diff --git a/2006/0xxx/CVE-2006-0458.json b/2006/0xxx/CVE-2006-0458.json index b201d9896bd..1ab658b7664 100644 --- a/2006/0xxx/CVE-2006-0458.json +++ b/2006/0xxx/CVE-2006-0458.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0458", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DCC ACCEPT command handler in irssi before 0.8.9+0.8.10rc5-0ubuntu4.1 in Ubuntu Linux, and possibly other distributions, allows remote attackers to cause a denial of service (application crash) via certain crafted arguments in a DCC command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-0458", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "USN-259-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/259-1/" - }, - { - "name" : "16913", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16913" - }, - { - "name" : "19090", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19090" - }, - { - "name" : "irssi-dcc-accept-dos(25147)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25147" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DCC ACCEPT command handler in irssi before 0.8.9+0.8.10rc5-0ubuntu4.1 in Ubuntu Linux, and possibly other distributions, allows remote attackers to cause a denial of service (application crash) via certain crafted arguments in a DCC command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-259-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/259-1/" + }, + { + "name": "19090", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19090" + }, + { + "name": "16913", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16913" + }, + { + "name": "irssi-dcc-accept-dos(25147)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25147" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3154.json b/2006/3xxx/CVE-2006-3154.json index 374cc586088..b87bd53c88e 100644 --- a/2006/3xxx/CVE-2006-3154.json +++ b/2006/3xxx/CVE-2006-3154.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3154", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.pl in Ultimate Estate 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3154", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/06/ultimate-estate-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/06/ultimate-estate-vuln.html" - }, - { - "name" : "18573", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18573" - }, - { - "name" : "ADV-2006-2475", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2475" - }, - { - "name" : "26740", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26740" - }, - { - "name" : "1016353", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016353" - }, - { - "name" : "20761", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20761" - }, - { - "name" : "ultimate-estate-index-sql-injection(27273)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27273" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.pl in Ultimate Estate 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ultimate-estate-index-sql-injection(27273)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27273" + }, + { + "name": "26740", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26740" + }, + { + "name": "ADV-2006-2475", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2475" + }, + { + "name": "1016353", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016353" + }, + { + "name": "http://pridels0.blogspot.com/2006/06/ultimate-estate-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/06/ultimate-estate-vuln.html" + }, + { + "name": "18573", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18573" + }, + { + "name": "20761", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20761" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3265.json b/2006/3xxx/CVE-2006-3265.json index 4a05c1a6271..0c5e5da5e18 100644 --- a/2006/3xxx/CVE-2006-3265.json +++ b/2006/3xxx/CVE-2006-3265.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3265", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.php in Qdig before 1.2.9.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pre_gallery or (2) post_gallery parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3265", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://qdig.sourceforge.net/News/News2006-06-24-1", - "refsource" : "CONFIRM", - "url" : "http://qdig.sourceforge.net/News/News2006-06-24-1" - }, - { - "name" : "ADV-2006-2514", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2514" - }, - { - "name" : "26828", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26828" - }, - { - "name" : "20808", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20808" - }, - { - "name" : "538", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/538" - }, - { - "name" : "qdig-index-xss(27471)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27471" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in Qdig before 1.2.9.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pre_gallery or (2) post_gallery parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "qdig-index-xss(27471)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27471" + }, + { + "name": "ADV-2006-2514", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2514" + }, + { + "name": "20808", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20808" + }, + { + "name": "http://qdig.sourceforge.net/News/News2006-06-24-1", + "refsource": "CONFIRM", + "url": "http://qdig.sourceforge.net/News/News2006-06-24-1" + }, + { + "name": "26828", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26828" + }, + { + "name": "538", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/538" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3312.json b/2006/3xxx/CVE-2006-3312.json index d4c80fcb32e..5e54b38943c 100644 --- a/2006/3xxx/CVE-2006-3312.json +++ b/2006/3xxx/CVE-2006-3312.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3312", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in ashmans and Bill Echlin QaTraq 6.5 RC and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) link_print, (2) link_upgrade, (3) link_sql, (4) link_next, (5) link_prev, and (6) link_list parameters in top.inc as included by queries_view_search.php; the (7) msg, (8) component_name, and (9) component_desc parameters in (a) components_copy_content.php, (b) components_modify_content.php, and (c) components_new_content.php; the (10) title, (11) version, and (12) content parameters in design_copy_content.php; the (13) plan_title and (14) plan_content parameters in design_copy_plan_search.php; the (15) title, (16) minor_version, (17) new_version, and (18) content parameters in design_modify_content.php; the (19) title, (20) version, and (21) content parameters in design_new_content.php; the (22) plan_name and (23) plan_desc parameters in design_new_search.php; the (24) file_name parameter in download.php; the (25) username and (26) password parameters in login.php; the (27) title, (28) version, and (29) content parameters in phase_copy_content.php; the (30) content parameter in phase_delete_search.php; the (31) title, (32) minor_version, (33) new_version, and (34) content parameters in phase_modify_content.php; the (35) content, (36) title, (37) version, and (38) content parameters in phase_modify_search.php; the (39) content parameter in phase_view_search.php; the (40) msg, (41) product_name, and (42) product_desc parameters in products_copy_content.php; and possibly the (43) product_name and (44) product_desc parameters in (d) products_copy_search.php, and a large number of additional parameters and executables. NOTE: the vendor notified CVE via e-mail that this issue has been fixed in the 6.8 RC release." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3312", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060623 QaTraq 6.5 RC: Multiple XSS Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438151/100/0/threaded" - }, - { - "name" : "http://seclab.tuwien.ac.at/advisories/TUVSA-0606-001.txt", - "refsource" : "MISC", - "url" : "http://seclab.tuwien.ac.at/advisories/TUVSA-0606-001.txt" - }, - { - "name" : "20060811 QaTraq multiple cross-site scripting vulnerabilities (fwd)", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2006-August/000969.html" - }, - { - "name" : "http://www.testmanagement.com/", - "refsource" : "CONFIRM", - "url" : "http://www.testmanagement.com/" - }, - { - "name" : "18620", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18620" - }, - { - "name" : "27599", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27599" - }, - { - "name" : "27600", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27600" - }, - { - "name" : "27601", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27601" - }, - { - "name" : "27605", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27605" - }, - { - "name" : "27606", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27606" - }, - { - "name" : "27607", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27607" - }, - { - "name" : "27608", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27608" - }, - { - "name" : "27609", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27609" - }, - { - "name" : "27610", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27610" - }, - { - "name" : "27611", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27611" - }, - { - "name" : "27612", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27612" - }, - { - "name" : "27613", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27613" - }, - { - "name" : "27614", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27614" - }, - { - "name" : "27615", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27615" - }, - { - "name" : "27616", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27616" - }, - { - "name" : "27602", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27602" - }, - { - "name" : "27603", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27603" - }, - { - "name" : "27604", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27604" - }, - { - "name" : "1016381", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016381" - }, - { - "name" : "1169", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1169" - }, - { - "name" : "qatraq-multiple-xss(27355)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27355" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in ashmans and Bill Echlin QaTraq 6.5 RC and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) link_print, (2) link_upgrade, (3) link_sql, (4) link_next, (5) link_prev, and (6) link_list parameters in top.inc as included by queries_view_search.php; the (7) msg, (8) component_name, and (9) component_desc parameters in (a) components_copy_content.php, (b) components_modify_content.php, and (c) components_new_content.php; the (10) title, (11) version, and (12) content parameters in design_copy_content.php; the (13) plan_title and (14) plan_content parameters in design_copy_plan_search.php; the (15) title, (16) minor_version, (17) new_version, and (18) content parameters in design_modify_content.php; the (19) title, (20) version, and (21) content parameters in design_new_content.php; the (22) plan_name and (23) plan_desc parameters in design_new_search.php; the (24) file_name parameter in download.php; the (25) username and (26) password parameters in login.php; the (27) title, (28) version, and (29) content parameters in phase_copy_content.php; the (30) content parameter in phase_delete_search.php; the (31) title, (32) minor_version, (33) new_version, and (34) content parameters in phase_modify_content.php; the (35) content, (36) title, (37) version, and (38) content parameters in phase_modify_search.php; the (39) content parameter in phase_view_search.php; the (40) msg, (41) product_name, and (42) product_desc parameters in products_copy_content.php; and possibly the (43) product_name and (44) product_desc parameters in (d) products_copy_search.php, and a large number of additional parameters and executables. NOTE: the vendor notified CVE via e-mail that this issue has been fixed in the 6.8 RC release." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27603", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27603" + }, + { + "name": "20060811 QaTraq multiple cross-site scripting vulnerabilities (fwd)", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2006-August/000969.html" + }, + { + "name": "http://www.testmanagement.com/", + "refsource": "CONFIRM", + "url": "http://www.testmanagement.com/" + }, + { + "name": "27611", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27611" + }, + { + "name": "27614", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27614" + }, + { + "name": "http://seclab.tuwien.ac.at/advisories/TUVSA-0606-001.txt", + "refsource": "MISC", + "url": "http://seclab.tuwien.ac.at/advisories/TUVSA-0606-001.txt" + }, + { + "name": "27602", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27602" + }, + { + "name": "27610", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27610" + }, + { + "name": "1016381", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016381" + }, + { + "name": "27612", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27612" + }, + { + "name": "27607", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27607" + }, + { + "name": "27606", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27606" + }, + { + "name": "18620", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18620" + }, + { + "name": "27609", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27609" + }, + { + "name": "27608", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27608" + }, + { + "name": "27599", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27599" + }, + { + "name": "27613", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27613" + }, + { + "name": "27615", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27615" + }, + { + "name": "27605", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27605" + }, + { + "name": "1169", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1169" + }, + { + "name": "27616", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27616" + }, + { + "name": "qatraq-multiple-xss(27355)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27355" + }, + { + "name": "27600", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27600" + }, + { + "name": "27601", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27601" + }, + { + "name": "27604", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27604" + }, + { + "name": "20060623 QaTraq 6.5 RC: Multiple XSS Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438151/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4469.json b/2006/4xxx/CVE-2006-4469.json index d5926b728fe..c57c9925734 100644 --- a/2006/4xxx/CVE-2006-4469.json +++ b/2006/4xxx/CVE-2006-4469.