From aefe4620a09dc0c8a19779b1dbe42c164124248a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:11:13 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0215.json | 130 ++++++------- 2006/0xxx/CVE-2006-0255.json | 150 +++++++-------- 2006/0xxx/CVE-2006-0530.json | 190 +++++++++--------- 2006/0xxx/CVE-2006-0621.json | 210 ++++++++++---------- 2006/0xxx/CVE-2006-0827.json | 160 ++++++++-------- 2006/1xxx/CVE-2006-1449.json | 190 +++++++++--------- 2006/1xxx/CVE-2006-1700.json | 140 +++++++------- 2006/3xxx/CVE-2006-3681.json | 170 ++++++++--------- 2006/3xxx/CVE-2006-3968.json | 170 ++++++++--------- 2006/4xxx/CVE-2006-4076.json | 170 ++++++++--------- 2006/4xxx/CVE-2006-4118.json | 180 +++++++++--------- 2006/4xxx/CVE-2006-4458.json | 160 ++++++++-------- 2006/4xxx/CVE-2006-4557.json | 150 +++++++-------- 2010/2xxx/CVE-2010-2527.json | 220 ++++++++++----------- 2010/2xxx/CVE-2010-2551.json | 140 +++++++------- 2010/3xxx/CVE-2010-3085.json | 140 +++++++------- 2010/3xxx/CVE-2010-3120.json | 140 +++++++------- 2010/3xxx/CVE-2010-3132.json | 150 +++++++-------- 2010/3xxx/CVE-2010-3451.json | 350 +++++++++++++++++----------------- 2010/3xxx/CVE-2010-3681.json | 360 +++++++++++++++++------------------ 2010/4xxx/CVE-2010-4674.json | 160 ++++++++-------- 2010/4xxx/CVE-2010-4710.json | 150 +++++++-------- 2011/0xxx/CVE-2011-0598.json | 220 ++++++++++----------- 2011/1xxx/CVE-2011-1104.json | 150 +++++++-------- 2011/1xxx/CVE-2011-1126.json | 210 ++++++++++---------- 2011/1xxx/CVE-2011-1479.json | 160 ++++++++-------- 2011/1xxx/CVE-2011-1752.json | 320 +++++++++++++++---------------- 2011/5xxx/CVE-2011-5069.json | 160 ++++++++-------- 2011/5xxx/CVE-2011-5310.json | 120 ++++++------ 2014/3xxx/CVE-2014-3106.json | 130 ++++++------- 2014/3xxx/CVE-2014-3120.json | 190 +++++++++--------- 2014/3xxx/CVE-2014-3544.json | 200 +++++++++---------- 2014/3xxx/CVE-2014-3785.json | 34 ++-- 2014/6xxx/CVE-2014-6970.json | 140 +++++++------- 2014/7xxx/CVE-2014-7329.json | 140 +++++++------- 2014/7xxx/CVE-2014-7400.json | 34 ++-- 2014/7xxx/CVE-2014-7673.json | 34 ++-- 2014/7xxx/CVE-2014-7871.json | 150 +++++++-------- 2014/8xxx/CVE-2014-8292.json | 34 ++-- 2014/8xxx/CVE-2014-8369.json | 250 ++++++++++++------------ 2014/8xxx/CVE-2014-8444.json | 34 ++-- 2014/9xxx/CVE-2014-9521.json | 130 ++++++------- 2016/2xxx/CVE-2016-2167.json | 220 ++++++++++----------- 2016/2xxx/CVE-2016-2553.json | 34 ++-- 2016/6xxx/CVE-2016-6023.json | 130 ++++++------- 2016/6xxx/CVE-2016-6438.json | 140 +++++++------- 2016/6xxx/CVE-2016-6562.json | 188 +++++++++--------- 2016/6xxx/CVE-2016-6829.json | 170 ++++++++--------- 2017/5xxx/CVE-2017-5232.json | 130 ++++++------- 2017/5xxx/CVE-2017-5271.json | 34 ++-- 2017/5xxx/CVE-2017-5407.json | 304 ++++++++++++++--------------- 51 files changed, 4085 insertions(+), 4085 deletions(-) diff --git a/2006/0xxx/CVE-2006-0215.json b/2006/0xxx/CVE-2006-0215.json index b92edae9857..b6c6bb40531 100644 --- a/2006/0xxx/CVE-2006-0215.json +++ b/2006/0xxx/CVE-2006-0215.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0215", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. NOTE: this issue might be resultant from CVE-2006-0216." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0215", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://osvdb.org/ref/22/22352-qualityppc.txt", - "refsource" : "MISC", - "url" : "http://osvdb.org/ref/22/22352-qualityppc.txt" - }, - { - "name" : "22352", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22352" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. NOTE: this issue might be resultant from CVE-2006-0216." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://osvdb.org/ref/22/22352-qualityppc.txt", + "refsource": "MISC", + "url": "http://osvdb.org/ref/22/22352-qualityppc.txt" + }, + { + "name": "22352", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22352" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0255.json b/2006/0xxx/CVE-2006-0255.json index 8cf34b576c6..839000c888e 100644 --- a/2006/0xxx/CVE-2006-0255.json +++ b/2006/0xxx/CVE-2006-0255.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0255", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unquoted Windows search path vulnerability in Check Point VPN-1 SecureClient might allow local users to gain privileges via a malicious \"program.exe\" file in the C: folder, which is run when SecureClient attempts to launch the Sr_GUI.exe program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0255", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060117 [ TZO-012006 ] Checkpoint VPN-1 SecureClient insecure usage of CreateProcess()", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/422263/100/0/threaded" - }, - { - "name" : "http://secdev.zoller.lu/research/checkpoint.txt", - "refsource" : "MISC", - "url" : "http://secdev.zoller.lu/research/checkpoint.txt" - }, - { - "name" : "16290", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16290" - }, - { - "name" : "ADV-2006-0258", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0258" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unquoted Windows search path vulnerability in Check Point VPN-1 SecureClient might allow local users to gain privileges via a malicious \"program.exe\" file in the C: folder, which is run when SecureClient attempts to launch the Sr_GUI.exe program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0258", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0258" + }, + { + "name": "http://secdev.zoller.lu/research/checkpoint.txt", + "refsource": "MISC", + "url": "http://secdev.zoller.lu/research/checkpoint.txt" + }, + { + "name": "16290", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16290" + }, + { + "name": "20060117 [ TZO-012006 ] Checkpoint VPN-1 SecureClient insecure usage of CreateProcess()", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/422263/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0530.json b/2006/0xxx/CVE-2006-0530.json index 2a8036997c6..ee130151ef7 100644 --- a/2006/0xxx/CVE-2006-0530.json +++ b/2006/0xxx/CVE-2006-0530.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0530", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 Build 220_16 and 1.11 Build 29_20, as used in multiple CA products, allows remote attackers to cause a denial of service via spoofed CAM control messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0530", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060202 CAID 33581 - CA Message Queuing Denial of Service Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/423785/100/0/threaded" - }, - { - "name" : "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33581", - "refsource" : "MISC", - "url" : "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33581" - }, - { - "name" : "16475", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16475" - }, - { - "name" : "ADV-2006-0414", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0414" - }, - { - "name" : "1015571", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015571" - }, - { - "name" : "18681", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18681" - }, - { - "name" : "404", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/404" - }, - { - "name" : "ca-cam-spoofed-message-dos(24449)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24449" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 Build 220_16 and 1.11 Build 29_20, as used in multiple CA products, allows remote attackers to cause a denial of service via spoofed CAM control messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16475", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16475" + }, + { + "name": "ca-cam-spoofed-message-dos(24449)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24449" + }, + { + "name": "404", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/404" + }, + { + "name": "1015571", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015571" + }, + { + "name": "ADV-2006-0414", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0414" + }, + { + "name": "18681", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18681" + }, + { + "name": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33581", + "refsource": "MISC", + "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33581" + }, + { + "name": "20060202 CAID 33581 - CA Message Queuing Denial of Service Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/423785/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0621.json b/2006/0xxx/CVE-2006-0621.json index bddecfc1a96..89f5858ce88 100644 --- a/2006/0xxx/CVE-2006-0621.json +++ b/2006/0xxx/CVE-2006-0621.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0621", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in QNX Neutrino RTOS 6.2.0 allow local users to execute arbitrary code via a long first argument to the (1) su or (2) passwd commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0621", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060207 QNX Neutrino RTOS passwd Command Buffer Overflow", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=388" - }, - { - "name" : "20060207 QNX Neutrino RTOS su Command Buffer Overflow", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=385" - }, - { - "name" : "16539", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16539" - }, - { - "name" : "ADV-2006-0474", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0474" - }, - { - "name" : "22961", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22961" - }, - { - "name" : "22959", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22959" - }, - { - "name" : "1015599", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015599" - }, - { - "name" : "18750", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18750" - }, - { - "name" : "qnx-passwd-bo(24551)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24551" - }, - { - "name" : "qnx-su-bo(24554)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24554" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in QNX Neutrino RTOS 6.2.0 allow local users to execute arbitrary code via a long first argument to the (1) su or (2) passwd commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "qnx-su-bo(24554)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24554" + }, + { + "name": "ADV-2006-0474", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0474" + }, + { + "name": "18750", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18750" + }, + { + "name": "22961", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22961" + }, + { + "name": "22959", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22959" + }, + { + "name": "1015599", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015599" + }, + { + "name": "20060207 QNX Neutrino RTOS passwd Command Buffer Overflow", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=388" + }, + { + "name": "20060207 QNX Neutrino RTOS su Command Buffer Overflow", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=385" + }, + { + "name": "16539", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16539" + }, + { + "name": "qnx-passwd-bo(24551)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24551" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0827.json b/2006/0xxx/CVE-2006-0827.json index 2066fcfd209..240327a13a8 100644 --- a/2006/0xxx/CVE-2006-0827.json +++ b/2006/0xxx/CVE-2006-0827.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0827", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0827", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_001.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_001.pdf" - }, - { - "name" : "16727", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16727" - }, - { - "name" : "ADV-2006-0668", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0668" - }, - { - "name" : "18952", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18952" - }, - { - "name" : "xerox-workcentre-xss(24806)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24806" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0668", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0668" + }, + { + "name": "18952", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18952" + }, + { + "name": "xerox-workcentre-xss(24806)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24806" + }, + { + "name": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_001.pdf", + "refsource": "CONFIRM", + "url": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_001.pdf" + }, + { + "name": "16727", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16727" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1449.json b/2006/1xxx/CVE-2006-1449.json index 98d97f5ce39..a0c3bc1592b 100644 --- a/2006/1xxx/CVE-2006-1449.json +++ b/2006/1xxx/CVE-2006-1449.