diff --git a/2006/0xxx/CVE-2006-0130.json b/2006/0xxx/CVE-2006-0130.json index 8c5b76cd059..ab1326e338b 100644 --- a/2006/0xxx/CVE-2006-0130.json +++ b/2006/0xxx/CVE-2006-0130.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0130", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mail Management Agent (MAILMA) (aka Mail Management Server) in Rockliffe MailSite 7.0.3.1 and earlier allows remote attackers to attempt authentication with an unlimited number of user account names and passwords without denying connections, limiting the rate of connections, or locking out an account." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0130", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060104 Rockliffe Mailsite User Enumeration Flaw", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/040970.html" - }, - { - "name" : "http://zur.homelinux.com/Advisories/RockliffeMailsiteUserEnum.txt", - "refsource" : "MISC", - "url" : "http://zur.homelinux.com/Advisories/RockliffeMailsiteUserEnum.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mail Management Agent (MAILMA) (aka Mail Management Server) in Rockliffe MailSite 7.0.3.1 and earlier allows remote attackers to attempt authentication with an unlimited number of user account names and passwords without denying connections, limiting the rate of connections, or locking out an account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://zur.homelinux.com/Advisories/RockliffeMailsiteUserEnum.txt", + "refsource": "MISC", + "url": "http://zur.homelinux.com/Advisories/RockliffeMailsiteUserEnum.txt" + }, + { + "name": "20060104 Rockliffe Mailsite User Enumeration Flaw", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/040970.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0256.json b/2006/0xxx/CVE-2006-0256.json index 24d50e13e25..b3b1cbb03c1 100644 --- a/2006/0xxx/CVE-2006-0256.json +++ b/2006/0xxx/CVE-2006-0256.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0256", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Advanced Queuing component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.6, 10.1.0.3 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB01." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0256", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html" - }, - { - "name" : "VU#545804", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/545804" - }, - { - "name" : "16287", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16287" - }, - { - "name" : "ADV-2006-0243", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0243" - }, - { - "name" : "ADV-2006-0323", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0323" - }, - { - "name" : "1015499", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015499" - }, - { - "name" : "18493", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18493" - }, - { - "name" : "18608", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18608" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Advanced Queuing component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.6, 10.1.0.3 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB01." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18493", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18493" + }, + { + "name": "ADV-2006-0323", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0323" + }, + { + "name": "16287", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16287" + }, + { + "name": "VU#545804", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/545804" + }, + { + "name": "1015499", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015499" + }, + { + "name": "ADV-2006-0243", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0243" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html" + }, + { + "name": "18608", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18608" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0719.json b/2006/0xxx/CVE-2006-0719.json index 2281f58b87d..0ca7d83459c 100644 --- a/2006/0xxx/CVE-2006-0719.json +++ b/2006/0xxx/CVE-2006-0719.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0719", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in member_login.php in PHP Classifieds 6.18 through 6.20 allows remote attackers to execute arbitrary SQL commands via the (1) username parameter, which is used by the E-mail address field, and (2) password parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0719", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060214 SQL injection in PHP Classifieds 6.20", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/424955/100/0/threaded" - }, - { - "name" : "http://www.deltascripts.com/board/viewtopic.php?id=7234", - "refsource" : "CONFIRM", - "url" : "http://www.deltascripts.com/board/viewtopic.php?id=7234" - }, - { - "name" : "16642", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16642" - }, - { - "name" : "ADV-2006-0600", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0600" - }, - { - "name" : "18881", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18881" - }, - { - "name" : "424", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/424" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in member_login.php in PHP Classifieds 6.18 through 6.20 allows remote attackers to execute arbitrary SQL commands via the (1) username parameter, which is used by the E-mail address field, and (2) password parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060214 SQL injection in PHP Classifieds 6.20", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/424955/100/0/threaded" + }, + { + "name": "ADV-2006-0600", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0600" + }, + { + "name": "18881", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18881" + }, + { + "name": "424", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/424" + }, + { + "name": "16642", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16642" + }, + { + "name": "http://www.deltascripts.com/board/viewtopic.php?id=7234", + "refsource": "CONFIRM", + "url": "http://www.deltascripts.com/board/viewtopic.php?id=7234" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0992.json b/2006/0xxx/CVE-2006-0992.json index d4e0dc54306..e0e785247e0 100644 --- a/2006/0xxx/CVE-2006-0992.json +++ b/2006/0xxx/CVE-2006-0992.