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4469", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows remote attackers to perform \"remote execution,\" related to \"Injection Flaws.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4469", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.joomla.org/content/view/1841/78/", - "refsource" : "CONFIRM", - "url" : "http://www.joomla.org/content/view/1841/78/" - }, - { - "name" : "http://www.joomla.org/content/view/1843/74/", - "refsource" : "CONFIRM", - "url" : "http://www.joomla.org/content/view/1843/74/" - }, - { - "name" : "ADV-2006-3408", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3408" - }, - { - "name" : "21666", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21666" - }, - { - "name" : "joomla-pear-command-execution(28629)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28629" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows remote attackers to perform \"remote execution,\" related to \"Injection Flaws.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3408", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3408" + }, + { + "name": "http://www.joomla.org/content/view/1841/78/", + "refsource": "CONFIRM", + "url": "http://www.joomla.org/content/view/1841/78/" + }, + { + "name": "21666", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21666" + }, + { + "name": "http://www.joomla.org/content/view/1843/74/", + "refsource": "CONFIRM", + "url": "http://www.joomla.org/content/view/1843/74/" + }, + { + "name": "joomla-pear-command-execution(28629)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28629" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4546.json b/2006/4xxx/CVE-2006-4546.json index 8b023665317..f86819a1138 100644 --- a/2006/4xxx/CVE-2006-4546.json +++ b/2006/4xxx/CVE-2006-4546.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4546", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Lyris ListManager 8.95 allows remote authenticated users, who have administrative privileges for at least one list on the server, to add new administrators to any list via a modified MEMBERS_.List_ parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4546", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060831 Lyris ListManager 8.95: Add arbitrary administrator to arbitrary list", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444844/100/0/threaded" - }, - { - "name" : "20060831 Lyris ListManager 8.95: Add arbitrary administrator to arbitrary list", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0817.html" - }, - { - "name" : "1016771", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016771" - }, - { - "name" : "21698", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21698" - }, - { - "name" : "1502", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1502" - }, - { - "name" : "listmanager-administrator-security-bypass(28679)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28679" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Lyris ListManager 8.95 allows remote authenticated users, who have administrative privileges for at least one list on the server, to add new administrators to any list via a modified MEMBERS_.List_ parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21698", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21698" + }, + { + "name": "1016771", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016771" + }, + { + "name": "20060831 Lyris ListManager 8.95: Add arbitrary administrator to arbitrary list", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0817.html" + }, + { + "name": "1502", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1502" + }, + { + "name": "listmanager-administrator-security-bypass(28679)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28679" + }, + { + "name": "20060831 Lyris ListManager 8.95: Add arbitrary administrator to arbitrary list", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444844/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4565.json b/2006/4xxx/CVE-2006-4565.json index b4df023fa41..e03e4ec10fa 100644 --- a/2006/4xxx/CVE-2006-4565.json +++ b/2006/4xxx/CVE-2006-4565.json @@ -1,352 +1,352 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4565", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a JavaScript regular expression with a \"minimal quantifier.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-4565", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060915 rPSA-2006-0169-1 firefox thunderbird", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/446140/100/0/threaded" - }, - { - "name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-57.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-57.html" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-640", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-640" - }, - { - "name" : "DSA-1191", - "refsource" : "DEBIAN", - "url" : "http://www.us.debian.org/security/2006/dsa-1191" - }, - { - "name" : "DSA-1192", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1192" - }, - { - "name" : "DSA-1210", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1210" - }, - { - "name" : "GLSA-200609-19", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200609-19.xml" - }, - { - "name" : "GLSA-200610-01", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200610-01.xml" - }, - { - "name" : "GLSA-200610-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200610-04.xml" - }, - { - "name" : "HPSBUX02153", - "refsource" : "HP", - "url" : "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742" - }, - { - "name" : "SSRT061181", - "refsource" : "HP", - "url" : "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742" - }, - { - "name" : "MDKSA-2006:168", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168" - }, - { - "name" : "MDKSA-2006:169", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169" - }, - { - "name" : "RHSA-2006:0676", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0676.html" - }, - { - "name" : "RHSA-2006:0677", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0677.html" - }, - { - "name" : "RHSA-2006:0675", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0675.html" - }, - { - "name" : "20060901-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc" - }, - { - "name" : "SUSE-SA:2006:054", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html" - }, - { - "name" : "USN-350-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-350-1" - }, - { - "name" : "USN-351-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-351-1" - }, - { - "name" : "USN-352-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-352-1" - }, - { - "name" : "USN-354-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-354-1" - }, - { - "name" : "USN-361-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-361-1" - }, - { - "name" : "20042", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20042" - }, - { - "name" : "oval:org.mitre.oval:def:11421", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11421" - }, - { - "name" : "ADV-2006-3617", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3617" - }, - { - "name" : "ADV-2007-1198", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1198" - }, - { - "name" : "ADV-2006-3748", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3748" - }, - { - "name" : "ADV-2008-0083", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0083" - }, - { - "name" : "1016846", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016846" - }, - { - "name" : "1016847", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016847" - }, - { - "name" : "1016848", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016848" - }, - { - "name" : "21906", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21906" - }, - { - "name" : "21949", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21949" - }, - { - "name" : "21915", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21915" - }, - { - "name" : "21916", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21916" - }, - { - "name" : "21939", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21939" - }, - { - "name" : "21940", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21940" - }, - { - "name" : "21950", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21950" - }, - { - "name" : "22036", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22036" - }, - { - "name" : "22001", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22001" - }, - { - "name" : "22025", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22025" - }, - { - "name" : "22055", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22055" - }, - { - "name" : "22074", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22074" - }, - { - "name" : "22088", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22088" - }, - { - "name" : "22210", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22210" - }, - { - "name" : "22247", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22247" - }, - { - "name" : "22274", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22274" - }, - { - "name" : "22299", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22299" - }, - { - "name" : "22342", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22342" - }, - { - "name" : "22391", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22391" - }, - { - "name" : "22422", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22422" - }, - { - "name" : "22849", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22849" - }, - { - "name" : "22056", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22056" - }, - { - "name" : "22195", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22195" - }, - { - "name" : "24711", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24711" - }, - { - "name" : "22066", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22066" - }, - { - "name" : "mozilla-javascript-expression-bo(28955)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28955" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a JavaScript regular expression with a \"minimal quantifier.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016847", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016847" + }, + { + "name": "22391", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22391" + }, + { + "name": "ADV-2006-3748", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3748" + }, + { + "name": "RHSA-2006:0676", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0676.html" + }, + { + "name": "mozilla-javascript-expression-bo(28955)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28955" + }, + { + "name": "22055", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22055" + }, + { + "name": "22195", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22195" + }, + { + "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-57.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-57.html" + }, + { + "name": "USN-361-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-361-1" + }, + { + "name": "USN-352-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-352-1" + }, + { + "name": "21950", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21950" + }, + { + "name": "USN-351-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-351-1" + }, + { + "name": "22025", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22025" + }, + { + "name": "22056", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22056" + }, + { + "name": "22247", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22247" + }, + { + "name": "MDKSA-2006:168", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168" + }, + { + "name": "DSA-1191", + "refsource": "DEBIAN", + "url": "http://www.us.debian.org/security/2006/dsa-1191" + }, + { + "name": "22210", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22210" + }, + { + "name": "DSA-1210", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1210" + }, + { + "name": "24711", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24711" + }, + { + "name": "GLSA-200610-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200610-04.xml" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm" + }, + { + "name": "22849", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22849" + }, + { + "name": "ADV-2008-0083", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0083" + }, + { + "name": "20060901-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc" + }, + { + "name": "21939", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21939" + }, + { + "name": "1016848", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016848" + }, + { + "name": "ADV-2006-3617", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3617" + }, + { + "name": "21915", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21915" + }, + { + "name": "ADV-2007-1198", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1198" + }, + { + "name": "RHSA-2006:0677", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0677.html" + }, + { + "name": "DSA-1192", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1192" + }, + { + "name": "GLSA-200609-19", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200609-19.xml" + }, + { + "name": "SSRT061181", + "refsource": "HP", + "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742" + }, + { + "name": "22274", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22274" + }, + { + "name": "RHSA-2006:0675", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0675.html" + }, + { + "name": "21940", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21940" + }, + { + "name": "20042", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20042" + }, + { + "name": "22001", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22001" + }, + { + "name": "oval:org.mitre.oval:def:11421", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11421" + }, + { + "name": "20060915 