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8634.json b/2014/8xxx/CVE-2014-8634.json index 7b0a648d9e2..e3d383bd700 100644 --- a/2014/8xxx/CVE-2014-8634.json +++ b/2014/8xxx/CVE-2014-8634.json @@ -1,257 +1,257 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8634", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2014-8634", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2014/mfsa2015-01.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2014/mfsa2015-01.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1109889", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1109889" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1111737", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1111737" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2015-0046.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2015-0046.html" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2015-0047.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2015-0047.html" - }, - { - "name" : "DSA-3127", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3127" - }, - { - "name" : "DSA-3132", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3132" - }, - { - "name" : "GLSA-201504-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-01" - }, - { - "name" : "RHSA-2015:0046", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0046.html" - }, - { - "name" : "RHSA-2015:0047", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0047.html" - }, - { - "name" : "openSUSE-SU-2015:0133", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-01/msg00071.html" - }, - { - "name" : "openSUSE-SU-2015:0077", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html" - }, - { - "name" : "openSUSE-SU-2015:0192", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html" - }, - { - "name" : "SUSE-SU-2015:0171", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html" - }, - { - "name" : "SUSE-SU-2015:0173", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html" - }, - { - "name" : "SUSE-SU-2015:0180", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html" - }, - { - "name" : "openSUSE-SU-2015:1266", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" - }, - { - "name" : "USN-2460-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2460-1" - }, - { - "name" : "72049", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72049" - }, - { - "name" : "1031533", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031533" - }, - { - "name" : "1031534", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031534" - }, - { - "name" : "62237", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62237" - }, - { - "name" : "62242", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62242" - }, - { - "name" : "62250", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62250" - }, - { - "name" : "62446", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62446" - }, - { - "name" : "62657", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62657" - }, - { - "name" : "62790", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62790" - }, - { - "name" : "62253", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62253" - }, - { - "name" : "62273", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62273" - }, - { - "name" : "62274", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62274" - }, - { - "name" : "62293", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62293" - }, - { - "name" : "62304", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62304" - }, - { - "name" : "62313", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62313" - }, - { - "name" : "62315", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62315" - }, - { - "name" : "62316", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62316" - }, - { - "name" : "62259", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62259" - }, - { - "name" : "62283", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62283" - }, - { - "name" : "62418", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62418" - }, - { - "name" : "firefox-cve20148634-code-exec(99955)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99955" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:0046", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0046.html" + }, + { + "name": "62242", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62242" + }, + { + "name": "1031533", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031533" + }, + { + "name": "USN-2460-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2460-1" + }, + { + "name": "openSUSE-SU-2015:0192", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html" + }, + { + "name": "72049", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72049" + }, + { + "name": "62304", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62304" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2015-0047.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2015-0047.html" + }, + { + "name": "firefox-cve20148634-code-exec(99955)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99955" + }, + { + "name": "62259", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62259" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1111737", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1111737" + }, + { + "name": "62250", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62250" + }, + { + "name": "SUSE-SU-2015:0173", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html" + }, + { + "name": "62237", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62237" + }, + { + "name": "openSUSE-SU-2015:0077", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html" + }, + { + "name": "62418", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62418" + }, + { + "name": "SUSE-SU-2015:0171", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html" + }, + { + "name": "62316", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62316" + }, + { + "name": "DSA-3132", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3132" + }, + { + "name": "62274", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62274" + }, + { + "name": "GLSA-201504-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-01" + }, + { + "name": "62313", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62313" + }, + { + "name": "RHSA-2015:0047", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0047.html" + }, + { + "name": "62790", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62790" + }, + { + "name": "62293", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62293" + }, + { + "name": "62283", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62283" + }, + { + "name": "62446", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62446" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" + }, + { + "name": "62657", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62657" + }, + { + "name": "62273", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62273" + }, + { + "name": "openSUSE-SU-2015:0133", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00071.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2014/mfsa2015-01.