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0992", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 Public Beta 2 allows remote attackers to execute arbitrary code via a long Accept-Language value without a comma or semicolon. NOTE: due to a typo, the original ZDI advisory accidentally referenced CVE-2006-0092. This is the correct identifier." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0992", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060413 ZDI-06-008: Novell GroupWise Messenger Accept-Language Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/430911/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-06-008.html", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-06-008.html" - }, - { - "name" : "http://cirt.dk/advisories/cirt-42-advisory.txt", - "refsource" : "MISC", - "url" : "http://cirt.dk/advisories/cirt-42-advisory.txt" - }, - { - "name" : "http://metasploit.blogspot.com/2006/04/exploit-development-groupwise_14.html", - "refsource" : "MISC", - "url" : "http://metasploit.blogspot.com/2006/04/exploit-development-groupwise_14.html" - }, - { - "name" : "1679", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1679" - }, - { - "name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?10100861.htm", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?10100861.htm" - }, - { - "name" : "17503", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17503" - }, - { - "name" : "ADV-2006-1355", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1355" - }, - { - "name" : "24617", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24617" - }, - { - "name" : "1015911", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015911" - }, - { - "name" : "19663", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19663" - }, - { - "name" : "groupwise-accept-language-bo(25828)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25828" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 Public Beta 2 allows remote attackers to execute arbitrary code via a long Accept-Language value without a comma or semicolon. NOTE: due to a typo, the original ZDI advisory accidentally referenced CVE-2006-0092. This is the correct identifier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://metasploit.blogspot.com/2006/04/exploit-development-groupwise_14.html", + "refsource": "MISC", + "url": "http://metasploit.blogspot.com/2006/04/exploit-development-groupwise_14.html" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-06-008.html", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-008.html" + }, + { + "name": "24617", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24617" + }, + { + "name": "ADV-2006-1355", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1355" + }, + { + "name": "groupwise-accept-language-bo(25828)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25828" + }, + { + "name": "19663", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19663" + }, + { + "name": "20060413 ZDI-06-008: Novell GroupWise Messenger Accept-Language Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/430911/100/0/threaded" + }, + { + "name": "1679", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1679" + }, + { + "name": "1015911", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015911" + }, + { + "name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?10100861.htm", + "refsource": "CONFIRM", + "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?10100861.htm" + }, + { + "name": "http://cirt.dk/advisories/cirt-42-advisory.txt", + "refsource": "MISC", + "url": "http://cirt.dk/advisories/cirt-42-advisory.txt" + }, + { + "name": "17503", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17503" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1217.json b/2006/1xxx/CVE-2006-1217.json index 7e35f60c980..79a7ea2b70d 100644 --- a/2006/1xxx/CVE-2006-1217.json +++ b/2006/1xxx/CVE-2006-1217.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1217", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in DSPoll 1.1 allows remote attackers to execute arbitrary SQL commands via the pollid parameter to (1) results.php, (2) topolls.php, (3) pollit.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1217", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060324 [eVuln] DSPoll Multiple SQL Injection Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/428663/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/96/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/96/summary.html" - }, - { - "name" : "17103", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17103" - }, - { - "name" : "ADV-2006-0932", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0932" - }, - { - "name" : "23879", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23879" - }, - { - "name" : "23880", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23880" - }, - { - "name" : "23881", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23881" - }, - { - "name" : "1015758", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015758" - }, - { - "name" : "19209", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19209" - }, - { - "name" : "620", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/620" - }, - { - "name" : "622", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/622" - }, - { - "name" : "dspoll-pollid-sql-injection(25192)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25192" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in DSPoll 1.1 allows remote attackers to execute arbitrary SQL commands via the pollid parameter to (1) results.php, (2) topolls.php, (3) pollit.