rPSA-2006-0169-1 firefox thunderbird", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/446140/100/0/threaded" + }, + { + "name": "USN-350-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-350-1" + }, + { + "name": "21906", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21906" + }, + { + "name": "HPSBUX02153", + "refsource": "HP", + "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742" + }, + { + "name": "22342", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22342" + }, + { + "name": "GLSA-200610-01", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200610-01.xml" + }, + { + "name": "22074", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22074" + }, + { + "name": "22066", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22066" + }, + { + "name": "22088", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22088" + }, + { + "name": "21949", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21949" + }, + { + "name": "SUSE-SA:2006:054", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html" + }, + { + "name": "https://issues.rpath.com/browse/RPL-640", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-640" + }, + { + "name": "22036", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22036" + }, + { + "name": "1016846", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016846" + }, + { + "name": "USN-354-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-354-1" + }, + { + "name": "22422", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22422" + }, + { + "name": "22299", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22299" + }, + { + "name": "MDKSA-2006:169", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169" + }, + { + "name": "21916", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21916" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4703.json b/2006/4xxx/CVE-2006-4703.json index b0c800397e2..8a8c7003532 100644 --- a/2006/4xxx/CVE-2006-4703.json +++ b/2006/4xxx/CVE-2006-4703.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4703", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-4703", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4743.json b/2006/4xxx/CVE-2006-4743.json index 9fb61f713a5..ae4c6ef0c68 100644 --- a/2006/4xxx/CVE-2006-4743.json +++ b/2006/4xxx/CVE-2006-4743.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4743", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain sensitive information via a direct request for (1) 404.php, (2) akismet.php, (3) archive.php, (4) archives.php, (5) attachment.php, (6) blogger.php, (7) comments.php, (8) comments-popup.php, (9) dotclear.php, (10) footer.php, (11) functions.php, (12) header.php, (13) hello.php, (14) wp-content/themes/default/index.php, (15) links.php, (16) livejournal.php, (17) mt.php, (18) page.php, (19) rss.php, (20) searchform.php, (21) search.php, (22) sidebar.php, (23) single.php, (24) textpattern.php, (25) upgrade-functions.php, (26) upgrade-schema.php, or (27) wp-db-backup.php, which reveal the path in various error messages. NOTE: another researcher has disputed the details of this report, stating that version 2.0.5 does not exist. NOTE: the admin-footer.php, admin-functions.php, default-filters.php, edit-form-advanced.php, edit-link-form.php, edit-page-form.php, kses.php, locale.php, rss-functions.php, template-loader.php, and wp-db.php vectors are already covered by CVE-2006-0986. The edit-form-comment.php, vars.php, and wp-settings.php vectors are already covered by CVE-2005-4463. The menu-header.php vector is already covered by CVE-2005-2110." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4743", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060906 Sql Injection and Path Disclosoure Wordpress v2.0.5", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445374/100/0/threaded" - }, - { - "name" : "20060907 Re: Re: Sql Injection and Path Disclosoure Wordpress v2.0.5", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445604/100/0/threaded" - }, - { - "name" : "20060907 Re: Sql Injection and Path Disclosoure Wordpress v2.0.5", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445471/100/0/threaded" - }, - { - "name" : "20060911 Re: Re: Sql Injection and Path Disclosoure Wordpress v2.0.5", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445711/100/0/threaded" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain sensitive information via a direct request for (1) 404.php, (2) akismet.php, (3) archive.php, (4) archives.php, (5) attachment.php, (6) blogger.php, (7) comments.php, (8) comments-popup.php, (9) dotclear.php, (10) footer.php, (11) functions.php, (12) header.php, (13) hello.php, (14) wp-content/themes/default/index.php, (15) links.php, (16) livejournal.php, (17) mt.php, (18) page.php, (19) rss.php, (20) searchform.php, (21) search.php, (22) sidebar.php, (23) single.php, (24) textpattern.php, (25) upgrade-functions.php, (26) upgrade-schema.php, or (27) wp-db-backup.php, which reveal the path in various error messages. NOTE: another researcher has disputed the details of this report, stating that version 2.0.5 does not exist. NOTE: the admin-footer.php, admin-functions.php, default-filters.php, edit-form-advanced.php, edit-link-form.php, edit-page-form.php, kses.php, locale.php, rss-functions.php, template-loader.php, and wp-db.php vectors are already covered by CVE-2006-0986. The edit-form-comment.php, vars.php, and wp-settings.php vectors are already covered by CVE-2005-4463. The menu-header.php vector is already covered by CVE-2005-2110." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060906 Sql Injection and Path Disclosoure Wordpress v2.0.5", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445374/100/0/threaded" + }, + { + "name": "20060907 Re: Sql Injection and Path Disclosoure Wordpress v2.0.5", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445471/100/0/threaded" + }, + { + "name": "20060911 Re: Re: Sql Injection and Path Disclosoure Wordpress v2.0.5", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445711/100/0/threaded" + }, + { + "name": "20060907 Re: Re: Sql Injection and Path Disclosoure Wordpress v2.0.5", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445604/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6282.json b/2006/6xxx/CVE-2006-6282.json index ab515ed3aad..61590f85e82 100644 --- a/2006/6xxx/CVE-2006-6282.json +++ b/2006/6xxx/CVE-2006-6282.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6282", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "members.php in Vikingboard 0.1.2 allows remote attackers to trigger a forced SQL error via an invalid s parameter, a different vector than CVE-2006-4709. NOTE: might only be an exposure if display_errors is enabled, but due to lack of details, even this is not clear." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6282", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061118 Vikingboard (0.1.2) [ multiples vulnerability ]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452018/100/200/threaded" - }, - { - "name" : "21196", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21196" - }, - { - "name" : "1966", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1966" - }, - { - "name" : "vikingboard-members-information-disclosure(30386)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30386" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "members.php in Vikingboard 0.1.2 allows remote attackers to trigger a forced SQL error via an invalid s parameter, a different vector than CVE-2006-4709. NOTE: might only be an exposure if display_errors is enabled, but due to lack of details, even this is not clear." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061118 Vikingboard (0.1.2) [ multiples vulnerability ]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452018/100/200/threaded" + }, + { + "name": "vikingboard-members-information-disclosure(30386)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30386" + }, + { + "name": "21196", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21196" + }, + { + "name": "1966", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1966" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6462.json b/2006/6xxx/CVE-2006-6462.json index 9dcafcccf00..ab93e2684fc 100644 --- a/2006/6xxx/CVE-2006-6462.json +++ b/2006/6xxx/CVE-2006-6462.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6462", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in engine/oldnews.inc.php in CM68 News 12.02.06 allows remote attackers to execute arbitrary PHP code via a URL in the addpath parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6462", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2897", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2897" - }, - { - "name" : "http://cm68.de/?cm68news_download", - "refsource" : "MISC", - "url" : "http://cm68.de/?cm68news_download" - }, - { - "name" : "21499", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21499" - }, - { - "name" : "ADV-2006-4911", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4911" - }, - { - "name" : "23326", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23326" - }, - { - "name" : "cm68news-oldnews-file-include(30785)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30785" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in engine/oldnews.inc.php in CM68 News 12.02.06 allows remote attackers to execute arbitrary PHP code via a URL in the addpath parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21499", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21499" + }, + { + "name": "ADV-2006-4911", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4911" + }, + { + "name": "cm68news-oldnews-file-include(30785)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30785" + }, + { + "name": "http://cm68.de/?cm68news_download", + "refsource": "MISC", + "url": "http://cm68.de/?cm68news_download" + }, + { + "name": "2897", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2897" + }, + { + "name": "23326", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23326" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6700.json b/2006/6xxx/CVE-2006-6700.json index cbbd303e280..2dabf95b4db 100644 --- a/2006/6xxx/CVE-2006-6700.json +++ b/2006/6xxx/CVE-2006-6700.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6700", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in @Mail WebMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6700", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.netragard.com/html/recent_research.html", - "refsource" : "MISC", - "url" : "http://www.netragard.com/html/recent_research.html" - }, - { - "name" : "21708", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21708" - }, - { - "name" : "1017435", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017435" - }, - { - "name" : "23472", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23472" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in @Mail WebMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1017435", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017435" + }, + { + "name": "http://www.netragard.com/html/recent_research.html", + "refsource": "MISC", + "url": "http://www.netragard.com/html/recent_research.html" + }, + { + "name": "23472", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23472" + }, + { + "name": "21708", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21708" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6799.json b/2006/6xxx/CVE-2006-6799.json index 0ccb8e6cd84..962a216a1b1 100644 --- a/2006/6xxx/CVE-2006-6799.json +++ b/2006/6xxx/CVE-2006-6799.