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1449", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to execute arbitrary code via a crafted MacMIME encapsulated attachment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1449", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2006-05-11", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html" - }, - { - "name" : "TA06-132A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-132A.html" - }, - { - "name" : "17951", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17951" - }, - { - "name" : "ADV-2006-1779", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1779" - }, - { - "name" : "25593", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25593" - }, - { - "name" : "1016078", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016078" - }, - { - "name" : "20077", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20077" - }, - { - "name" : "macos-mail-macmime-bo(26417)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26417" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to execute arbitrary code via a crafted MacMIME encapsulated attachment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17951", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17951" + }, + { + "name": "1016078", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016078" + }, + { + "name": "ADV-2006-1779", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1779" + }, + { + "name": "TA06-132A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html" + }, + { + "name": "APPLE-SA-2006-05-11", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html" + }, + { + "name": "25593", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25593" + }, + { + "name": "20077", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20077" + }, + { + "name": "macos-mail-macmime-bo(26417)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26417" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1700.json b/2006/1xxx/CVE-2006-1700.json index 065c08d705b..de275477552 100644 --- a/2006/1xxx/CVE-2006-1700.json +++ b/2006/1xxx/CVE-2006-1700.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1700", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buy.php in Aweb Scripts Seller uses predictable cookies for authentication based on the time and the script number, which allows remote attackers to bypass authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1700", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "17417", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17417" - }, - { - "name" : "1015878", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015878" - }, - { - "name" : "19626", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19626" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buy.php in Aweb Scripts Seller uses predictable cookies for authentication based on the time and the script number, which allows remote attackers to bypass authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015878", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015878" + }, + { + "name": "19626", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19626" + }, + { + "name": "17417", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17417" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3681.json b/2006/3xxx/CVE-2006-3681.json index 4b2badfb9ca..a0abf4be4ae 100644 --- a/2006/3xxx/CVE-2006-3681.json +++ b/2006/3xxx/CVE-2006-3681.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3681", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in awstats.pl in AWStats 6.5 build 1.857 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) refererpagesfilter, (2) refererpagesfilterex, (3) urlfilterex, (4) urlfilter, (5) hostfilter, or (6) hostfilterex parameters, a different set of vectors than CVE-2006-1945." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3681", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/04/awstats-65x-multiple-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/04/awstats-65x-multiple-vuln.html" - }, - { - "name" : "USN-360-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-360-1" - }, - { - "name" : "ADV-2006-1421", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1421" - }, - { - "name" : "19725", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19725" - }, - { - "name" : "22306", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22306" - }, - { - "name" : "awstats-multiple-xss(25879)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25879" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in awstats.pl in AWStats 6.5 build 1.857 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) refererpagesfilter, (2) refererpagesfilterex, (3) urlfilterex, (4) urlfilter, (5) hostfilter, or (6) hostfilterex parameters, a different set of vectors than CVE-2006-1945." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "awstats-multiple-xss(25879)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25879" + }, + { + "name": "http://pridels0.blogspot.com/2006/04/awstats-65x-multiple-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/04/awstats-65x-multiple-vuln.html" + }, + { + "name": "USN-360-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-360-1" + }, + { + "name": "ADV-2006-1421", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1421" + }, + { + "name": "22306", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22306" + }, + { + "name": "19725", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19725" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3968.json b/2006/3xxx/CVE-2006-3968.json index 739c677a9a6..6fea69b3dcc 100644 --- a/2006/3xxx/CVE-2006-3968.json +++ b/2006/3xxx/CVE-2006-3968.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3968", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The crypto provider in Sun Solaris 10 3/05 HW2 without patch 121236-01, when running on Sun Fire T2000 platforms, incorrectly verifies a DSA signature, which might prevent applications from detecting that the data has been modified." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3968", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "102543", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102543-1" - }, - { - "name" : "19291", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19291" - }, - { - "name" : "ADV-2006-3103", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3103" - }, - { - "name" : "1016625", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016625" - }, - { - "name" : "21279", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21279" - }, - { - "name" : "sunfire-incorrect-signature-verification(28201)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The crypto provider in Sun Solaris 10 3/05 HW2 without patch 121236-01, when running on Sun Fire T2000 platforms, incorrectly verifies a DSA signature, which might prevent applications from detecting that the data has been modified." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016625", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016625" + }, + { + "name": "sunfire-incorrect-signature-verification(28201)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28201" + }, + { + "name": "19291", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19291" + }, + { + "name": "21279", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21279" + }, + { + "name": "102543", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102543-1" + }, + { + "name": "ADV-2006-3103", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3103" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4076.json b/2006/4xxx/CVE-2006-4076.json index e81028b041d..7d293045a7f 100644 --- a/2006/4xxx/CVE-2006-4076.json +++ b/2006/4xxx/CVE-2006-4076.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4076", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer docpile: wim's edition (docpile:we) 0.2.2 allow remote attackers to execute arbitrary PHP code via a URL in the INIT_PATH parameter to (1) lib/access.inc.php, (2) lib/folders.inc.php, (3) lib/init.inc.php or (4) lib/templates.inc.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4076", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ADV-2006-3222", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3222" - }, - { - "name" : "27863", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27863" - }, - { - "name" : "27864", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27864" - }, - { - "name" : "27865", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27865" - }, - { - "name" : "27866", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27866" - }, - { - "name" : "21412", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21412" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer docpile: wim's edition (docpile:we) 0.2.2 allow remote attackers to execute arbitrary PHP code via a URL in the INIT_PATH parameter to (1) lib/access.inc.php, (2) lib/folders.inc.php, (3) lib/init.inc.php or (4) lib/templates.inc.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27864", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27864" + }, + { + "name": "ADV-2006-3222", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3222" + }, + { + "name": "27865", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27865" + }, + { + "name": "27866", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27866" + }, + { + "name": "27863", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27863" + }, + { + "name": "21412", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21412" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4118.json b/2006/4xxx/CVE-2006-4118.json index 2427f306846..4d4f1bc7d0c 100644 --- a/2006/4xxx/CVE-2006-4118.json +++ b/2006/4xxx/CVE-2006-4118.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4118", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in GeheimChaos 0.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Temp_entered_login or (2) Temp_entered_email parameters to (a) gc.php, and in multiple parameters in (b) include/registrieren.php, possibly involving the (3) $form_email, (4) $form_vorname, (5) $form_nachname, (6) $form_strasse, (7) $form_plzort, (8) $form_land, (9) $form_homepage, (10) $form_bildpfad, (11) $form_profilsichtbar, (12) $Temp_sprache, (13) $form_tag, (14) $form_monat, (15) $form_jahr, (16) $Temp_akt_string, (17) $form_icq, (18) $form_msn, (19) $form_yahoo, (20) $form_username, and (21) $Temp_form_pass variables." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4118", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060803 GeheimChaos <= 0.5 Multiple SQL Injection Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/442209/100/100/threaded" - }, - { - "name" : "20060803 GeheimChaos <= 0.5 Multiple SQL Injection", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=115464299914573&w=2" - }, - { - "name" : "19342", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19342" - }, - { - "name" : "ADV-2006-3154", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3154" - }, - { - "name" : "21355", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21355" - }, - { - "name" : "1376", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1376" - }, - { - "name" : "geheimchaos-gc-registieren-sql-injection(28221)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28221" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in GeheimChaos 0.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Temp_entered_login or (2) Temp_entered_email parameters to (a) gc.php, and in multiple parameters in (b) include/registrieren.php, possibly involving the (3) $form_email, (4) $form_vorname, (5) $form_nachname, (6) $form_strasse, (7) $form_plzort, (8) $form_land, (9) $form_homepage, (10) $form_bildpfad, (11) $form_profilsichtbar, (12) $Temp_sprache, (13) $form_tag, (14) $form_monat, (15) $form_jahr, (16) $Temp_akt_string, (17) $form_icq, (18) $form_msn, (19) $form_yahoo, (20) $form_username, and (21) $Temp_form_pass variables." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21355", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21355" + }, + { + "name": "19342", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19342" + }, + { + "name": "20060803 GeheimChaos <= 0.5 Multiple SQL Injection Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/442209/100/100/threaded" + }, + { + "name": "1376", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1376" + }, + { + "name": "geheimchaos-gc-registieren-sql-injection(28221)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28221" + }, + { + "name": "ADV-2006-3154", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3154" + }, + { + "name": "20060803 GeheimChaos <= 0.5 Multiple SQL Injection", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=115464299914573&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4458.json b/2006/4xxx/CVE-2006-4458.json index 956ed9a2bbe..c3a15a4b71c 100644 --- a/2006/4xxx/CVE-2006-4458.json +++ b/2006/4xxx/CVE-2006-4458.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4458", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in calendar/inc/class.holidaycalc.inc.php in phpGroupWare 0.9.16.010 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) sequence and trailing null (%00) byte in the GLOBALS[phpgw_info][user][preferences][common][country] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4458", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2270", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2270" - }, - { - "name" : "19751", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19751" - }, - { - "name" : "ADV-2006-3414", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3414" - }, - { - "name" : "21687", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21687" - }, - { - "name" : "phpgroupware-class-file-include(28627)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28627" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in calendar/inc/class.holidaycalc.inc.php in phpGroupWare 0.9.16.010 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) sequence and trailing null (%00) byte in the GLOBALS[phpgw_info][user][preferences][common][country] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19751", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19751" + }, + { + "name": "ADV-2006-3414", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3414" + }, + { + "name": "2270", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2270" + }, + { + "name": "phpgroupware-class-file-include(28627)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28627" + }, + { + "name": "21687", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21687" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4557.json b/2006/4xxx/CVE-2006-4557.json index a7a81829e60..858313876e7 100644 --- a/2006/4xxx/CVE-2006-4557.json +++ b/2006/4xxx/CVE-2006-4557.