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2014/mfsa2015-01.html" + }, + { + "name": "openSUSE-SU-2015:1266", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" + }, + { + "name": "DSA-3127", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3127" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1109889", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1109889" + }, + { + "name": "SUSE-SU-2015:0180", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html" + }, + { + "name": "62315", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62315" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2015-0046.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2015-0046.html" + }, + { + "name": "62253", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62253" + }, + { + "name": "1031534", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031534" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9307.json b/2014/9xxx/CVE-2014-9307.json index 7972a5b7f79..81c964f9e70 100644 --- a/2014/9xxx/CVE-2014-9307.json +++ b/2014/9xxx/CVE-2014-9307.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9307", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9307", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9838.json b/2014/9xxx/CVE-2014-9838.json index 74284959705..ed12b50037f 100644 --- a/2014/9xxx/CVE-2014-9838.json +++ b/2014/9xxx/CVE-2014-9838.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9838", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "magick/cache.c in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (crash)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9838", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160602 Re: ImageMagick CVEs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/02/13" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "magick/cache.c in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (crash)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160602 Re: ImageMagick CVEs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9913.json b/2014/9xxx/CVE-2014-9913.json index a6a394f2fac..bdf5c8384f2 100644 --- a/2014/9xxx/CVE-2014-9913.json +++ b/2014/9xxx/CVE-2014-9913.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9913", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9913", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141103 unzip -l crasher", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/11/03/5" - }, - { - "name" : "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/12/05/13" - }, - { - "name" : "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/12/05/19" - }, - { - "name" : "[oss-security] 20161205 Re: CVE Request: Info-Zip zipinfo buffer overflow", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/12/05/20" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750" - }, - { - "name" : "95081", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95081" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95081", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95081" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750" + }, + { + "name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/12/05/19" + }, + { + "name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/12/05/13" + }, + { + "name": "[oss-security] 20161205 Re: CVE Request: Info-Zip zipinfo buffer overflow", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/12/05/20" + }, + { + "name": "[oss-security] 20141103 unzip -l crasher", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/11/03/5" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2106.json b/2016/2xxx/CVE-2016-2106.json index 9e2d21b59c2..d0b896e179b 100644 --- a/2016/2xxx/CVE-2016-2106.json +++ b/2016/2xxx/CVE-2016-2106.json @@ -1,357 +1,357 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-2106", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-2106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html" - }, - { - "name" : "https://git.openssl.org/?p=openssl.git;a=commit;h=3f3582139fbb259a1c3cbb0a25236500a409bf26", - "refsource" : "CONFIRM", - "url" : "https://git.openssl.org/?p=openssl.git;a=commit;h=3f3582139fbb259a1c3cbb0a25236500a409bf26" - }, - { - "name" : "https://www.openssl.org/news/secadv/20160503.txt", - "refsource" : "CONFIRM", - "url" : "https://www.openssl.org/news/secadv/20160503.txt" - }, - { - "name" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202", - "refsource" : "CONFIRM", - "url" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10160", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10160" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "https://support.apple.com/HT206903", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT206903" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149" - }, - { - "name" : "https://bto.bluecoat.com/security-advisory/sa123", - "refsource" : "CONFIRM", - "url" : "https://bto.bluecoat.com/security-advisory/sa123" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" - }, - { - "name" : "https://www.tenable.com/security/tns-2016-18", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2016-18" - }, - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us" - }, - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20160504-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20160504-0001/" - }, - { - "name" : "https://source.android.com/security/bulletin/pixel/2017-11-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2017-11-01" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "APPLE-SA-2016-07-18-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html" - }, - { - "name" : "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl" - }, - { - "name" : "DSA-3566", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3566" - }, - { - "name" : "FEDORA-2016-05c567df1a", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html" - }, - { - "name" : "FEDORA-2016-1411324654", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html" - }, - { - "name" : "FEDORA-2016-1e39d934ed", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html" - }, - { - "name" : "FreeBSD-SA-16:17", - "refsource" : "FREEBSD", - "url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc" - }, - { - "name" : "GLSA-201612-16", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-16" - }, - { - "name" : "RHSA-2016:0722", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0722.html" - }, - { - "name" : "RHSA-2016:0996", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0996.html" - }, - { - "name" : "RHSA-2016:1648", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1648.html" - }, - { - "name" : "RHSA-2016:1649", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1649.html" - }, - { - "name" : "RHSA-2016:1650", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1650.html" - }, - { - "name" : "RHSA-2016:2056", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2056.html" - }, - { - "name" : "RHSA-2016:2073", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2073.html" - }, - { - "name" : "RHSA-2016:2957", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2957.html" - }, - { - "name" : "SSA:2016-124-01", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103" - }, - { - "name" : "SUSE-SU-2016:1206", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html" - }, - { - "name" : "SUSE-SU-2016:1228", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html" - }, - { - "name" : "SUSE-SU-2016:1231", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html" - }, - { - "name" : "SUSE-SU-2016:1233", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html" - }, - { - "name" : "openSUSE-