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6799", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are later used in the polling_items array and popen function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6799", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070118 Re: FW: [cacti-announce] Cacti 0.8.6j Released", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/457290/100/0/threaded" - }, - { - "name" : "3029", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3029" - }, - { - "name" : "http://www.cacti.net/release_notes_0_8_6j.php", - "refsource" : "CONFIRM", - "url" : "http://www.cacti.net/release_notes_0_8_6j.php" - }, - { - "name" : "DSA-1250", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1250" - }, - { - "name" : "GLSA-200701-23", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200701-23.xml" - }, - { - "name" : "MDKSA-2007:015", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:015" - }, - { - "name" : "OpenPKG-SA-2007.001", - "refsource" : "OPENPKG", - "url" : "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.001.html" - }, - { - "name" : "SUSE-SA:2007:007", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_07_cacti.html" - }, - { - "name" : "21799", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21799" - }, - { - "name" : "ADV-2006-5193", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5193" - }, - { - "name" : "1017451", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017451" - }, - { - "name" : "23528", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23528" - }, - { - "name" : "23665", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23665" - }, - { - "name" : "23917", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23917" - }, - { - "name" : "23941", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23941" - }, - { - "name" : "cacti-cmd-sql-injection(31177)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31177" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are later used in the polling_items array and popen function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-1250", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1250" + }, + { + "name": "OpenPKG-SA-2007.001", + "refsource": "OPENPKG", + "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.001.html" + }, + { + "name": "23917", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23917" + }, + { + "name": "MDKSA-2007:015", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:015" + }, + { + "name": "23528", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23528" + }, + { + "name": "1017451", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017451" + }, + { + "name": "cacti-cmd-sql-injection(31177)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31177" + }, + { + "name": "GLSA-200701-23", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200701-23.xml" + }, + { + "name": "SUSE-SA:2007:007", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_07_cacti.html" + }, + { + "name": "ADV-2006-5193", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5193" + }, + { + "name": "http://www.cacti.net/release_notes_0_8_6j.php", + "refsource": "CONFIRM", + "url": "http://www.cacti.net/release_notes_0_8_6j.php" + }, + { + "name": "23665", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23665" + }, + { + "name": "3029", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3029" + }, + { + "name": "21799", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21799" + }, + { + "name": "23941", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23941" + }, + { + "name": "20070118 Re: FW: [cacti-announce] Cacti 0.8.6j Released", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/457290/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7175.json b/2006/7xxx/CVE-2006-7175.json index 29fb9320c93..552c356c51d 100644 --- a/2006/7xxx/CVE-2006-7175.json +++ b/2006/7xxx/CVE-2006-7175.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7175", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not allow the administrator to disable SSLv2 encryption, which could cause less secure channels to be used than desired." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7175", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172352", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172352" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not allow the administrator to disable SSLv2 encryption, which could cause less secure channels to be used than desired." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172352", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172352" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2205.json b/2010/2xxx/CVE-2010-2205.json index a0ae993811a..941122f5157 100644 --- a/2010/2xxx/CVE-2010-2205.json +++ b/2010/2xxx/CVE-2010-2205.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2205", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, access uninitialized memory, which allows attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-2205", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-15.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-15.html" - }, - { - "name" : "oval:org.mitre.oval:def:7070", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7070" - }, - { - "name" : "1024159", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024159" - }, - { - "name" : "ADV-2010-1636", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1636" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, access uninitialized memory, which allows attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-1636", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1636" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-15.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-15.html" + }, + { + "name": "oval:org.mitre.oval:def:7070", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7070" + }, + { + "name": "1024159", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024159" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2654.json b/2010/2xxx/CVE-2010-2654.json index 4b90593d567..835b19d02eb 100644 --- a/2010/2xxx/CVE-2010-2654.json +++ b/2010/2xxx/CVE-2010-2654.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2654", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php, (3) the domain parameter to private/power_management_policy_options.php, the slot parameter to (4) private/pm_temp.php or (5) private/power_module.php, (6) the WEBINDEX parameter to private/blade_leds.php, or (7) the SLOT parameter to private/ipmi_bladestatus.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2654", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14237", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14237/" - }, - { - "name" : "http://dsecrg.com/pages/vul/show.php?id=154", - "refsource" : "MISC", - "url" : "http://dsecrg.com/pages/vul/show.php?id=154" - }, - { - "name" : "41383", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41383" - }, - { - "name" : "66122", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/66122" - }, - { - "name" : "66125", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/66125" - }, - { - "name" : "66126", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/66126" - }, - { - "name" : "66127", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/66127" - }, - { - "name" : "66128", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/66128" - }, - { - "name" : "66129", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/66129" - }, - { - "name" : "66130", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/66130" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php, (3) the domain parameter to private/power_management_policy_options.php, the slot parameter to (4) private/pm_temp.php or (5) private/power_module.php, (6) the WEBINDEX parameter to private/blade_leds.php, or (7) the SLOT parameter to private/ipmi_bladestatus.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14237", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14237/" + }, + { + "name": "66125", + "refsource": "OSVDB", + "url": "http://osvdb.org/66125" + }, + { + "name": "66128", + "refsource": "OSVDB", + "url": "http://osvdb.org/66128" + }, + { + "name": "66130", + "refsource": "OSVDB", + "url": "http://osvdb.org/66130" + }, + { + "name": "41383", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41383" + }, + { + "name": "66127", + "refsource": "OSVDB", + "url": "http://osvdb.org/66127" + }, + { + "name": "66129", + "refsource": "OSVDB", + "url": "http://osvdb.org/66129" + }, + { + "name": "66122", + "refsource": "OSVDB", + "url": "http://osvdb.org/66122" + }, + { + "name": "http://dsecrg.com/pages/vul/show.php?id=154", + "refsource": "MISC", + "url": "http://dsecrg.com/pages/vul/show.php?id=154" + }, + { + "name": "66126", + "refsource": "OSVDB", + "url": "http://osvdb.org/66126" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2933.json b/2010/2xxx/CVE-2010-2933.json index a439d90047f..b1805ccab8e 100644 --- a/2010/2xxx/CVE-2010-2933.json +++ b/2010/2xxx/CVE-2010-2933.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2933", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in AV Scripts AV Arcade 3 allows remote attackers to execute arbitrary SQL commands via the ava_code cookie to the \"main page,\" related to index.php and the login task." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2933", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14494", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14494" - }, - { - "name" : "42023", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42023" - }, - { - "name" : "avarcade-index-security-bypass(60799)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60799" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in AV Scripts AV Arcade 3 allows remote attackers to execute arbitrary SQL commands via the ava_code cookie to the \"main page,\" related to index.php and the login task." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42023", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42023" + }, + { + "name": "avarcade-index-security-bypass(60799)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60799" + }, + { + "name": "14494", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14494" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0078.json b/2011/0xxx/CVE-2011-0078.json index c98b788872a..27ee97a7577 100644 --- a/2011/0xxx/CVE-2011-0078.json +++ b/2011/0xxx/CVE-2011-0078.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0078", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, and CVE-2011-0077." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0078", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-12.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-12.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=635705", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=635705" - }, - { - "name" : "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird", - "refsource" : "CONFIRM", - "url" : "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird" - }, - { - "name" : "http://downloads.avaya.com/css/P8/documents/100134543", - "refsource" : "CONFIRM", - "url" : "http://downloads.avaya.com/css/P8/documents/100134543" - }, - { - "name" : "http://downloads.avaya.com/css/P8/documents/100144158", - "refsource" : "CONFIRM", - "url" : "http://downloads.avaya.com/css/P8/documents/100144158" - }, - { - "name" : "DSA-2227", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2227" - }, - { - "name" : "DSA-2228", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2228" - }, - { - "name" : "DSA-2235", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2235" - }, - { - "name" : "MDVSA-2011:080", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:080" - }, - { - "name" : "MDVSA-2011:079", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079" - }, - { - "name" : "47651", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47651" - }, - { - "name" : "oval:org.mitre.oval:def:14246", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14246" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, and CVE-2011-0077." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2228", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2228" + }, + { + "name": "MDVSA-2011:079", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=635705", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=635705" + }, + { + "name": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird", + "refsource": "CONFIRM", + "url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird" + }, + { + "name": "DSA-2235", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2235" + }, + { + "name": "http://downloads.avaya.com/css/P8/documents/100134543", + "refsource": "CONFIRM", + "url": "http://downloads.avaya.com/css/P8/documents/100134543" + }, + { + "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-12.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-12.html" + }, + { + "name": "47651", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47651" + }, + { + "name": "MDVSA-2011:080", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:080" + }, + { + "name": "DSA-2227", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2227" + }, + { + "name": "oval:org.mitre.oval:def:14246", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14246" + }, + { + "name": "http://downloads.avaya.com/css/P8/documents/100144158", + "refsource": "CONFIRM", + "url": "http://downloads.avaya.com/css/P8/documents/100144158" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0758.json b/2011/0xxx/CVE-2011-0758.json index db88093854a..3dd8cf53311 100644 --- a/2011/0xxx/CVE-2011-0758.json +++ b/2011/0xxx/CVE-2011-0758.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0758", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The eCS component (ECSQdmn.exe) in CA ETrust Secure Content Manager 8.0 and CA Gateway Security 8.1 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted request to port 1882, involving an incorrect integer calculation and a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0758", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110207 ZDI-11-059: CA ETrust Secure Content Manager Common Services Transport Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516277/100/0/threaded" - }, - { - "name" : "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-ca", - "refsource" : "MISC", - "url" : "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-ca" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-059", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-059" - }, - { - "name" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={EE6F16E1-6E05-4890-A739-2B9F745C721F}", - "refsource" : "CONFIRM", - "url" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={EE6F16E1-6E05-4890-A739-2B9F745C721F}" - }, - { - "name" : "46253", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46253" - }, - { - "name" : "70840", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70840" - }, - { - "name" : "1025052", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025052" - }, - { - "name" : "43200", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43200" - }, - { - "name" : "8075", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8075" - }, - { - "name" : "ADV-2011-0306", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0306" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The eCS component (ECSQdmn.exe) in CA ETrust Secure Content Manager 8.0 and CA Gateway Security 8.1 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted request to port 1882, involving an incorrect integer calculation and a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46253", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46253" + }, + { + "name": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-ca", + "refsource": "MISC", + "url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-ca" + }, + { + "name": "43200", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43200" + }, + { + "name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={EE6F16E1-6E05-4890-A739-2B9F745C721F}", + "refsource": "CONFIRM", + "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={EE6F16E1-6E05-4890-A739-2B9F745C721F}" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-059", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-059" + }, + { + "name": "1025052", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025052" + }, + { + "name": "8075", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8075" + }, + { + "name": "70840", + "refsource": "OSVDB", + "url": "http://osvdb.org/70840" + }, + { + "name": "20110207 ZDI-11-059: CA ETrust Secure Content Manager Common Services Transport Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516277/100/0/threaded" + }, + { + "name": "ADV-2011-0306", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0306" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0780.json b/2011/0xxx/CVE-2011-0780.json index e4dd960917a..4d14bcd52d8 100644 --- a/2011/0xxx/CVE-2011-0780.json +++ b/2011/0xxx/CVE-2011-0780.