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4557", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** PHP remote file inclusion vulnerability in plugins/plugins.php in Bob Jewell Discloser 0.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the type parameter. NOTE: another researcher has stated that an attacker cannot control the type parameter. As of 20060901, CVE analysis concurs with the dispute." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4557", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060816 discloser 0.0.4 Remote File Inclusion (with Exploit)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/443466/100/200/threaded" - }, - { - "name" : "20060817 Re: Re: discloser 0.0.4 Remote File Inclusion (with Exploit)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/443710/100/100/threaded" - }, - { - "name" : "20060817 Re: discloser 0.0.4 Remote File Inclusion (with Exploit)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/443522/100/200/threaded" - }, - { - "name" : "20060819 Re: discloser 0.0.4 Remote File Inclusion (with Exploit)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444074/100/100/threaded" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** PHP remote file inclusion vulnerability in plugins/plugins.php in Bob Jewell Discloser 0.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the type parameter. NOTE: another researcher has stated that an attacker cannot control the type parameter. As of 20060901, CVE analysis concurs with the dispute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060817 Re: discloser 0.0.4 Remote File Inclusion (with Exploit)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/443522/100/200/threaded" + }, + { + "name": "20060816 discloser 0.0.4 Remote File Inclusion (with Exploit)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/443466/100/200/threaded" + }, + { + "name": "20060817 Re: Re: discloser 0.0.4 Remote File Inclusion (with Exploit)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/443710/100/100/threaded" + }, + { + "name": "20060819 Re: discloser 0.0.4 Remote File Inclusion (with Exploit)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444074/100/100/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2527.json b/2010/2xxx/CVE-2010-2527.json index 598feba5e84..d7053a5f1c1 100644 --- a/2010/2xxx/CVE-2010-2527.json +++ b/2010/2xxx/CVE-2010-2527.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2527", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in demo programs in FreeType before 2.4.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2527", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[freetype] 20100712 FreeType 2.4.0 has been released", - "refsource" : "MLIST", - "url" : "http://lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html" - }, - { - "name" : "[oss-security] 20100714 Re: Multiple bugs in freetype", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127912955808467&w=2" - }, - { - "name" : "http://git.savannah.gnu.org/cgit/freetype/freetype2-demos.git/commit/?id=b995299b73ba4cd259f221f500d4e63095508bec", - "refsource" : "CONFIRM", - "url" : "http://git.savannah.gnu.org/cgit/freetype/freetype2-demos.git/commit/?id=b995299b73ba4cd259f221f500d4e63095508bec" - }, - { - "name" : "http://savannah.nongnu.org/bugs/?30054", - "refsource" : "CONFIRM", - "url" : "http://savannah.nongnu.org/bugs/?30054" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=614557", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=614557" - }, - { - "name" : "DSA-2070", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2070" - }, - { - "name" : "RHSA-2010:0577", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0577.html" - }, - { - "name" : "RHSA-2010:0578", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0578.html" - }, - { - "name" : "USN-963-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-963-1" - }, - { - "name" : "1024266", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024266" - }, - { - "name" : "48951", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48951" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in demo programs in FreeType before 2.4.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-963-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-963-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=614557", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=614557" + }, + { + "name": "[freetype] 20100712 FreeType 2.4.0 has been released", + "refsource": "MLIST", + "url": "http://lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html" + }, + { + "name": "DSA-2070", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2070" + }, + { + "name": "http://git.savannah.gnu.org/cgit/freetype/freetype2-demos.git/commit/?id=b995299b73ba4cd259f221f500d4e63095508bec", + "refsource": "CONFIRM", + "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2-demos.git/commit/?id=b995299b73ba4cd259f221f500d4e63095508bec" + }, + { + "name": "1024266", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024266" + }, + { + "name": "[oss-security] 20100714 Re: Multiple bugs in freetype", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127912955808467&w=2" + }, + { + "name": "RHSA-2010:0578", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0578.html" + }, + { + "name": "RHSA-2010:0577", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0577.html" + }, + { + "name": "http://savannah.nongnu.org/bugs/?30054", + "refsource": "CONFIRM", + "url": "http://savannah.nongnu.org/bugs/?30054" + }, + { + "name": "48951", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48951" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2551.json b/2010/2xxx/CVE-2010-2551.json index 6447ac4073b..80789c2593b 100644 --- a/2010/2xxx/CVE-2010-2551.json +++ b/2010/2xxx/CVE-2010-2551.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2551", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 packet, aka \"SMB Variable Validation Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-2551", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-054", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-054" - }, - { - "name" : "TA10-222A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-222A.html" - }, - { - "name" : "oval:org.mitre.oval:def:12015", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12015" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 packet, aka \"SMB Variable Validation Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-222A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html" + }, + { + "name": "MS10-054", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-054" + }, + { + "name": "oval:org.mitre.oval:def:12015", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12015" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3085.json b/2010/3xxx/CVE-2010-3085.json index c043f6beb50..259f34f70c8 100644 --- a/2010/3xxx/CVE-2010-3085.json +++ b/2010/3xxx/CVE-2010-3085.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3085", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The network-play implementation in Mednafen before 0.8.D might allow remote servers to execute arbitrary code via unspecified vectors, related to \"stack manipulation\" issues." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3085", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100909 CVE request: mednafen stack manipulation", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/09/8" - }, - { - "name" : "[oss-security] 20100910 Re: CVE request: mednafen stack manipulation", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/11/3" - }, - { - "name" : "http://sourceforge.net/news/?group_id=150840&id=287363", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/news/?group_id=150840&id=287363" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The network-play implementation in Mednafen before 0.8.D might allow remote servers to execute arbitrary code via unspecified vectors, related to \"stack manipulation\" issues." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20100910 Re: CVE request: mednafen stack manipulation", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/11/3" + }, + { + "name": "[oss-security] 20100909 CVE request: mednafen stack manipulation", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/09/8" + }, + { + "name": "http://sourceforge.net/news/?group_id=150840&id=287363", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/news/?group_id=150840&id=287363" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3120.json b/2010/3xxx/CVE-2010-3120.json index ca390ecec29..01080160288 100644 --- a/2010/3xxx/CVE-2010-3120.json +++ b/2010/3xxx/CVE-2010-3120.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3120", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 5.0.375.127 does not properly implement the Geolocation feature, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3120", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=51670", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=51670" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html" - }, - { - "name" : "oval:org.mitre.oval:def:11865", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11865" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 5.0.375.127 does not properly implement the Geolocation feature, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=51670", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=51670" + }, + { + "name": "oval:org.mitre.oval:def:11865", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11865" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3132.json b/2010/3xxx/CVE-2010-3132.json index 712b105b728..f69af40ecf4 100644 --- a/2010/3xxx/CVE-2010-3132.json +++ b/2010/3xxx/CVE-2010-3132.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3132", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 build 4916, build 4909, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc90loc.dll or (2) dwmapi.dll that is located in the same folder as a CSS, PHP, ASP, or other file that automatically launches Dreamweaver." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3132", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14740", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14740" - }, - { - "name" : "oval:org.mitre.oval:def:12035", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12035" - }, - { - "name" : "41110", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41110" - }, - { - "name" : "ADV-2010-2171", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2171" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 build 4916, build 4909, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc90loc.dll or (2) dwmapi.dll that is located in the same folder as a CSS, PHP, ASP, or other file that automatically launches Dreamweaver." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-2171", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2171" + }, + { + "name": "41110", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41110" + }, + { + "name": "14740", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14740" + }, + { + "name": "oval:org.mitre.oval:def:12035", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12035" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3451.json b/2010/3xxx/CVE-2010-3451.json index 4d8ded77482..c0ac736dd05 100644 --- a/2010/3xxx/CVE-2010-3451.json +++ b/2010/3xxx/CVE-2010-3451.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3451", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via malformed tables in an RTF document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3451", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cs.brown.edu/people/drosenbe/research.html", - "refsource" : "MISC", - "url" : "http://www.cs.brown.edu/people/drosenbe/research.html" - }, - { - "name" : "http://www.vsecurity.com/resources/advisory/20110126-1", - "refsource" : "MISC", - "url" : "http://www.vsecurity.com/resources/advisory/20110126-1" - }, - { - "name" : "http://www.openoffice.org/security/cves/CVE-2010-3451_CVE-2010-3452.html", - "refsource" : "CONFIRM", - "url" : "http://www.openoffice.org/security/cves/CVE-2010-3451_CVE-2010-3452.