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23881", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23881" + }, + { + "name": "19209", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19209" + }, + { + "name": "1015758", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015758" + }, + { + "name": "23879", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23879" + }, + { + "name": "17103", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17103" + }, + { + "name": "23880", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23880" + }, + { + "name": "dspoll-pollid-sql-injection(25192)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25192" + }, + { + "name": "620", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/620" + }, + { + "name": "20060324 [eVuln] DSPoll Multiple SQL Injection Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/428663/100/0/threaded" + }, + { + "name": "622", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/622" + }, + { + "name": "ADV-2006-0932", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0932" + }, + { + "name": "http://evuln.com/vulns/96/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/96/summary.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1353.json b/2006/1xxx/CVE-2006-1353.json index 21f430630d3..86cbf1b31ff 100644 --- a/2006/1xxx/CVE-2006-1353.json +++ b/2006/1xxx/CVE-2006-1353.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1353", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the downloadid parameter in download_click.asp and (2) content_ID parameter in news/News_Item.asp; authenticated administrators can also conduct attacks via (3) user_id parameter to users/add_edit_user.asp, (4) bannerid parameter to banner_adds/banner_add_edit.asp, (5) cat_id parameter to categories/add_edit_cat.asp, (6) Content_ID parameter to News/add_edit_news.asp, (7) download_id parameter to downloads/add_edit_download.asp, (8) Poll_ID parameter to poll/add_edit_poll.asp, (9) contactid parameter to contactus/contactus_add_edit.asp, (10) sortby parameter to poll/poll_list.asp, and (11) unspecified inputs to downloads/add_edit_download.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1353", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060321 ASPPortal <= 3.1.1 Multiple Remote SQL Injection Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/428355/100/0/threaded" - }, - { - "name" : "20060322 Re: [SPAM:] - ASPPortal <= 3.1.1 Multiple Remote SQL Injection Vulnerabilities - Email has different SMTP TO: and MIME TO: fields in the email addresses", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/428615/100/0/threaded" - }, - { - "name" : "20060321 ASPPortal <= 3.1.1 Multiple Remote SQL Injection Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1402.html" - }, - { - "name" : "20060322 Re: [SPAM:] - ASPPortal <= 3.1.1 Multiple Remote SQL Injection Vulnerabilities - Email has different SMTP TO: and MIME TO: fields in the email addresses", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1431.html" - }, - { - "name" : "http://www.nukedx.com/?viewdoc=21", - "refsource" : "MISC", - "url" : "http://www.nukedx.com/?viewdoc=21" - }, - { - "name" : "1597", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1597" - }, - { - "name" : "17174", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17174" - }, - { - "name" : "ADV-2006-1014", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1014" - }, - { - "name" : "24020", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24020" - }, - { - "name" : "24084", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24084" - }, - { - "name" : "24085", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24085" - }, - { - "name" : "24086", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24086" - }, - { - "name" : "24087", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24087" - }, - { - "name" : "24088", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24088" - }, - { - "name" : "24089", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24089" - }, - { - "name" : "24090", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24090" - }, - { - "name" : "24091", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24091" - }, - { - "name" : "24092", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24092" - }, - { - "name" : "19286", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19286" - }, - { - "name" : "608", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/608" - }, - { - "name" : "aspportal-multiple-aspscripts-sql-injection(25346)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25346" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the downloadid parameter in download_click.asp and (2) content_ID parameter in news/News_Item.asp; authenticated administrators can also conduct attacks via (3) user_id parameter to users/add_edit_user.asp, (4) bannerid parameter to banner_adds/banner_add_edit.asp, (5) cat_id parameter to categories/add_edit_cat.asp, (6) Content_ID parameter to News/add_edit_news.asp, (7) download_id parameter to downloads/add_edit_download.asp, (8) Poll_ID parameter to poll/add_edit_poll.asp, (9) contactid parameter to contactus/contactus_add_edit.asp, (10) sortby parameter to poll/poll_list.asp, and (11) unspecified inputs to downloads/add_edit_download.