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0780", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PDF event handler in Google Chrome before 9.0.597.84 does not properly interact with print operations, which allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0780", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=64051", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=64051" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html" - }, - { - "name" : "oval:org.mitre.oval:def:14530", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14530" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PDF event handler in Google Chrome before 9.0.597.84 does not properly interact with print operations, which allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/chromium/issues/detail?id=64051", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=64051" + }, + { + "name": "oval:org.mitre.oval:def:14530", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14530" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0985.json b/2011/0xxx/CVE-2011-0985.json index 8564c880d90..e29183d85d6 100644 --- a/2011/0xxx/CVE-2011-0985.json +++ b/2011/0xxx/CVE-2011-0985.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0985", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 9.0.597.94 does not properly perform process termination upon memory exhaustion, which has unspecified impact and remote attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0985", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=70456", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=70456" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_08.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_08.html" - }, - { - "name" : "http://www.srware.net/forum/viewtopic.php?f=18&t=2190", - "refsource" : "CONFIRM", - "url" : "http://www.srware.net/forum/viewtopic.php?f=18&t=2190" - }, - { - "name" : "DSA-2166", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2166" - }, - { - "name" : "46262", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46262" - }, - { - "name" : "oval:org.mitre.oval:def:14506", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14506" - }, - { - "name" : "43342", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43342" - }, - { - "name" : "43368", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43368" - }, - { - "name" : "ADV-2011-0408", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0408" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 9.0.597.94 does not properly perform process termination upon memory exhaustion, which has unspecified impact and remote attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43368", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43368" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=70456", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=70456" + }, + { + "name": "oval:org.mitre.oval:def:14506", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14506" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_08.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_08.html" + }, + { + "name": "http://www.srware.net/forum/viewtopic.php?f=18&t=2190", + "refsource": "CONFIRM", + "url": "http://www.srware.net/forum/viewtopic.php?f=18&t=2190" + }, + { + "name": "43342", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43342" + }, + { + "name": "DSA-2166", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2166" + }, + { + "name": "ADV-2011-0408", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0408" + }, + { + "name": "46262", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46262" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0999.json b/2011/0xxx/CVE-2011-0999.json index 1394eab37d0..16adc3b9c49 100644 --- a/2011/0xxx/CVE-2011-0999.json +++ b/2011/0xxx/CVE-2011-0999.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0999", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mm/huge_memory.c in the Linux kernel before 2.6.38-rc5 does not prevent creation of a transparent huge page (THP) during the existence of a temporary stack for an exec system call, which allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact via a crafted application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-0999", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110217 CVE request - kernel: thp: prevent hugepages during args/env copying into the user stack", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/02/17/3" - }, - { - "name" : "[oss-security] 20110217 Re: CVE request - kernel: thp: prevent hugepages during args/env copying into the user stack", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/02/17/6" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a7d6e4ecdb7648478ddec76d30d87d03d6e22b31", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a7d6e4ecdb7648478ddec76d30d87d03d6e22b31" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.38-rc5", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.38-rc5" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=678209", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=678209" - }, - { - "name" : "46442", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46442" - }, - { - "name" : "kernel-hugepages-dos(65535)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65535" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mm/huge_memory.c in the Linux kernel before 2.6.38-rc5 does not prevent creation of a transparent huge page (THP) during the existence of a temporary stack for an exec system call, which allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact via a crafted application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110217 CVE request - kernel: thp: prevent hugepages during args/env copying into the user stack", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/02/17/3" + }, + { + "name": "46442", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46442" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.38-rc5", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.38-rc5" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a7d6e4ecdb7648478ddec76d30d87d03d6e22b31", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a7d6e4ecdb7648478ddec76d30d87d03d6e22b31" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=678209", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=678209" + }, + { + "name": "[oss-security] 20110217 Re: CVE request - kernel: thp: prevent hugepages during args/env copying into the user stack", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/02/17/6" + }, + { + "name": "kernel-hugepages-dos(65535)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65535" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1185.json b/2011/1xxx/CVE-2011-1185.json index dea26089f40..69d1dec6572 100644 --- a/2011/1xxx/CVE-2011-1185.json +++ b/2011/1xxx/CVE-2011-1185.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1185", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 10.0.648.127 does not prevent (1) navigation and (2) close operations on the top location of a sandboxed frame, which has unspecified impact and remote attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=42574", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=42574" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=42765", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=42765" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html" - }, - { - "name" : "46785", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46785" - }, - { - "name" : "oval:org.mitre.oval:def:14349", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14349" - }, - { - "name" : "ADV-2011-0628", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0628" - }, - { - "name" : "chrome-sandboxed-sec-bypass(65948)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65948" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 10.0.648.127 does not prevent (1) navigation and (2) close operations on the top location of a sandboxed frame, which has unspecified impact and remote attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "chrome-sandboxed-sec-bypass(65948)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65948" + }, + { + "name": "46785", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46785" + }, + { + "name": "oval:org.mitre.oval:def:14349", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14349" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=42574", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=42574" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=42765", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=42765" + }, + { + "name": "ADV-2011-0628", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0628" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1422.json b/2011/1xxx/CVE-2011-1422.json index d2d82133d9e..05a5d79ac43 100644 --- a/2011/1xxx/CVE-2011-1422.json +++ b/2011/1xxx/CVE-2011-1422.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1422", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in an unspecified Shockwave Flash file in EMC RSA Adaptive Authentication On-Premise (AAOP) 2.x, 5.7.x, and 6.x allows remote attackers to inject arbitrary web script or HTML via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2011-1422", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110418 ESA-2011-014: RSA, The Security Division of EMC, announces the release of Adaptive Authentication (On-Premise) Flash File Security Patch", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/517534/100/0/threaded" - }, - { - "name" : "47408", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47408" - }, - { - "name" : "1025382", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025382" - }, - { - "name" : "44236", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44236" - }, - { - "name" : "8215", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8215" - }, - { - "name" : "ADV-2011-1026", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/1026" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in an unspecified Shockwave Flash file in EMC RSA Adaptive Authentication On-Premise (AAOP) 2.x, 5.7.x, and 6.x allows remote attackers to inject arbitrary web script or HTML via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1025382", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025382" + }, + { + "name": "47408", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47408" + }, + { + "name": "8215", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8215" + }, + { + "name": "ADV-2011-1026", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/1026" + }, + { + "name": "20110418 ESA-2011-014: RSA, The Security Division of EMC, announces the release of Adaptive Authentication (On-Premise) Flash File Security Patch", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/517534/100/0/threaded" + }, + { + "name": "44236", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44236" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1511.json b/2011/1xxx/CVE-2011-1511.json index 08c2dd1be69..50f094c881f 100644 --- a/2011/1xxx/CVE-2011-1511.json +++ b/2011/1xxx/CVE-2011-1511.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1511", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Products Suite 2.1.1 and 3.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to Administration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1511", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" - }, - { - "name" : "TA11-201A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" - }, - { - "name" : "8254", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8254" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Products Suite 2.1.1 and 3.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to Administration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA11-201A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" + }, + { + "name": "8254", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8254" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1552.json b/2011/1xxx/CVE-2011-1552.json index b67418615e6..5e8e7ec9f98 100644 --- a/2011/1xxx/CVE-2011-1552.json +++ b/2011/1xxx/CVE-2011-1552.