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=641282", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=641282" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" - }, - { - "name" : "DSA-2151", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2151" - }, - { - "name" : "GLSA-201408-19", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml" - }, - { - "name" : "MDVSA-2011:027", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:027" - }, - { - "name" : "RHSA-2011:0181", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0181.html" - }, - { - "name" : "RHSA-2011:0182", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0182.html" - }, - { - "name" : "USN-1056-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1056-1" - }, - { - "name" : "46031", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46031" - }, - { - "name" : "70712", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70712" - }, - { - "name" : "1025002", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025002" - }, - { - "name" : "43065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43065" - }, - { - "name" : "42999", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42999" - }, - { - "name" : "43105", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43105" - }, - { - "name" : "43118", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43118" - }, - { - "name" : "60799", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60799" - }, - { - "name" : "40775", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40775" - }, - { - "name" : "ADV-2011-0230", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0230" - }, - { - "name" : "ADV-2011-0232", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0232" - }, - { - "name" : "ADV-2011-0279", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0279" - }, - { - "name" : "ooo-rtf-ce(65030)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65030" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via malformed tables in an RTF document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40775", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40775" + }, + { + "name": "46031", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46031" + }, + { + "name": "DSA-2151", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2151" + }, + { + "name": "60799", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60799" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" + }, + { + "name": "GLSA-201408-19", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml" + }, + { + "name": "43118", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43118" + }, + { + "name": "43065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43065" + }, + { + "name": "ADV-2011-0230", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0230" + }, + { + "name": "70712", + "refsource": "OSVDB", + "url": "http://osvdb.org/70712" + }, + { + "name": "ooo-rtf-ce(65030)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65030" + }, + { + "name": "1025002", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025002" + }, + { + "name": "http://www.openoffice.org/security/cves/CVE-2010-3451_CVE-2010-3452.html", + "refsource": "CONFIRM", + "url": "http://www.openoffice.org/security/cves/CVE-2010-3451_CVE-2010-3452.html" + }, + { + "name": "ADV-2011-0232", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0232" + }, + { + "name": "RHSA-2011:0182", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0182.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=641282", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=641282" + }, + { + "name": "USN-1056-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1056-1" + }, + { + "name": "RHSA-2011:0181", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0181.html" + }, + { + "name": "ADV-2011-0279", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0279" + }, + { + "name": "43105", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43105" + }, + { + "name": "MDVSA-2011:027", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:027" + }, + { + "name": "http://www.vsecurity.com/resources/advisory/20110126-1", + "refsource": "MISC", + "url": "http://www.vsecurity.com/resources/advisory/20110126-1" + }, + { + "name": "http://www.cs.brown.edu/people/drosenbe/research.html", + "refsource": "MISC", + "url": "http://www.cs.brown.edu/people/drosenbe/research.html" + }, + { + "name": "42999", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42999" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3681.json b/2010/3xxx/CVE-2010-3681.json index 6848a87d2b3..fbc23469712 100644 --- a/2010/3xxx/CVE-2010-3681.json +++ b/2010/3xxx/CVE-2010-3681.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3681", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing \"alternate reads from two indexes on a table,\" which triggers an assertion failure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3681", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100928 Re: CVE Request -- MySQL v5.1.49 -- multiple DoS flaws", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/28/10" - }, - { - "name" : "http://bugs.mysql.com/bug.php?id=54007", - "refsource" : "CONFIRM", - "url" : "http://bugs.mysql.com/bug.php?id=54007" - }, - { - "name" : "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html", - "refsource" : "CONFIRM", - "url" : "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html" - }, - { - "name" : "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-5.html", - "refsource" : "CONFIRM", - "url" : "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-5.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=628680", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=628680" - }, - { - "name" : "DSA-2143", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2143" - }, - { - "name" : "MDVSA-2010:155", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:155" - }, - { - "name" : "MDVSA-2010:222", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:222" - }, - { - "name" : "MDVSA-2011:012", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:012" - }, - { - "name" : "RHSA-2010:0824", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0824.html" - }, - { - "name" : "RHSA-2010:0825", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0825.html" - }, - { - "name" : "RHSA-2011:0164", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0164.html" - }, - { - "name" : "SUSE-SR:2010:019", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" - }, - { - "name" : "SUSE-SR:2010:021", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html" - }, - { - "name" : "TLSA-2011-3", - "refsource" : "TURBO", - "url" : "http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt" - }, - { - "name" : "USN-1017-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1017-1" - }, - { - "name" : "USN-1397-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1397-1" - }, - { - "name" : "42633", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42633" - }, - { - "name" : "42875", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42875" - }, - { - "name" : "42936", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42936" - }, - { - "name" : "ADV-2011-0105", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0105" - }, - { - "name" : "ADV-2011-0133", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0133" - }, - { - "name" : "ADV-2011-0170", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0170" - }, - { - "name" : "ADV-2011-0345", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0345" - }, - { - "name" : "mysql-handler-interface-dos(64685)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64685" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing \"alternate reads from two indexes on a table,\" which triggers an assertion failure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=628680", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=628680" + }, + { + "name": "USN-1397-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1397-1" + }, + { + "name": "42875", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42875" + }, + { + "name": "RHSA-2010:0824", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0824.html" + }, + { + "name": "USN-1017-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1017-1" + }, + { + "name": "TLSA-2011-3", + "refsource": "TURBO", + "url": "http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt" + }, + { + "name": "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-5.html", + "refsource": "CONFIRM", + "url": "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-5.html" + }, + { + "name": "MDVSA-2011:012", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:012" + }, + { + "name": "mysql-handler-interface-dos(64685)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64685" + }, + { + "name": "ADV-2011-0105", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0105" + }, + { + "name": "MDVSA-2010:222", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:222" + }, + { + "name": "RHSA-2011:0164", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0164.html" + }, + { + "name": "ADV-2011-0170", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0170" + }, + { + "name": "ADV-2011-0133", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0133" + }, + { + "name": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html", + "refsource": "CONFIRM", + "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html" + }, + { + "name": "http://bugs.mysql.com/bug.php?id=54007", + "refsource": "CONFIRM", + "url": "http://bugs.mysql.com/bug.php?id=54007" + }, + { + "name": "DSA-2143", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2143" + }, + { + "name": "ADV-2011-0345", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0345" + }, + { + "name": "MDVSA-2010:155", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:155" + }, + { + "name": "42936", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42936" + }, + { + "name": "SUSE-SR:2010:021", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html" + }, + { + "name": "RHSA-2010:0825", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0825.html" + }, + { + "name": "SUSE-SR:2010:019", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" + }, + { + "name": "42633", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42633" + }, + { + "name": "[oss-security] 20100928 Re: CVE Request -- MySQL v5.1.49 -- multiple DoS flaws", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/28/10" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4674.json b/2010/4xxx/CVE-2010-4674.json index 3254b304b74..a8a1f30759a 100644 --- a/2010/4xxx/CVE-2010-4674.json +++ b/2010/4xxx/CVE-2010-4674.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4674", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(4) and earlier allows remote attackers to cause a denial of service (block exhaustion) via multicast traffic, aka Bug ID CSCtg63992." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4674", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf" - }, - { - "name" : "45766", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45766" - }, - { - "name" : "1024963", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024963" - }, - { - "name" : "42942", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42942" - }, - { - "name" : "asa-multicast-dos(64600)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64600" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(4) and earlier allows remote attackers to cause a denial of service (block exhaustion) via multicast traffic, aka Bug ID CSCtg63992." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45766", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45766" + }, + { + "name": "1024963", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024963" + }, + { + "name": "asa-multicast-dos(64600)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64600" + }, + { + "name": "http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf" + }, + { + "name": "42942", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42942" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4710.json b/2010/4xxx/CVE-2010-4710.json index 07ad2425d32..48860c885de 100644 --- a/2010/4xxx/CVE-2010-4710.json +++ b/2010/4xxx/CVE-2010-4710.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4710", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the addItem method in the Menu widget in YUI before 2.9.0 allows remote attackers to inject arbitrary web script or HTML via a field that is added to a menu, related to documentation that specifies this field as a text field rather than an HTML field, a similar issue to CVE-2010-4569 and CVE-2010-4570." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4710", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://yuilibrary.com/forum/viewtopic.php?p=12923", - "refsource" : "MISC", - "url" : "http://yuilibrary.com/forum/viewtopic.php?p=12923" - }, - { - "name" : "http://yuilibrary.com/projects/yui2/ticket/2529228", - "refsource" : "MISC", - "url" : "http://yuilibrary.com/projects/yui2/ticket/2529228" - }, - { - "name" : "http://yuilibrary.com/projects/yui2/ticket/2529231", - "refsource" : "CONFIRM", - "url" : "http://yuilibrary.com/projects/yui2/ticket/2529231" - }, - { - "name" : "yui-additem-xss(65180)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65180" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the addItem method in the Menu widget in YUI before 2.9.0 allows remote attackers to inject arbitrary web script or HTML via a field that is added to a menu, related to documentation that specifies this field as a text field rather than an HTML field, a similar issue to CVE-2010-4569 and CVE-2010-4570." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://yuilibrary.com/projects/yui2/ticket/2529231", + "refsource": "CONFIRM", + "url": "http://yuilibrary.com/projects/yui2/ticket/2529231" + }, + { + "name": "http://yuilibrary.com/projects/yui2/ticket/2529228", + "refsource": "MISC", + "url": "http://yuilibrary.com/projects/yui2/ticket/2529228" + }, + { + "name": "yui-additem-xss(65180)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65180" + }, + { + "name": "http://yuilibrary.com/forum/viewtopic.php?p=12923", + "refsource": "MISC", + "url": "http://yuilibrary.com/forum/viewtopic.php?p=12923" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0598.json b/2011/0xxx/CVE-2011-0598.json index 3cb5226697b..c1f3ae3b6b5 100644 --- a/2011/0xxx/CVE-2011-0598.json +++ b/2011/0xxx/CVE-2011-0598.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0598", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in ACE.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code via crafted ICC data, a different vulnerability than CVE-2011-0596, CVE-2011-0599, and CVE-2011-0602." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-0598", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110208 ZDI-11-073: Adobe Reader ICC Parsing Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516315/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-073/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-073/" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-03.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-03.html" - }, - { - "name" : "RHSA-2011:0301", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0301.html" - }, - { - "name" : "46219", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46219" - }, - { - "name" : "oval:org.mitre.oval:def:12081", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12081" - }, - { - "name" : "1025033", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025033" - }, - { - "name" : "43470", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43470" - }, - { - "name" : "ADV-2011-0337", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0337" - }, - { - "name" : "ADV-2011-0492", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0492" - }, - { - "name" : "adobe-reader-ace-bo(65302)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65302" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in ACE.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code via crafted ICC data, a different vulnerability than CVE-2011-0596, CVE-2011-0599, and CVE-2011-0602." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0492", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0492" + }, + { + "name": "43470", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43470" + }, + { + "name": "adobe-reader-ace-bo(65302)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65302" + }, + { + "name": "RHSA-2011:0301", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0301.html" + }, + { + "name": "20110208 ZDI-11-073: Adobe Reader ICC Parsing Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516315/100/0/threaded" + }, + { + "name": "ADV-2011-0337", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0337" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-073/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-073/" + }, + { + "name": "1025033", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025033" + }, + { + "name": "oval:org.mitre.oval:def:12081", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12081" + }, + { + "name": "46219", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46219" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-03.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-03.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1104.json b/2011/1xxx/CVE-2011-1104.json index 4c6680cfb04..92299c259f5 100644 --- a/2011/1xxx/CVE-2011-1104.json +++ b/2011/1xxx/CVE-2011-1104.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Mutare EVM allow remote attackers to hijack the authentication of arbitrary users for requests that (1) change a PIN, (2) delete messages, (3) add a delivery address, or (4) change a delivery address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#136612", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/136612" - }, - { - "name" : "46537", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46537" - }, - { - "name" : "43483", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43483" - }, - { - "name" : "ADV-2011-0476", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0476" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Mutare EVM allow remote attackers to hijack the authentication of arbitrary users for requests that (1) change a PIN, (2) delete messages, (3) add a delivery address, or (4) change a delivery address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#136612", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/136612" + }, + { + "name": "46537", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46537" + }, + { + "name": "ADV-2011-0476", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0476" + }, + { + "name": "43483", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43483" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1126.json b/2011/1xxx/CVE-2011-1126.json index a52837d8946..07b1410e645 100644 --- a/2011/1xxx/CVE-2011-1126.json +++ b/2011/1xxx/CVE-2011-1126.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1126", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VMware vmrun, as used in VIX API 1.x before 1.10.3 and VMware Workstation 6.5.x and 7.x before 7.1.4 build 385536 on Linux, might allow local users to gain privileges via a Trojan horse shared library in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1126", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110330 VMSA-2011-0006 VMware vmrun utility local privilege escalation", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/517240/100/0/threaded" - }, - { - "name" : "[security-announce] 20110330 UPDATED VMSA-2011-0006.1 VMware vmrun utility local privilege escalation", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2011/000131.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0006.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0006.html" - }, - { - "name" : "47094", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47094" - }, - { - "name" : "1025270", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025270" - }, - { - "name" : "43885", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43885" - }, - { - "name" : "43943", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43943" - }, - { - "name" : "8173", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8173" - }, - { - "name" : "ADV-2011-0816", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0816" - }, - { - "name" : "vmware-vmrun-privilege-escalation(66472)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66472" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VMware vmrun, as used in VIX API 1.x before 1.10.3 and VMware Workstation 6.5.x and 7.x before 7.1.4 build 385536 on Linux, might allow local users to gain privileges via a Trojan horse shared library in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1025270", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025270" + }, + { + "name": "43885", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43885" + }, + { + "name": "ADV-2011-0816", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0816" + }, + { + "name": "vmware-vmrun-privilege-escalation(66472)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66472" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0006.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0006.html" + }, + { + "name": "[security-announce] 20110330 UPDATED VMSA-2011-0006.1 VMware vmrun utility local privilege escalation", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2011/000131.html" + }, + { + "name": "20110330 VMSA-2011-0006 VMware vmrun utility local privilege escalation", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/517240/100/0/threaded" + }, + { + "name": "43943", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43943" + }, + { + "name": "47094", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47094" + }, + { + "name": "8173", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8173" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1479.json b/2011/1xxx/CVE-2011-1479.json index f43aea70444..f951e504b9a 100644 --- a/2011/1xxx/CVE-2011-1479.json +++ b/2011/1xxx/CVE-2011-1479.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1479", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in the inotify subsystem in the Linux kernel before 2.6.39 allows local users to cause a denial of service (system crash) via vectors involving failed attempts to create files. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-4250." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1479", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110411 Re: CVE request: kernel: inotify memory leak", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/04/11/1" - }, - { - "name" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39", - "refsource" : "CONFIRM", - "url" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d0de4dc584ec6aa3b26fffea320a8457827768fc", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d0de4dc584ec6aa3b26fffea320a8457827768fc" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=691793", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=691793" - }, - { - "name" : "https://github.com/torvalds/linux/commit/d0de4dc584ec6aa3b26fffea320a8457827768fc", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/d0de4dc584ec6aa3b26fffea320a8457827768fc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in the inotify subsystem in the Linux kernel before 2.6.39 allows local users to cause a denial of service (system crash) via vectors involving failed attempts to create files. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-4250." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110411 Re: CVE request: kernel: inotify memory leak", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/04/11/1" + }, + { + "name": "https://github.com/torvalds/linux/commit/d0de4dc584ec6aa3b26fffea320a8457827768fc", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/d0de4dc584ec6aa3b26fffea320a8457827768fc" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d0de4dc584ec6aa3b26fffea320a8457827768fc", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d0de4dc584ec6aa3b26fffea320a8457827768fc" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=691793", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=691793" + }, + { + "name": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39", + "refsource": "CONFIRM", + "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1752.json b/2011/1xxx/CVE-2011-1752.json index e9db9ff8b0d..39adec0c579 100644 --- a/2011/1xxx/CVE-2011-1752.json +++ b/2011/1xxx/CVE-2011-1752.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1752", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1752", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://subversion.apache.org/security/CVE-2011-1752-advisory.txt", - "refsource" : "CONFIRM", - "url" : "http://subversion.apache.org/security/CVE-2011-1752-advisory.txt" - }, - { - "name" : "http://svn.apache.org/repos/asf/subversion/tags/1.6.17/CHANGES", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/repos/asf/subversion/tags/1.6.17/CHANGES" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=709111", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=709111" - }, - { - "name" : "http://support.apple.com/kb/HT5130", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5130" - }, - { - "name" : "APPLE-SA-2012-02-01-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" - }, - { - "name" : "DSA-2251", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2251" - }, - { - "name" : "FEDORA-2011-8341", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062211.html" - }, - { - "name" : "FEDORA-2011-8352", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061913.html" - }, - { - "name" : "MDVSA-2011:106", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:106" - }, - { - "name" : "RHSA-2011:0861", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0861.html" - }, - { - "name" : "RHSA-2011:0862", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0862.html" - }, - { - "name" : "USN-1144-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1144-1" - }, - { - "name" : "48091", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48091" - }, - { - "name" : "oval:org.mitre.oval:def:18922", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18922" - }, - { - "name" : "1025617", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025617" - }, - { - "name" : "44633", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44633" - }, - { - "name" : "44681", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44681" - }, - { - "name" : "45162", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45162" - }, - { - "name" : "44849", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44849" - }, - { - "name" : "44879", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44879" - }, - { - "name" : "44888", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44888" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2251", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2251" + }, + { + "name": "USN-1144-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1144-1" + }, + { + "name": "http://support.apple.com/kb/HT5130", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5130" + }, + { + "name": "MDVSA-2011:106", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:106" + }, + { + "name": "44849", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44849" + }, + { + "name": "RHSA-2011:0862", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0862.html" + }, + { + "name": "FEDORA-2011-8341", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062211.html" + }, + { + "name": "44888", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44888" + }, + { + "name": "APPLE-SA-2012-02-01-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" + }, + { + "name": "45162", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45162" + }, + { + "name": "44681", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44681" + }, + { + "name": "http://subversion.apache.org/security/CVE-2011-1752-advisory.txt", + "refsource": "CONFIRM", + "url": "http://subversion.apache.org/security/CVE-2011-1752-advisory.txt" + }, + { + "name": "44879", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44879" + }, + { + "name": "48091", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48091" + }, + { + "name": "FEDORA-2011-8352", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061913.