SU-2016:1237", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html" - }, - { - "name" : "openSUSE-SU-2016:1238", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html" - }, - { - "name" : "openSUSE-SU-2016:1239", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html" - }, - { - "name" : "openSUSE-SU-2016:1240", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html" - }, - { - "name" : "openSUSE-SU-2016:1241", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html" - }, - { - "name" : "SUSE-SU-2016:1267", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html" - }, - { - "name" : "openSUSE-SU-2016:1242", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html" - }, - { - "name" : "openSUSE-SU-2016:1243", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html" - }, - { - "name" : "openSUSE-SU-2016:1273", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html" - }, - { - "name" : "SUSE-SU-2016:1290", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html" - }, - { - "name" : "SUSE-SU-2016:1360", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html" - }, - { - "name" : "USN-2959-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2959-1" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "89744", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/89744" - }, - { - "name" : "1035721", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035721" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149" + }, + { + "name": "SSA:2016-124-01", + "refsource": "SLACKWARE", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103" + }, + { + "name": "RHSA-2016:2056", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html" + }, + { + "name": "openSUSE-SU-2016:1238", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html" + }, + { + "name": "openSUSE-SU-2016:1242", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "SUSE-SU-2016:1267", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html" + }, + { + "name": "RHSA-2016:2073", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html" + }, + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" + }, + { + "name": "DSA-3566", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3566" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" + }, + { + "name": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10160", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10160" + }, + { + "name": "openSUSE-SU-2016:1243", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html" + }, + { + "name": "GLSA-201612-16", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-16" + }, + { + "name": "SUSE-SU-2016:1228", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html" + }, + { + "name": "1035721", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035721" + }, + { + "name": "RHSA-2016:1648", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1648.html" + }, + { + "name": "openSUSE-SU-2016:1239", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html" + }, + { + "name": "SUSE-SU-2016:1206", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html" + }, + { + "name": "https://git.openssl.org/?p=openssl.git;a=commit;h=3f3582139fbb259a1c3cbb0a25236500a409bf26", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=3f3582139fbb259a1c3cbb0a25236500a409bf26" + }, + { + "name": "FEDORA-2016-1e39d934ed", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html" + }, + { + "name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + }, + { + "name": "SUSE-SU-2016:1231", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html" + }, + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "FEDORA-2016-1411324654", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html" + }, + { + "name": "openSUSE-SU-2016:1240", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html" + }, + { + "name": "openSUSE-SU-2016:1241", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html" + }, + { + "name": "APPLE-SA-2016-07-18-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html" + }, + { + "name": "https://source.android.com/security/bulletin/pixel/2017-11-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" + }, + { + "name": "SUSE-SU-2016:1360", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html" + }, + { + "name": "89744", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/89744" + }, + { + "name": "https://www.tenable.com/security/tns-2016-18", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-18" + }, + { + "name": "RHSA-2016:1649", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1649.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" + }, + { + "name": "SUSE-SU-2016:1233", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html" + }, + { + "name": "openSUSE-SU-2016:1237", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html" + }, + { + "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202", + "refsource": "CONFIRM", + "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202" + }, + { + "name": "RHSA-2016:0996", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20160504-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20160504-0001/" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "RHSA-2016:1650", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1650.html" + }, + { + "name": "SUSE-SU-2016:1290", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html" + }, + { + "name": "openSUSE-SU-2016:1273", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html" + }, + { + "name": "RHSA-2016:2957", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html" + }, + { + "name": "USN-2959-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2959-1" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + }, + { + "name": "RHSA-2016:0722", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html" + }, + { + "name": "FreeBSD-SA-16:17", + "refsource": "FREEBSD", + "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc" + }, + { + "name": "https://www.openssl.org/news/secadv/20160503.txt", + "refsource": "CONFIRM", + "url": "https://www.openssl.org/news/secadv/20160503.txt" + }, + { + "name": "https://support.apple.com/HT206903", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT206903" + }, + { + "name": "https://bto.bluecoat.com/security-advisory/sa123", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa123" + }, + { + "name": "FEDORA-2016-05c567df1a", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2213.json b/2016/2xxx/CVE-2016-2213.json index b44742ef582..8ffdf9966f8 100644 --- a/2016/2xxx/CVE-2016-2213.json +++ b/2016/2xxx/CVE-2016-2213.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2213", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.6 allows remote attackers to cause a denial of service (out-of-bounds array read access) via crafted JPEG 2000 data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2213", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0aada30510d809bccfd539a90ea37b61188f2cb4", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0aada30510d809bccfd539a90ea37b61188f2cb4" - }, - { - "name" : "GLSA-201606-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201606-09" - }, - { - "name" : "1034923", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034923" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.6 allows remote attackers to cause a denial of service (out-of-bounds array read access) via crafted JPEG 2000 data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0aada30510d809bccfd539a90ea37b61188f2cb4", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0aada30510d809bccfd539a90ea37b61188f2cb4" + }, + { + "name": "1034923", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034923" + }, + { + "name": "GLSA-201606-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201606-09" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2217.json b/2016/2xxx/CVE-2016-2217.json index ad91fe7d600..5f60585d8d5 100644 --- a/2016/2xxx/CVE-2016-2217.json +++ b/2016/2xxx/CVE-2016-2217.