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1552", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1552", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110327 TSSA-2011-01 xpdf : multiple vulnerabilities allow remote code execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/517205/100/0/threaded" - }, - { - "name" : "http://www.toucan-system.com/advisories/tssa-2011-01.txt", - "refsource" : "MISC", - "url" : "http://www.toucan-system.com/advisories/tssa-2011-01.txt" - }, - { - "name" : "http://www.foolabs.com/xpdf/download.html", - "refsource" : "CONFIRM", - "url" : "http://www.foolabs.com/xpdf/download.html" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/MAPG-8ECL8X", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/MAPG-8ECL8X" - }, - { - "name" : "GLSA-201701-57", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-57" - }, - { - "name" : "MDVSA-2012:144", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144" - }, - { - "name" : "RHSA-2012:1201", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1201.html" - }, - { - "name" : "VU#376500", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/376500" - }, - { - "name" : "1025266", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025266" - }, - { - "name" : "43823", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43823" - }, - { - "name" : "48985", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48985" - }, - { - "name" : "8171", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8171" - }, - { - "name" : "ADV-2011-0728", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0728" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43823", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43823" + }, + { + "name": "48985", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48985" + }, + { + "name": "8171", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8171" + }, + { + "name": "http://www.kb.cert.org/vuls/id/MAPG-8ECL8X", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/MAPG-8ECL8X" + }, + { + "name": "ADV-2011-0728", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0728" + }, + { + "name": "RHSA-2012:1201", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html" + }, + { + "name": "http://www.foolabs.com/xpdf/download.html", + "refsource": "CONFIRM", + "url": "http://www.foolabs.com/xpdf/download.html" + }, + { + "name": "http://www.toucan-system.com/advisories/tssa-2011-01.txt", + "refsource": "MISC", + "url": "http://www.toucan-system.com/advisories/tssa-2011-01.txt" + }, + { + "name": "VU#376500", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/376500" + }, + { + "name": "MDVSA-2012:144", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144" + }, + { + "name": "GLSA-201701-57", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-57" + }, + { + "name": "1025266", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025266" + }, + { + "name": "20110327 TSSA-2011-01 xpdf : multiple vulnerabilities allow remote code execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/517205/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1965.json b/2011/1xxx/CVE-2011-1965.json index 7dd45d82dc8..4fdc00d4b4f 100644 --- a/2011/1xxx/CVE-2011-1965.json +++ b/2011/1xxx/CVE-2011-1965.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1965", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka \"TCP/IP QOS Denial of Service Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1965", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-064", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-064" - }, - { - "name" : "TA11-221A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-221A.html" - }, - { - "name" : "oval:org.mitre.oval:def:12318", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12318" - }, - { - "name" : "8474", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8474" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka \"TCP/IP QOS Denial of Service Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS11-064", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-064" + }, + { + "name": "8474", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8474" + }, + { + "name": "oval:org.mitre.oval:def:12318", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12318" + }, + { + "name": "TA11-221A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-221A.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4221.json b/2011/4xxx/CVE-2011-4221.json index 408212f987a..e3b6ebc6d93 100644 --- a/2011/4xxx/CVE-2011-4221.json +++ b/2011/4xxx/CVE-2011-4221.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4221", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Investintech.com Able2Doc and Able2Doc Professional allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4221", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#275036", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/275036" - }, - { - "name" : "able2doc-pdf-code-execution(71096)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71096" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Investintech.com Able2Doc and Able2Doc Professional allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "able2doc-pdf-code-execution(71096)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71096" + }, + { + "name": "VU#275036", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/275036" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5014.json b/2011/5xxx/CVE-2011-5014.json index 3fe76935216..095904dfeea 100644 --- a/2011/5xxx/CVE-2011-5014.json +++ b/2011/5xxx/CVE-2011-5014.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5014", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5014", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3181.json b/2014/3xxx/CVE-2014-3181.json index 7ca830081e0..88ba62cfcd3 100644 --- a/2014/3xxx/CVE-2014-3181.json +++ b/2014/3xxx/CVE-2014-3181.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3181", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allow physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-3181", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140911 Multiple Linux USB driver CVE assignment", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/09/11/21" - }, - { - "name" : "https://code.google.com/p/google-security-research/issues/detail?id=100", - "refsource" : "MISC", - "url" : "https://code.google.com/p/google-security-research/issues/detail?id=100" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c54def7bd64d7c0b6993336abcffb8444795bf38", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c54def7bd64d7c0b6993336abcffb8444795bf38" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1141173", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1141173" - }, - { - "name" : "https://github.com/torvalds/linux/commit/c54def7bd64d7c0b6993336abcffb8444795bf38", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/c54def7bd64d7c0b6993336abcffb8444795bf38" - }, - { - "name" : "RHSA-2014:1318", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1318.html" - }, - { - "name" : "SUSE-SU-2015:0481", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html" - }, - { - "name" : "openSUSE-SU-2015:0566", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html" - }, - { - "name" : "USN-2376-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2376-1" - }, - { - "name" : "USN-2377-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2377-1" - }, - { - "name" : "USN-2378-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2378-1" - }, - { - "name" : "USN-2379-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2379-1" - }, - { - "name" : "69779", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69779" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allow physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2377-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2377-1" + }, + { + "name": "RHSA-2014:1318", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1318.html" + }, + { + "name": "69779", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69779" + }, + { + "name": "https://code.google.com/p/google-security-research/issues/detail?id=100", + "refsource": "MISC", + "url": "https://code.google.com/p/google-security-research/issues/detail?id=100" + }, + { + "name": "https://github.com/torvalds/linux/commit/c54def7bd64d7c0b6993336abcffb8444795bf38", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/c54def7bd64d7c0b6993336abcffb8444795bf38" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c54def7bd64d7c0b6993336abcffb8444795bf38", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c54def7bd64d7c0b6993336abcffb8444795bf38" + }, + { + "name": "SUSE-SU-2015:0481", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html" + }, + { + "name": "[oss-security] 20140911 Multiple Linux USB driver CVE assignment", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/09/11/21" + }, + { + "name": "USN-2378-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2378-1" + }, + { + "name": "openSUSE-SU-2015:0566", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1141173", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1141173" + }, + { + "name": "USN-2379-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2379-1" + }, + { + "name": "USN-2376-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2376-1" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3295.json b/2014/3xxx/CVE-2014-3295.json index bda4dc1751d..847c585c650 100644 --- a/2014/3xxx/CVE-2014-3295.json +++ b/2014/3xxx/CVE-2014-3295.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3295", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HSRP implementation in Cisco NX-OS 6.2(2a) and earlier allows remote attackers to bypass authentication and cause a denial of service (group-member state modification and traffic blackholing) via malformed HSRP packets, aka Bug ID CSCup11309." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3295", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34585", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34585" - }, - { - "name" : "20140610 Cisco NX-OS Software HSRP Authentication Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3295" - }, - { - "name" : "67983", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67983" - }, - { - "name" : "1030409", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030409" - }, - { - "name" : "59158", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59158" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HSRP implementation in Cisco NX-OS 6.2(2a) and earlier allows remote attackers to bypass authentication and cause a denial of service (group-member state modification and traffic blackholing) via malformed HSRP packets, aka Bug ID CSCup11309." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "67983", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67983" + }, + { + "name": "20140610 Cisco NX-OS Software HSRP Authentication Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3295" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34585", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34585" + }, + { + "name": "1030409", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030409" + }, + { + "name": "59158", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59158" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3481.json b/2014/3xxx/CVE-2014-3481.json index 9f62a35c568..bbddab7bc4c 100644 --- a/2014/3xxx/CVE-2014-3481.json +++ b/2014/3xxx/CVE-2014-3481.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3481", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary files via unspecified vectors, related to an XML External Entity (XXE) issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3481", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1105242", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1105242" - }, - { - "name" : "RHSA-2014:0797", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0797.html" - }, - { - "name" : "RHSA-2014:0798", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0798.html" - }, - { - "name" : "RHSA-2014:0799", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0799.html" - }, - { - "name" : "RHSA-2015:0675", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0675.html" - }, - { - "name" : "RHSA-2015:0720", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0720.html" - }, - { - "name" : "RHSA-2015:0765", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0765.html" - }, - { - "name" : "1032017", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032017" - }, - { - "name" : "redhat-jeap-cve20143481-info-disc(94939)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94939" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary files via unspecified vectors, related to an XML External Entity (XXE) issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:0798", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0798.html" + }, + { + "name": "1032017", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032017" + }, + { + "name": "RHSA-2015:0765", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html" + }, + { + "name": "RHSA-2015:0675", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html" + }, + { + "name": "RHSA-2015:0720", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html" + }, + { + "name": "RHSA-2014:0797", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0797.html" + }, + { + "name": "redhat-jeap-cve20143481-info-disc(94939)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94939" + }, + { + "name": "RHSA-2014:0799", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0799.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1105242", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1105242" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3798.json b/2014/3xxx/CVE-2014-3798.json index 823c133c66b..25010d612ed 100644 --- a/2014/3xxx/CVE-2014-3798.json +++ b/2014/3xxx/CVE-2014-3798.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3798", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3798", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3845.json b/2014/3xxx/CVE-2014-3845.json index 64f62c6dc56..3a6a086e16a 100644 --- a/2014/3xxx/CVE-2014-3845.json +++ b/2014/3xxx/CVE-2014-3845.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3845", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the TinyMCE Color Picker plugin before 1.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that change plugin settings via unknown vectors. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3845", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://wordpress.org/plugins/tinymce-colorpicker/changelog", - "refsource" : "MISC", - "url" : "http://wordpress.org/plugins/tinymce-colorpicker/changelog" - }, - { - "name" : "58095", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58095" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the TinyMCE Color Picker plugin before 1.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that change plugin settings via unknown vectors. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://wordpress.org/plugins/tinymce-colorpicker/changelog", + "refsource": "MISC", + "url": "http://wordpress.org/plugins/tinymce-colorpicker/changelog" + }, + { + "name": "58095", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58095" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3860.json b/2014/3xxx/CVE-2014-3860.json index 80fa43a7ad8..a5714a67db5 100644 --- a/2014/3xxx/CVE-2014-3860.json +++ b/2014/3xxx/CVE-2014-3860.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3860", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3860", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6235.json b/2014/6xxx/CVE-2014-6235.json index 6ffcc3cae27..2e84aa06f76 100644 --- a/2014/6xxx/CVE-2014-6235.json +++ b/2014/6xxx/CVE-2014-6235.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6235", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the ke DomPDF extension before 0.0.5 for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6235", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-010", - "refsource" : "MISC", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-010" - }, - { - "name" : "http://typo3.org/extensions/repository/view/ke_dompdf", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/extensions/repository/view/ke_dompdf" - }, - { - "name" : "69563", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69563" - }, - { - "name" : "kedompdf-unspecified-code-exec(95706)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95706" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the ke DomPDF extension before 0.0.5 for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69563", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69563" + }, + { + "name": "http://typo3.org/extensions/repository/view/ke_dompdf", + "refsource": "CONFIRM", + "url": "http://typo3.org/extensions/repository/view/ke_dompdf" + }, + { + "name": "kedompdf-unspecified-code-exec(95706)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95706" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-010", + "refsource": "MISC", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-010" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6282.json b/2014/6xxx/CVE-2014-6282.json index 4e54a2f5b54..53738b05280 100644 --- a/2014/6xxx/CVE-2014-6282.json +++ b/2014/6xxx/CVE-2014-6282.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6282", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6282", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6515.json b/2014/6xxx/CVE-2014-6515.json index 93641b61f3e..db18a0494a1 100644 --- a/2014/6xxx/CVE-2014-6515.json +++ b/2014/6xxx/CVE-2014-6515.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6515", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6515", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21688283", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21688283" - }, - { - "name" : "GLSA-201502-12", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-12.xml" - }, - { - "name" : "HPSBUX03218", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141775382904016&w=2" - }, - { - "name" : "SSRT101770", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141775382904016&w=2" - }, - { - "name" : "RHSA-2014:1657", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1657.html" - }, - { - "name" : "RHSA-2014:1658", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1658.html" - }, - { - "name" : "RHSA-2014:1876", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1876.html" - }, - { - "name" : "RHSA-2014:1877", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1877.html" - }, - { - "name" : "RHSA-2014:1880", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1880.html" - }, - { - "name" : "RHSA-2014:1882", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1882.html" - }, - { - "name" : "RHSA-2015:0264", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0264.html" - }, - { - "name" : "SUSE-SU-2014:1526", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html" - }, - { - "name" : "SUSE-SU-2014:1549", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html" - }, - { - "name" : "SUSE-SU-2015:0344", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html" - }, - { - "name" : "SUSE-SU-2015:0345", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html" - }, - { - "name" : "SUSE-SU-2015:0392", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html" - }, - { - "name" : "70565", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70565" - }, - { - "name" : "61163", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61163" - }, - { - "name" : "61164", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61164" - }, - { - "name" : "61609", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:1880", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1880.html" + }, + { + "name": "RHSA-2014:1657", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1657.html" + }, + { + "name": "70565", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70565" + }, + { + "name": "RHSA-2014:1877", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1877.html" + }, + { + "name": "61609", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61609" + }, + { + "name": "61163", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61163" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21688283", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688283" + }, + { + "name": "HPSBUX03218", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141775382904016&w=2" + }, + { + "name": "SUSE-SU-2014:1549", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html" + }, + { + "name": "RHSA-2014:1876", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1876.html" + }, + { + "name": "RHSA-2015:0264", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0264.html" + }, + { + "name": "SUSE-SU-2015:0392", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html" + }, + { + "name": "SUSE-SU-2014:1526", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html" + }, + { + "name": "SUSE-SU-2015:0345", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html" + }, + { + "name": "RHSA-2014:1882", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1882.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + }, + { + "name": "RHSA-2014:1658", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1658.html" + }, + { + "name": "61164", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61164" + }, + { + "name": "SSRT101770", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141775382904016&w=2" + }, + { + "name": "GLSA-201502-12", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-12.xml" + }, + { + "name": "SUSE-SU-2015:0344", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6557.json b/2014/6xxx/CVE-2014-6557.json index dd18d6fb1c1..1c2b1974ddd 100644 --- a/2014/6xxx/CVE-2014-6557.json +++ b/2014/6xxx/CVE-2014-6557.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6557", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Application Performance Management component in Oracle Enterprise Manager Grid Control before 12.1.0.6.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to End User Experience Management." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6557", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "70512", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70512" - }, - { - "name" : "1031041", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031041" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Application Performance Management component in Oracle Enterprise Manager Grid Control before 12.1.0.6.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to End User Experience Management." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031041", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031041" + }, + { + "name": "70512", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70512" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6635.json b/2014/6xxx/CVE-2014-6635.json index 17b7a6f770b..56b3e16d201 100644 --- a/2014/6xxx/CVE-2014-6635.json +++ b/2014/6xxx/CVE-2014-6635.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6635", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the src parameter in the search action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6635", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/128335/Exponent-CMS-2.3.0-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128335/Exponent-CMS-2.3.0-Cross-Site-Scripting.html" - }, - { - "name" : "exponentcms-indexsrc-xss(96158)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96158" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the src parameter in the search action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "exponentcms-indexsrc-xss(96158)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96158" + }, + { + "name": "http://packetstormsecurity.com/files/128335/Exponent-CMS-2.3.0-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128335/Exponent-CMS-2.3.0-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6698.json b/2014/6xxx/CVE-2014-6698.json index 97feb595ef1..3920af464e4 100644 --- a/2014/6xxx/CVE-2014-6698.json +++ b/2014/6xxx/CVE-2014-6698.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6698", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Galaxy Online 2 (aka air.com.igg.galaxyAPhone) application 1.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6698", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#355721", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/355721" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Galaxy Online 2 (aka air.com.igg.galaxyAPhone) application 1.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#355721", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/355721" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6894.json b/2014/6xxx/CVE-2014-6894.json index f2396f869c2..33b15aba18d 100644 --- a/2014/6xxx/CVE-2014-6894.json +++ b/2014/6xxx/CVE-2014-6894.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6894", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Lucktastic (aka com.lucktastic.scratch) application 1.2.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6894", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#577041", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/577041" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Lucktastic (aka com.lucktastic.scratch) application 1.2.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#577041", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/577041" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7044.json b/2014/7xxx/CVE-2014-7044.json index f8c5468319c..7038977e1a7 100644 --- a/2014/7xxx/CVE-2014-7044.json +++ b/2014/7xxx/CVE-2014-7044.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7044", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Street Walker (aka kt.road.StreetWalker) application 0.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7044", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#418113", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/418113" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Street Walker (aka kt.road.StreetWalker) application 0.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#418113", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/418113" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7474.json b/2014/7xxx/CVE-2014-7474.json index 8c9346df4c0..711824dce2a 100644 --- a/2014/7xxx/CVE-2014-7474.json +++ b/2014/7xxx/CVE-2014-7474.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7474", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7474", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7556.json b/2014/7xxx/CVE-2014-7556.json index dcd498035a8..2829a128efa 100644 --- a/2014/7xxx/CVE-2014-7556.json +++ b/2014/7xxx/CVE-2014-7556.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7556", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7556", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7722.json b/2014/7xxx/CVE-2014-7722.json index 5cb9535d39f..8afe6241355 100644 --- a/2014/7xxx/CVE-2014-7722.json +++ b/2014/7xxx/CVE-2014-7722.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7722", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Indian Jeweller (aka com.magzter.indianjeweller) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7722", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#223897", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/223897" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Indian Jeweller (aka com.magzter.indianjeweller) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#223897", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/223897" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2271.json b/2016/2xxx/CVE-2016-2271.json index 5fbe6ec7699..2c4d5ff9013 100644 --- a/2016/2xxx/CVE-2016-2271.json +++ b/2016/2xxx/CVE-2016-2271.