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=709111", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709111" + }, + { + "name": "44633", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44633" + }, + { + "name": "oval:org.mitre.oval:def:18922", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18922" + }, + { + "name": "1025617", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025617" + }, + { + "name": "http://svn.apache.org/repos/asf/subversion/tags/1.6.17/CHANGES", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/repos/asf/subversion/tags/1.6.17/CHANGES" + }, + { + "name": "RHSA-2011:0861", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0861.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5069.json b/2011/5xxx/CVE-2011-5069.json index 67f20550fca..65935f24bc0 100644 --- a/2011/5xxx/CVE-2011-5069.json +++ b/2011/5xxx/CVE-2011-5069.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5069", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in incident_attachments.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in unspecified directory, a different program than CVE-2011-3833." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5069", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#576355", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/576355" - }, - { - "name" : "50896", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50896" - }, - { - "name" : "77653", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/77653" - }, - { - "name" : "45437", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45437" - }, - { - "name" : "sit-multiple-file-upload(71651)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71651" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in incident_attachments.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in unspecified directory, a different program than CVE-2011-3833." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sit-multiple-file-upload(71651)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71651" + }, + { + "name": "VU#576355", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/576355" + }, + { + "name": "45437", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45437" + }, + { + "name": "50896", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50896" + }, + { + "name": "77653", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/77653" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5310.json b/2011/5xxx/CVE-2011-5310.json index 0ecbc72d6d7..7fcf0d19025 100644 --- a/2011/5xxx/CVE-2011-5310.json +++ b/2011/5xxx/CVE-2011-5310.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5310", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in pages.php in Wikipad 1.6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5310", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.htbridge.com/advisory/HTB22826", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB22826" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in pages.php in Wikipad 1.6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.htbridge.com/advisory/HTB22826", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB22826" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3106.json b/2014/3xxx/CVE-2014-3106.json index 7a39eb9ade1..f7ecd43eab7 100644 --- a/2014/3xxx/CVE-2014-3106.json +++ b/2014/3xxx/CVE-2014-3106.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3106", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not properly implement the Local Access Only protection mechanism, which allows remote attackers to bypass authentication and read files via the Help Server Administration feature." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-3106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682950", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682950" - }, - { - "name" : "ibm-clearquest-cve20143106-local(94313)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94313" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not properly implement the Local Access Only protection mechanism, which allows remote attackers to bypass authentication and read files via the Help Server Administration feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682950", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682950" + }, + { + "name": "ibm-clearquest-cve20143106-local(94313)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94313" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3120.json b/2014/3xxx/CVE-2014-3120.json index 23601cc7399..d389d66cae3 100644 --- a/2014/3xxx/CVE-2014-3120.json +++ b/2014/3xxx/CVE-2014-3120.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3120", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3120", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "33370", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/33370" - }, - { - "name" : "http://bouk.co/blog/elasticsearch-rce/", - "refsource" : "MISC", - "url" : "http://bouk.co/blog/elasticsearch-rce/" - }, - { - "name" : "http://www.rapid7.com/db/modules/exploit/multi/elasticsearch/script_mvel_rce", - "refsource" : "MISC", - "url" : "http://www.rapid7.com/db/modules/exploit/multi/elasticsearch/script_mvel_rce" - }, - { - "name" : "https://www.found.no/foundation/elasticsearch-security/#staying-safe-while-developing-with-elasticsearch", - "refsource" : "MISC", - "url" : "https://www.found.no/foundation/elasticsearch-security/#staying-safe-while-developing-with-elasticsearch" - }, - { - "name" : "https://www.elastic.co/blog/logstash-1-4-3-released", - "refsource" : "CONFIRM", - "url" : "https://www.elastic.co/blog/logstash-1-4-3-released" - }, - { - "name" : "https://www.elastic.co/community/security/", - "refsource" : "CONFIRM", - "url" : "https://www.elastic.co/community/security/" - }, - { - "name" : "67731", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67731" - }, - { - "name" : "106949", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/106949" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.elastic.co/blog/logstash-1-4-3-released", + "refsource": "CONFIRM", + "url": "https://www.elastic.co/blog/logstash-1-4-3-released" + }, + { + "name": "33370", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/33370" + }, + { + "name": "67731", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67731" + }, + { + "name": "106949", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/106949" + }, + { + "name": "http://bouk.co/blog/elasticsearch-rce/", + "refsource": "MISC", + "url": "http://bouk.co/blog/elasticsearch-rce/" + }, + { + "name": "http://www.rapid7.com/db/modules/exploit/multi/elasticsearch/script_mvel_rce", + "refsource": "MISC", + "url": "http://www.rapid7.com/db/modules/exploit/multi/elasticsearch/script_mvel_rce" + }, + { + "name": "https://www.found.no/foundation/elasticsearch-security/#staying-safe-while-developing-with-elasticsearch", + "refsource": "MISC", + "url": "https://www.found.no/foundation/elasticsearch-security/#staying-safe-while-developing-with-elasticsearch" + }, + { + "name": "https://www.elastic.co/community/security/", + "refsource": "CONFIRM", + "url": "https://www.elastic.co/community/security/" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3544.json b/2014/3xxx/CVE-2014-3544.json index 26c5fa2e7d6..64b5fe60619 100644 --- a/2014/3xxx/CVE-2014-3544.json +++ b/2014/3xxx/CVE-2014-3544.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3544", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via the Skype ID profile field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3544", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "34169", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/34169" - }, - { - "name" : "[oss-security] 20140721 Moodle security notifications public", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/07/21/1" - }, - { - "name" : "http://osandamalith.wordpress.com/2014/07/25/moodle-2-7-persistent-xss/", - "refsource" : "MISC", - "url" : "http://osandamalith.wordpress.com/2014/07/25/moodle-2-7-persistent-xss/" - }, - { - "name" : "http://packetstormsecurity.com/files/127624/Moodle-2.7-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127624/Moodle-2.7-Cross-Site-Scripting.html" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45683", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45683" - }, - { - "name" : "https://github.com/moodle/moodle/commit/ce5a785b0962c3c94c7a7b0d36176482d21db95d", - "refsource" : "CONFIRM", - "url" : "https://github.com/moodle/moodle/commit/ce5a785b0962c3c94c7a7b0d36176482d21db95d" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=264265", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=264265" - }, - { - "name" : "68756", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68756" - }, - { - "name" : "109337", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/109337" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via the Skype ID profile field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140721 Moodle security notifications public", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/07/21/1" + }, + { + "name": "http://osandamalith.wordpress.com/2014/07/25/moodle-2-7-persistent-xss/", + "refsource": "MISC", + "url": "http://osandamalith.wordpress.com/2014/07/25/moodle-2-7-persistent-xss/" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45683", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45683" + }, + { + "name": "http://packetstormsecurity.com/files/127624/Moodle-2.7-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127624/Moodle-2.7-Cross-Site-Scripting.html" + }, + { + "name": "34169", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/34169" + }, + { + "name": "109337", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/109337" + }, + { + "name": "68756", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68756" + }, + { + "name": "https://github.com/moodle/moodle/commit/ce5a785b0962c3c94c7a7b0d36176482d21db95d", + "refsource": "CONFIRM", + "url": "https://github.com/moodle/moodle/commit/ce5a785b0962c3c94c7a7b0d36176482d21db95d" + }, + { + "name": "https://moodle.org/mod/forum/discuss.php?d=264265", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=264265" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3785.json b/2014/3xxx/CVE-2014-3785.json index 8cf9b94262e..fd71e9869fd 100644 --- a/2014/3xxx/CVE-2014-3785.json +++ b/2014/3xxx/CVE-2014-3785.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3785", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3785", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6970.json b/2014/6xxx/CVE-2014-6970.json index 328c0caf3b4..be8f630451d 100644 --- a/2014/6xxx/CVE-2014-6970.json +++ b/2014/6xxx/CVE-2014-6970.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6970", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The North American Ismaili Games (aka hr.apps.n166983741) application 5.26.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6970", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#795545", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/795545" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The North American Ismaili Games (aka hr.apps.n166983741) application 5.26.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#795545", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/795545" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7329.json b/2014/7xxx/CVE-2014-7329.json index de13ec93e31..6ce65e6f1e2 100644 --- a/2014/7xxx/CVE-2014-7329.json +++ b/2014/7xxx/CVE-2014-7329.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7329", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Motoring Classics (aka com.aptusi.android.motoring) application 1.8.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7329", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#908273", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/908273" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Motoring Classics (aka com.aptusi.android.motoring) application 1.8.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#908273", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/908273" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7400.json b/2014/7xxx/CVE-2014-7400.json index aa1a51d36cb..4a0716481b9 100644 --- a/2014/7xxx/CVE-2014-7400.json +++ b/2014/7xxx/CVE-2014-7400.