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2217", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2217", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160201 Socat security advisory 7 - Created new 2048bit DH modulus", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/02/01/4" - }, - { - "name" : "[oss-security] 20160203 Re: Socat security advisory 7 - Created new 2048bit DH modulus", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/02/04/1" - }, - { - "name" : "http://www.dest-unreach.org/socat/contrib/socat-secadv7.html", - "refsource" : "CONFIRM", - "url" : "http://www.dest-unreach.org/socat/contrib/socat-secadv7.html" - }, - { - "name" : "GLSA-201612-23", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-23" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201612-23", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-23" + }, + { + "name": "http://www.dest-unreach.org/socat/contrib/socat-secadv7.html", + "refsource": "CONFIRM", + "url": "http://www.dest-unreach.org/socat/contrib/socat-secadv7.html" + }, + { + "name": "[oss-security] 20160203 Re: Socat security advisory 7 - Created new 2048bit DH modulus", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/02/04/1" + }, + { + "name": "[oss-security] 20160201 Socat security advisory 7 - Created new 2048bit DH modulus", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/02/01/4" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2994.json b/2016/2xxx/CVE-2016-2994.json index cb82ac94960..89a4a8a3e5b 100644 --- a/2016/2xxx/CVE-2016-2994.json +++ b/2016/2xxx/CVE-2016-2994.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2994", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM UrbanCode Deploy 6.2.x before 6.2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-2994", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000177", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000177" - }, - { - "name" : "92870", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92870" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM UrbanCode Deploy 6.2.x before 6.2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000177", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000177" + }, + { + "name": "92870", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92870" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6054.json b/2016/6xxx/CVE-2016-6054.json index 5401ea1a230..f1b2262ec08 100644 --- a/2016/6xxx/CVE-2016-6054.json +++ b/2016/6xxx/CVE-2016-6054.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-6054", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jazz Reporting Service", - "version" : { - "version_data" : [ - { - "version_value" : "6" - }, - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-6054", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jazz Reporting Service", + "version": { + "version_data": [ + { + "version_value": "6" + }, + { + "version_value": "5.0" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21991154", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21991154" - }, - { - "name" : "94842", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94842" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21991154", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21991154" + }, + { + "name": "94842", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94842" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6464.json b/2016/6xxx/CVE-2016-6464.json index 4ad1c944cc3..f6682b99bc8 100644 --- a/2016/6xxx/CVE-2016-6464.json +++ b/2016/6xxx/CVE-2016-6464.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2016-6464", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Unified Communications Manager", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Unified Communications Manager" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web management interface of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to view information on web pages that should be restricted. More Information: CSCva49629. Known Affected Releases: 11.5(1). Known Fixed Releases: 11.5(1.12000.2) 12.0(0.98000.181)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unspecified" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6464", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Unified Communications Manager", + "version": { + "version_data": [ + { + "version_value": "Cisco Unified Communications Manager" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ucm", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ucm" - }, - { - "name" : "94802", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94802" - }, - { - "name" : "1037412", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037412" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web management interface of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to view information on web pages that should be restricted. More Information: CSCva49629. Known Affected Releases: 11.5(1). Known Fixed Releases: 11.5(1.12000.2) 12.0(0.98000.181)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037412", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037412" + }, + { + "name": "94802", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94802" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ucm", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ucm" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6954.json b/2016/6xxx/CVE-2016-6954.json index b5d9b64991c..69e3f7bf303 100644 --- a/2016/6xxx/CVE-2016-6954.json +++ b/2016/6xxx/CVE-2016-6954.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6954", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-6954", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" - }, - { - "name" : "93496", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93496" - }, - { - "name" : "1036986", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036986", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036986" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" + }, + { + "name": "93496", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93496" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7880.json b/2016/7xxx/CVE-2016-7880.json index 34e72aed4d8..7429b9ffd70 100644 --- a/2016/7xxx/CVE-2016-7880.json +++ b/2016/7xxx/CVE-2016-7880.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2016-7880", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability when setting the length property of an array object. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-7880", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier", + "version": { + "version_data": [ + { + "version_value": "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html" - }, - { - "name" : "GLSA-201701-17", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-17" - }, - { - "name" : "MS16-154", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154" - }, - { - "name" : "RHSA-2016:2947", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2947.html" - }, - { - "name" : "SUSE-SU-2016:3148", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html" - }, - { - "name" : "openSUSE-SU-2016:3160", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html" - }, - { - "name" : "94873", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94873" - }, - { - "name" : "1037442", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037442" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability when setting the length property of an array object. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2016:3148", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html" + }, + { + "name": "MS16-154", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154" + }, + { + "name": "GLSA-201701-17", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-17" + }, + { + "name": "94873", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94873" + }, + { + "name": "1037442", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037442" + }, + { + "name": "RHSA-2016:2947", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2947.html" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html" + }, + { + "name": "openSUSE-SU-2016:3160", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5484.json b/2017/5xxx/CVE-2017-5484.json index edb45bab81a..f1d5dabe5ae 100644 --- a/2017/5xxx/CVE-2017-5484.json +++ b/2017/5xxx/CVE-2017-5484.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5484", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:sig_print()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5484", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html", - "refsource" : "CONFIRM", - "url" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html" - }, - { - "name" : "DSA-3775", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3775" - }, - { - "name" : "GLSA-201702-30", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-30" - }, - { - "name" : "RHSA-2017:1871", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1871" - }, - { - "name" : "95852", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95852" - }, - { - "name" : "1037755", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:sig_print()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037755", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037755" + }, + { + "name": "DSA-3775", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3775" + }, + { + "name": "RHSA-2017:1871", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1871" + }, + { + "name": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html", + "refsource": "CONFIRM", + "url": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html" + }, + { + "name": "95852", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95852" + }, + { + "name": "GLSA-201702-30", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-30" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5814.json b/2017/5xxx/CVE-2017-5814.json index 866ef3e0879..b6c447eef4c 100644 --- a/2017/5xxx/CVE-2017-5814.json +++ b/2017/5xxx/CVE-2017-5814.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-05-04T00:00:00", - "ID" : "CVE-2017-5814", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Network Automation", - "version" : { - "version_data" : [ - { - "version_value" : "9.1x, 9.2x, 10.0x, 10.1x and 10.2x" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote sql injection authentication bypass in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote authentication bypass" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-05-04T00:00:00", + "ID": "CVE-2017-5814", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Network Automation", + "version": { + "version_data": [ + { + "version_value": "9.1x, 9.2x, 10.0x, 10.1x and 10.2x" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03740en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03740en_us" - }, - { - "name" : "98331", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98331" - }, - { - "name" : "1038407", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038407" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote sql injection authentication bypass in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote authentication bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03740en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03740en_us" + }, + { + "name": "98331", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98331" + }, + { + "name": "1038407", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038407" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5857.json b/2017/5xxx/CVE-2017-5857.json index fd4d2ad6d3b..0008e27c41a 100644 --- a/2017/5xxx/CVE-2017-5857.json +++ b/2017/5xxx/CVE-2017-5857.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5857", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the virgl_cmd_resource_unref function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_UNREF commands sent without detaching the backing storage beforehand." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-5857", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170201 CVE request Qemu: display: virtio-gpu-3d: host memory leakage in virgl_cmd_resource_unref", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/01/21" - }, - { - "name" : "[oss-security] 20170202 Re: CVE request Qemu: display: virtio-gpu-3d: host memory leakage in virgl_cmd_resource_unref", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/02/16" - }, - { - "name" : "http://git.qemu-project.org/?p=qemu.git;a=commit;h=5e8e3c4c75c199aa1017db816fca02be2a9f8798", - "refsource" : "CONFIRM", - "url" : "http://git.qemu-project.org/?p=qemu.git;a=commit;h=5e8e3c4c75c199aa1017db816fca02be2a9f8798" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1418382", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1418382" - }, - { - "name" : "GLSA-201702-28", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-28" - }, - { - "name" : "95993", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95993" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the virgl_cmd_resource_unref function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_UNREF commands sent without detaching the backing storage beforehand." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1418382", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1418382" + }, + { + "name": "[oss-security] 20170202 Re: CVE request Qemu: display: virtio-gpu-3d: host memory leakage in virgl_cmd_resource_unref", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/02/16" + }, + { + "name": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=5e8e3c4c75c199aa1017db816fca02be2a9f8798", + "refsource": "CONFIRM", + "url": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=5e8e3c4c75c199aa1017db816fca02be2a9f8798" + }, + { + "name": "95993", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95993" + }, + { + "name": "GLSA-201702-28", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-28" + }, + { + "name": "[oss-security] 20170201 CVE request Qemu: display: virtio-gpu-3d: host memory leakage in virgl_cmd_resource_unref", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/01/21" + } + ] + } +} \ No newline at end of file