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2271", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xenbits.xen.org/xsa/advisory-170.html", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/advisory-170.html" - }, - { - "name" : "http://support.citrix.com/article/CTX209443", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX209443" - }, - { - "name" : "DSA-3519", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3519" - }, - { - "name" : "FEDORA-2016-e48f4bd14f", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177990.html" - }, - { - "name" : "FEDORA-2016-f8121efdac", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178518.html" - }, - { - "name" : "GLSA-201604-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201604-03" - }, - { - "name" : "1035043", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035043" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3519", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3519" + }, + { + "name": "FEDORA-2016-e48f4bd14f", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177990.html" + }, + { + "name": "FEDORA-2016-f8121efdac", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178518.html" + }, + { + "name": "1035043", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035043" + }, + { + "name": "http://xenbits.xen.org/xsa/advisory-170.html", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/advisory-170.html" + }, + { + "name": "http://support.citrix.com/article/CTX209443", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX209443" + }, + { + "name": "GLSA-201604-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201604-03" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2706.json b/2016/2xxx/CVE-2016-2706.json index ba2665b4b0b..6d6aadb44b8 100644 --- a/2016/2xxx/CVE-2016-2706.json +++ b/2016/2xxx/CVE-2016-2706.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2706", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2706", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2883.json b/2016/2xxx/CVE-2016-2883.json index 7e66cf14427..366210c08e3 100644 --- a/2016/2xxx/CVE-2016-2883.json +++ b/2016/2xxx/CVE-2016-2883.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2883", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0387." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-2883", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21983347", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21983347" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0387." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21983347", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983347" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2934.json b/2016/2xxx/CVE-2016-2934.json index 37f5a4f5224..86e4853963e 100644 --- a/2016/2xxx/CVE-2016-2934.json +++ b/2016/2xxx/CVE-2016-2934.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2934", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-2934", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21991870", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21991870" - }, - { - "name" : "IV89795", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89795" - }, - { - "name" : "94987", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94987" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94987", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94987" + }, + { + "name": "IV89795", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89795" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21991870", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991870" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2997.json b/2016/2xxx/CVE-2016-2997.json index 3d18a45f0d1..1c1b02701cf 100644 --- a/2016/2xxx/CVE-2016-2997.json +++ b/2016/2xxx/CVE-2016-2997.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2997", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2995, CVE-2016-3005, and CVE-2016-3010." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-2997", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988991", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988991" - }, - { - "name" : "LO89929", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1LO89929" - }, - { - "name" : "92580", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92580" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2995, CVE-2016-3005, and CVE-2016-3010." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21988991", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988991" + }, + { + "name": "92580", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92580" + }, + { + "name": "LO89929", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LO89929" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18146.json b/2017/18xxx/CVE-2017-18146.json index 9ec8c15994e..41d6a502548 100644 --- a/2017/18xxx/CVE-2017-18146.json +++ b/2017/18xxx/CVE-2017-18146.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2017-18146", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, in some corner cases, ECDSA signature verification can fail." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cryptographic Issues in Core" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2017-18146", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, in some corner cases, ECDSA signature verification can fail." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cryptographic Issues in Core" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1381.json b/2017/1xxx/CVE-2017-1381.json index b17025b779d..58e6ca01fcb 100644 --- a/2017/1xxx/CVE-2017-1381.json +++ b/2017/1xxx/CVE-2017-1381.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-07-18T00:00:00", - "ID" : "CVE-2017-1381", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebSphere Application Server", - "version" : { - "version_data" : [ - { - "version_value" : "7.0" - }, - { - "version_value" : "8.0" - }, - { - "version_value" : "8.5" - }, - { - "version_value" : "9.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then served. IBM X-Force ID: 127152." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-07-18T00:00:00", + "ID": "CVE-2017-1381", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebSphere Application Server", + "version": { + "version_data": [ + { + "version_value": "7.0" + }, + { + "version_value": "8.0" + }, + { + "version_value": "8.5" + }, + { + "version_value": "9.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/127152", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/127152" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22004792", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22004792" - }, - { - "name" : "99917", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99917" - }, - { - "name" : "1038985", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038985" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then served. IBM X-Force ID: 127152." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22004792", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22004792" + }, + { + "name": "99917", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99917" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127152", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127152" + }, + { + "name": "1038985", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038985" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1450.json b/2017/1xxx/CVE-2017-1450.json index 3256dfb2ed5..5bdc9ffcf9d 100644 --- a/2017/1xxx/CVE-2017-1450.json +++ b/2017/1xxx/CVE-2017-1450.json @@ -1,89 +1,89 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-07-11T00:00:00", - "ID" : "CVE-2017-1450", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Emptoris Sourcing", - "version" : { - "version_data" : [ - { - "version_value" : "9.5" - }, - { - "version_value" : "10.0.0" - }, - { - "version_value" : "10.0.1" - }, - { - "version_value" : "10.0.2" - }, - { - "version_value" : "10.0.4" - }, - { - "version_value" : "10.1.0" - }, - { - "version_value" : "10.1.1" - }, - { - "version_value" : "10.1.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128177." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-07-11T00:00:00", + "ID": "CVE-2017-1450", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Emptoris Sourcing", + "version": { + "version_data": [ + { + "version_value": "9.5" + }, + { + "version_value": "10.0.0" + }, + { + "version_value": "10.0.1" + }, + { + "version_value": "10.0.2" + }, + { + "version_value": "10.0.4" + }, + { + "version_value": "10.1.0" + }, + { + "version_value": "10.1.1" + }, + { + "version_value": "10.1.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128177", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128177" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg22005834", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg22005834" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128177." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128177", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128177" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1862.json b/2017/1xxx/CVE-2017-1862.json index 29c05fe0a40..6612523bb2c 100644 --- a/2017/1xxx/CVE-2017-1862.json +++ b/2017/1xxx/CVE-2017-1862.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1862", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1862", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1961.json b/2017/1xxx/CVE-2017-1961.json index 95a7c48405e..9397e7df8c3 100644 --- a/2017/1xxx/CVE-2017-1961.json +++ b/2017/1xxx/CVE-2017-1961.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1961", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1961", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5421.json b/2017/5xxx/CVE-2017-5421.json index 6b9ddc460da..0c22941b14c 100644 --- a/2017/5xxx/CVE-2017-5421.json +++ b/2017/5xxx/CVE-2017-5421.json @@ -1,94 +1,94 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-5421", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52" - } - ] - } - }, - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded. This vulnerability affects Firefox < 52 and Thunderbird < 52." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Print preview spoofing" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-5421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1301876", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1301876" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-05/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-05/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-09/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-09/" - }, - { - "name" : "96692", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96692" - }, - { - "name" : "1037966", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037966" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded. This vulnerability affects Firefox < 52 and Thunderbird < 52." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Print preview spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1301876", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1301876" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-09/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-09/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-05/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-05/" + }, + { + "name": "1037966", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037966" + }, + { + "name": "96692", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96692" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5644.json b/2017/5xxx/CVE-2017-5644.json index eb4d9aa9169..376ce3f9cb5 100644 --- a/2017/5xxx/CVE-2017-5644.json +++ b/2017/5xxx/CVE-2017-5644.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "ID" : "CVE-2017-5644", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache POI", - "version" : { - "version_data" : [ - { - "version_value" : "before 3.15" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XXE" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "ID": "CVE-2017-5644", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache POI", + "version": { + "version_data": [ + { + "version_value": "before 3.15" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://poi.apache.org/#20+March+2017+-+CVE-2017-5644+-+Possible+DOS+%28Denial+of+Service%29+in+Apache+POI+versions+prior+to+3.15", - "refsource" : "CONFIRM", - "url" : "http://poi.apache.org/#20+March+2017+-+CVE-2017-5644+-+Possible+DOS+%28Denial+of+Service%29+in+Apache+POI+versions+prior+to+3.15" - }, - { - "name" : "96983", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96983" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XXE" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://poi.apache.org/#20+March+2017+-+CVE-2017-5644+-+Possible+DOS+%28Denial+of+Service%29+in+Apache+POI+versions+prior+to+3.15", + "refsource": "CONFIRM", + "url": "http://poi.apache.org/#20+March+2017+-+CVE-2017-5644+-+Possible+DOS+%28Denial+of+Service%29+in+Apache+POI+versions+prior+to+3.15" + }, + { + "name": "96983", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96983" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5976.json b/2017/5xxx/CVE-2017-5976.json index 021ab68d35b..22a57009aa0 100644 --- a/2017/5xxx/CVE-2017-5976.json +++ b/2017/5xxx/CVE-2017-5976.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5976", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5976", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170214 Re: A note about the multiple crashes in zziplib", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/14/3" - }, - { - "name" : "https://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-zzip_mem_entry_extra_block-memdisk-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-zzip_mem_entry_extra_block-memdisk-c/" - }, - { - "name" : "DSA-3878", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3878" - }, - { - "name" : "96268", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96268" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20170214 Re: A note about the multiple crashes in zziplib", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/14/3" + }, + { + "name": "96268", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96268" + }, + { + "name": "https://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-zzip_mem_entry_extra_block-memdisk-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-zzip_mem_entry_extra_block-memdisk-c/" + }, + { + "name": "DSA-3878", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3878" + } + ] + } +} \ No newline at end of file