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7400", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7400", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7673.json b/2014/7xxx/CVE-2014-7673.json index 7b63f6681ee..659b784084f 100644 --- a/2014/7xxx/CVE-2014-7673.json +++ b/2014/7xxx/CVE-2014-7673.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7673", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7673", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7871.json b/2014/7xxx/CVE-2014-7871.json index 22e89967b44..3e9254e51fc 100644 --- a/2014/7xxx/CVE-2014-7871.json +++ b/2014/7xxx/CVE-2014-7871.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7871", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7871", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141107 Open-Xchange Security Advisory 2014-11-07", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/533936/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/129020/OX-App-Suite-7.6.0-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129020/OX-App-Suite-7.6.0-SQL-Injection.html" - }, - { - "name" : "70982", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70982" - }, - { - "name" : "oxappsuite-cve20147871-sql-injection(98563)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98563" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/129020/OX-App-Suite-7.6.0-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129020/OX-App-Suite-7.6.0-SQL-Injection.html" + }, + { + "name": "70982", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70982" + }, + { + "name": "20141107 Open-Xchange Security Advisory 2014-11-07", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/533936/100/0/threaded" + }, + { + "name": "oxappsuite-cve20147871-sql-injection(98563)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98563" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8292.json b/2014/8xxx/CVE-2014-8292.json index b571b89a1ec..acde267c5ae 100644 --- a/2014/8xxx/CVE-2014-8292.json +++ b/2014/8xxx/CVE-2014-8292.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8292", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8292", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8369.json b/2014/8xxx/CVE-2014-8369.json index c3cc049ba3a..1a46f3c98f4 100644 --- a/2014/8xxx/CVE-2014-8369.json +++ b/2014/8xxx/CVE-2014-8369.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8369", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8369", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20141024 [PATCH 13/14] kvm: fix excessive pages un-pinning in kvm_iommu_map error path.", - "refsource" : "MLIST", - "url" : "https://lkml.org/lkml/2014/10/24/460" - }, - { - "name" : "[oss-security] 20141024 CVE-2014-8369 - Linux kernel iommu.c excessive unpinning", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/10/24/7" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3d32e4dbe71374a6780eaf51d719d76f9a9bf22f", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3d32e4dbe71374a6780eaf51d719d76f9a9bf22f" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1156518", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1156518" - }, - { - "name" : "https://github.com/torvalds/linux/commit/3d32e4dbe71374a6780eaf51d719d76f9a9bf22f", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/3d32e4dbe71374a6780eaf51d719d76f9a9bf22f" - }, - { - "name" : "DSA-3093", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3093" - }, - { - "name" : "RHSA-2015:0674", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0674.html" - }, - { - "name" : "SUSE-SU-2015:0481", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html" - }, - { - "name" : "openSUSE-SU-2015:0566", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html" - }, - { - "name" : "SUSE-SU-2015:0736", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html" - }, - { - "name" : "70749", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70749" - }, - { - "name" : "70747", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70747" - }, - { - "name" : "62326", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62326" - }, - { - "name" : "62336", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62336" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70749", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70749" + }, + { + "name": "SUSE-SU-2015:0736", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html" + }, + { + "name": "[linux-kernel] 20141024 [PATCH 13/14] kvm: fix excessive pages un-pinning in kvm_iommu_map error path.", + "refsource": "MLIST", + "url": "https://lkml.org/lkml/2014/10/24/460" + }, + { + "name": "DSA-3093", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3093" + }, + { + "name": "62326", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62326" + }, + { + "name": "SUSE-SU-2015:0481", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html" + }, + { + "name": "openSUSE-SU-2015:0566", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html" + }, + { + "name": "[oss-security] 20141024 CVE-2014-8369 - Linux kernel iommu.c excessive unpinning", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/10/24/7" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3d32e4dbe71374a6780eaf51d719d76f9a9bf22f", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3d32e4dbe71374a6780eaf51d719d76f9a9bf22f" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1156518", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1156518" + }, + { + "name": "62336", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62336" + }, + { + "name": "70747", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70747" + }, + { + "name": "https://github.com/torvalds/linux/commit/3d32e4dbe71374a6780eaf51d719d76f9a9bf22f", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/3d32e4dbe71374a6780eaf51d719d76f9a9bf22f" + }, + { + "name": "RHSA-2015:0674", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0674.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8444.json b/2014/8xxx/CVE-2014-8444.json index 63c6aaedbe3..b3196038b1d 100644 --- a/2014/8xxx/CVE-2014-8444.json +++ b/2014/8xxx/CVE-2014-8444.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8444", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8444", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9521.json b/2014/9xxx/CVE-2014-9521.json index 05d4466a5b1..64ae51b82c3 100644 --- a/2014/9xxx/CVE-2014-9521.json +++ b/2014/9xxx/CVE-2014-9521.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9521", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in uploadScript.php in InfiniteWP Admin Panel before 2.4.4, when the allWPFiles query parameter is set, allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the uploads directory, as demonstrated by the .php.swp filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9521", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141210 Multiple vulnerabilities in InfiniteWP Admin Panel", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/43" - }, - { - "name" : "https://lifeforms.nl/20141210/infinitewp-vulnerabilities/", - "refsource" : "MISC", - "url" : "https://lifeforms.nl/20141210/infinitewp-vulnerabilities/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in uploadScript.php in InfiniteWP Admin Panel before 2.4.4, when the allWPFiles query parameter is set, allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the uploads directory, as demonstrated by the .php.swp filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://lifeforms.nl/20141210/infinitewp-vulnerabilities/", + "refsource": "MISC", + "url": "https://lifeforms.nl/20141210/infinitewp-vulnerabilities/" + }, + { + "name": "20141210 Multiple vulnerabilities in InfiniteWP Admin Panel", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/43" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2167.json b/2016/2xxx/CVE-2016-2167.json index a40f7d47320..4246f8be698 100644 --- a/2016/2xxx/CVE-2016-2167.json +++ b/2016/2xxx/CVE-2016-2167.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-2167", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-2167", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[subversion-announce] 20160428 [ANNOUNCE][SECURITY] Apache Subversion 1.8.16 released", - "refsource" : "MLIST", - "url" : "http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgJet+7_MAhomFVOXPgLtewcUw9w=k9zdPCkq5tvPxVMA@mail.gmail.com%3E" - }, - { - "name" : "[subversion-announce] 20160428 [ANNOUNCE][SECURITY] Apache Subversion 1.9.4 released", - "refsource" : "MLIST", - "url" : "http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ@mail.gmail.com%3E" - }, - { - "name" : "http://subversion.apache.org/security/CVE-2016-2167-advisory.txt", - "refsource" : "CONFIRM", - "url" : "http://subversion.apache.org/security/CVE-2016-2167-advisory.txt" - }, - { - "name" : "DSA-3561", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3561" - }, - { - "name" : "FEDORA-2016-20cc04ac50", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.html" - }, - { - "name" : "GLSA-201610-05", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201610-05" - }, - { - "name" : "SSA:2016-121-01", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.417496" - }, - { - "name" : "openSUSE-SU-2016:1263", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-05/msg00043.html" - }, - { - "name" : "openSUSE-SU-2016:1264", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-05/msg00044.html" - }, - { - "name" : "89417", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/89417" - }, - { - "name" : "1035706", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035706" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2016-20cc04ac50", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.html" + }, + { + "name": "89417", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/89417" + }, + { + "name": "[subversion-announce] 20160428 [ANNOUNCE][SECURITY] Apache Subversion 1.8.16 released", + "refsource": "MLIST", + "url": "http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgJet+7_MAhomFVOXPgLtewcUw9w=k9zdPCkq5tvPxVMA@mail.gmail.com%3E" + }, + { + "name": "SSA:2016-121-01", + "refsource": "SLACKWARE", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.417496" + }, + { + "name": "openSUSE-SU-2016:1264", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00044.html" + }, + { + "name": "[subversion-announce] 20160428 [ANNOUNCE][SECURITY] Apache Subversion 1.9.4 released", + "refsource": "MLIST", + "url": "http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ@mail.gmail.com%3E" + }, + { + "name": "http://subversion.apache.org/security/CVE-2016-2167-advisory.txt", + "refsource": "CONFIRM", + "url": "http://subversion.apache.org/security/CVE-2016-2167-advisory.txt" + }, + { + "name": "openSUSE-SU-2016:1263", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00043.html" + }, + { + "name": "DSA-3561", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3561" + }, + { + "name": "1035706", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035706" + }, + { + "name": "GLSA-201610-05", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201610-05" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2553.json b/2016/2xxx/CVE-2016-2553.json index 52adb30cf23..2046519cab0 100644 --- a/2016/2xxx/CVE-2016-2553.json +++ b/2016/2xxx/CVE-2016-2553.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2553", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2553", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6023.json b/2016/6xxx/CVE-2016-6023.json index 1327dfad480..51d6f279f93 100644 --- a/2016/6xxx/CVE-2016-6023.json +++ b/2016/6xxx/CVE-2016-6023.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6023", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to read arbitrary files via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-6023", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21991278", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21991278" - }, - { - "name" : "93347", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93347" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to read arbitrary files via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21991278", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991278" + }, + { + "name": "93347", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93347" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6438.json b/2016/6xxx/CVE-2016-6438.json index c2c721513cb..065207f6cb2 100644 --- a/2016/6xxx/CVE-2016-6438.json +++ b/2016/6xxx/CVE-2016-6438.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2016-6438", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco IOS XE 3.16S, 3.17S, 3.18.0S, 3.18.1S, 3.18.0SP", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco IOS XE 3.16S, 3.17S, 3.18.0S, 3.18.1S, 3.18.0SP" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause a configuration integrity change to the vty line configuration on an affected device. This vulnerability affects the following releases of Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers: All 3.16S releases, All 3.17S releases, Release 3.18.0S, Release 3.18.1S, Release 3.18.0SP. More Information: CSCuz62815. Known Affected Releases: 15.5(3)S2.9, 15.6(2)SP. Known Fixed Releases: 15.6(1.7)SP1, 16.4(0.183), 16.5(0.1)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unspecified" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6438", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XE 3.16S, 3.17S, 3.18.0S, 3.18.1S, 3.18.0SP", + "version": { + "version_data": [ + { + "version_value": "Cisco IOS XE 3.16S, 3.17S, 3.18.0S, 3.18.1S, 3.18.0SP" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-cbr-8", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-cbr-8" - }, - { - "name" : "93518", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93518" - }, - { - "name" : "1037003", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037003" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause a configuration integrity change to the vty line configuration on an affected device. This vulnerability affects the following releases of Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers: All 3.16S releases, All 3.17S releases, Release 3.18.0S, Release 3.18.1S, Release 3.18.0SP. More Information: CSCuz62815. Known Affected Releases: 15.5(3)S2.9, 15.6(2)SP. Known Fixed Releases: 15.6(1.7)SP1, 16.4(0.183), 16.5(0.1)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037003", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037003" + }, + { + "name": "93518", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93518" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-cbr-8", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-cbr-8" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6562.json b/2016/6xxx/CVE-2016-6562.json index be4644644f6..64cd82eaeb0 100644 --- a/2016/6xxx/CVE-2016-6562.json +++ b/2016/6xxx/CVE-2016-6562.json @@ -1,96 +1,96 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2016-6562", - "STATE" : "PUBLIC", - "TITLE" : "ShoreTel Mobility Client for iOS and Android, version 9.1.3.109 and earlier, fails to properly validate SSL certificates provided by HTTPS connections" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Mobility Client iOS", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_name" : "9.1.3.109", - "version_value" : "9.1.3.109" - } - ] - } - }, - { - "product_name" : "Mobility Client Andoid ", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_name" : "9.1.3.109", - "version_value" : "9.1.3.109" - } - ] - } - } - ] - }, - "vendor_name" : "ShoreTel" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On iOS and Android devices, the ShoreTel Mobility Client app version 9.1.3.109 fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position to perform MITM attacks may be able to obtain sensitive account information such as login credentials." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-295" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-6562", + "STATE": "PUBLIC", + "TITLE": "ShoreTel Mobility Client for iOS and Android, version 9.1.3.109 and earlier, fails to properly validate SSL certificates provided by HTTPS connections" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Mobility Client iOS", + "version": { + "version_data": [ + { + "affected": "<=", + "version_name": "9.1.3.109", + "version_value": "9.1.3.109" + } + ] + } + }, + { + "product_name": "Mobility Client Andoid ", + "version": { + "version_data": [ + { + "affected": "<=", + "version_name": "9.1.3.109", + "version_value": "9.1.3.109" + } + ] + } + } + ] + }, + "vendor_name": "ShoreTel" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.info-sec.ca/advisories/ShoreTel-Mobility.html", - "refsource" : "MISC", - "url" : "https://www.info-sec.ca/advisories/ShoreTel-Mobility.html" - }, - { - "name" : "VU#475907", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/475907" - }, - { - "name" : "95224", - "refsource" : "BID", - "url" : "https://www.securityfocus.com/bid/95224" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "ShoreTel has released version 9.1.5.104 for all devices to address the vulnerability." - } - ], - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On iOS and Android devices, the ShoreTel Mobility Client app version 9.1.3.109 fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position to perform MITM attacks may be able to obtain sensitive account information such as login credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-295" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.info-sec.ca/advisories/ShoreTel-Mobility.html", + "refsource": "MISC", + "url": "https://www.info-sec.ca/advisories/ShoreTel-Mobility.html" + }, + { + "name": "VU#475907", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/475907" + }, + { + "name": "95224", + "refsource": "BID", + "url": "https://www.securityfocus.com/bid/95224" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "ShoreTel has released version 9.1.5.104 for all devices to address the vulnerability." + } + ], + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6829.json b/2016/6xxx/CVE-2016-6829.json index f57ad3e1d77..59097b47133 100644 --- a/2016/6xxx/CVE-2016-6829.json +++ b/2016/6xxx/CVE-2016-6829.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6829", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The trove service user in (1) Openstack deployment (aka crowbar-openstack) and (2) Trove Barclamp (aka barclamp-trove and crowbar-barclamp-trove) in the Crowbar Framework has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-6829", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160816 CVE Request: Default password in openstack / crowbar trove", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/08/16/1" - }, - { - "name" : "[oss-security] 20160817 Re: CVE Request: Default password in openstack / crowbar trove", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/08/18/9" - }, - { - "name" : "https://github.com/crowbar/barclamp-trove/commit/932298f250365fed6963700870e52db3a7a32daa", - "refsource" : "CONFIRM", - "url" : "https://github.com/crowbar/barclamp-trove/commit/932298f250365fed6963700870e52db3a7a32daa" - }, - { - "name" : "https://github.com/crowbar/crowbar-openstack/commit/208230bdfbcb19d062149d083b1a66b429516a69", - "refsource" : "CONFIRM", - "url" : "https://github.com/crowbar/crowbar-openstack/commit/208230bdfbcb19d062149d083b1a66b429516a69" - }, - { - "name" : "https://www.suse.com/security/cve//CVE-2016-6829.html", - "refsource" : "CONFIRM", - "url" : "https://www.suse.com/security/cve//CVE-2016-6829.html" - }, - { - "name" : "92476", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92476" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The trove service user in (1) Openstack deployment (aka crowbar-openstack) and (2) Trove Barclamp (aka barclamp-trove and crowbar-barclamp-trove) in the Crowbar Framework has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.suse.com/security/cve//CVE-2016-6829.html", + "refsource": "CONFIRM", + "url": "https://www.suse.com/security/cve//CVE-2016-6829.html" + }, + { + "name": "[oss-security] 20160816 CVE Request: Default password in openstack / crowbar trove", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/08/16/1" + }, + { + "name": "[oss-security] 20160817 Re: CVE Request: Default password in openstack / crowbar trove", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/08/18/9" + }, + { + "name": "https://github.com/crowbar/barclamp-trove/commit/932298f250365fed6963700870e52db3a7a32daa", + "refsource": "CONFIRM", + "url": "https://github.com/crowbar/barclamp-trove/commit/932298f250365fed6963700870e52db3a7a32daa" + }, + { + "name": "92476", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92476" + }, + { + "name": "https://github.com/crowbar/crowbar-openstack/commit/208230bdfbcb19d062149d083b1a66b429516a69", + "refsource": "CONFIRM", + "url": "https://github.com/crowbar/crowbar-openstack/commit/208230bdfbcb19d062149d083b1a66b429516a69" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5232.json b/2017/5xxx/CVE-2017-5232.json index 1ad0b03a7a0..39d31faa7a2 100644 --- a/2017/5xxx/CVE-2017-5232.json +++ b/2017/5xxx/CVE-2017-5232.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@rapid7.com", - "ID" : "CVE-2017-5232", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Nexpose", - "version" : { - "version_data" : [ - { - "version_value" : "All versions prior to version 6.4.24" - } - ] - } - } - ] - }, - "vendor_name" : "Rapid7" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "All editions of Rapid7 Nexpose installers prior to version 6.4.24 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DLL Preloading" - } + "CVE_data_meta": { + "ASSIGNER": "cve@rapid7.com", + "ID": "CVE-2017-5232", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Nexpose", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 6.4.24" + } + ] + } + } + ] + }, + "vendor_name": "Rapid7" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products", - "refsource" : "CONFIRM", - "url" : "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products" - }, - { - "name" : "96956", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96956" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "All editions of Rapid7 Nexpose installers prior to version 6.4.24 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DLL Preloading" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96956", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96956" + }, + { + "name": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products", + "refsource": "CONFIRM", + "url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5271.json b/2017/5xxx/CVE-2017-5271.json index cc93126430d..d3285087adf 100644 --- a/2017/5xxx/CVE-2017-5271.json +++ b/2017/5xxx/CVE-2017-5271.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5271", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5271", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5407.json b/2017/5xxx/CVE-2017-5407.json index 9e99be33b52..7d072df84c8 100644 --- a/2017/5xxx/CVE-2017-5407.json +++ b/2017/5xxx/CVE-2017-5407.json @@ -1,154 +1,154 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-5407", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "45.8" - } - ] - } - }, - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52" - }, - { - "version_affected" : "<", - "version_value" : "45.8" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Pixel and history stealing via floating-point timing side channel with SVG filters" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-5407", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "45.8" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52" + }, + { + "version_affected": "<", + "version_value": "45.8" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1336622", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1336622" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-05/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-05/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-06/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-06/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-07/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-07/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-09/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-09/" - }, - { - "name" : "DSA-3805", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3805" - }, - { - "name" : "DSA-3832", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3832" - }, - { - "name" : "GLSA-201705-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-06" - }, - { - "name" : "GLSA-201705-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-07" - }, - { - "name" : "RHSA-2017:0459", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0459.html" - }, - { - "name" : "RHSA-2017:0461", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0461.html" - }, - { - "name" : "RHSA-2017:0498", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0498.html" - }, - { - "name" : "96693", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96693" - }, - { - "name" : "1037966", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037966" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Pixel and history stealing via floating-point timing side channel with SVG filters" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96693", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96693" + }, + { + "name": "RHSA-2017:0459", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0459.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1336622", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1336622" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-09/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-09/" + }, + { + "name": "DSA-3832", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3832" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-07/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-07/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-05/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-05/" + }, + { + "name": "1037966", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037966" + }, + { + "name": "GLSA-201705-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-06" + }, + { + "name": "RHSA-2017:0461", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0461.html" + }, + { + "name": "DSA-3805", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3805" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-06/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-06/" + }, + { + "name": "RHSA-2017:0498", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0498.html" + }, + { + "name": "GLSA-201705-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-07" + } + ] + } +} \ No newline at end of file