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060322 Re: [SPAM:] - ASPPortal <= 3.1.1 Multiple Remote SQL Injection Vulnerabilities - Email has different SMTP TO: and MIME TO: fields in the email addresses", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1431.html" + }, + { + "name": "24091", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24091" + }, + { + "name": "19286", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19286" + }, + { + "name": "24092", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24092" + }, + { + "name": "24090", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24090" + }, + { + "name": "http://www.nukedx.com/?viewdoc=21", + "refsource": "MISC", + "url": "http://www.nukedx.com/?viewdoc=21" + }, + { + "name": "24086", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24086" + }, + { + "name": "aspportal-multiple-aspscripts-sql-injection(25346)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25346" + }, + { + "name": "608", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/608" + }, + { + "name": "24085", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24085" + }, + { + "name": "20060321 ASPPortal <= 3.1.1 Multiple Remote SQL Injection Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/428355/100/0/threaded" + }, + { + "name": "20060322 Re: [SPAM:] - ASPPortal <= 3.1.1 Multiple Remote SQL Injection Vulnerabilities - Email has different SMTP TO: and MIME TO: fields in the email addresses", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/428615/100/0/threaded" + }, + { + "name": "24084", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24084" + }, + { + "name": "17174", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17174" + }, + { + "name": "ADV-2006-1014", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1014" + }, + { + "name": "24020", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24020" + }, + { + "name": "24087", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24087" + }, + { + "name": "24088", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24088" + }, + { + "name": "24089", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24089" + }, + { + "name": "1597", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1597" + }, + { + "name": "20060321 ASPPortal <= 3.1.1 Multiple Remote SQL Injection Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1402.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1459.json b/2006/1xxx/CVE-2006-1459.json index 4f5edadc451..0a51260658a 100644 --- a/2006/1xxx/CVE-2006-1459.json +++ b/2006/1xxx/CVE-2006-1459.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1459", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in Apple QuickTime before 7.1 allow remote attackers to cause a denial of service or execute arbitrary code via a crafted QuickTime movie (.MOV)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1459", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060512 Apple QuickDraw/QuickTime Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/433831/100/0/threaded" - }, - { - "name" : "APPLE-SA-2006-05-11", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/May/msg00002.html" - }, - { - "name" : "TA06-132B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-132B.html" - }, - { - "name" : "17953", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17953" - }, - { - "name" : "ADV-2006-1778", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1778" - }, - { - "name" : "1016067", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016067" - }, - { - "name" : "20069", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20069" - }, - { - "name" : "887", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/887" - }, - { - "name" : "quicktime-mov-overflow(26392)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26392" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in Apple QuickTime before 7.1 allow remote attackers to cause a denial of service or execute arbitrary code via a crafted QuickTime movie (.MOV)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20069", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20069" + }, + { + "name": "APPLE-SA-2006-05-11", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/May/msg00002.html" + }, + { + "name": "1016067", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016067" + }, + { + "name": "TA06-132B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-132B.html" + }, + { + "name": "quicktime-mov-overflow(26392)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26392" + }, + { + "name": "887", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/887" + }, + { + "name": "17953", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17953" + }, + { + "name": "ADV-2006-1778", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1778" + }, + { + "name": "20060512 Apple QuickDraw/QuickTime Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/433831/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4420.json b/2006/4xxx/CVE-2006-4420.json index af03756b970..348fa92ec36 100644 --- a/2006/4xxx/CVE-2006-4420.json +++ b/2006/4xxx/CVE-2006-4420.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4420", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in include_lang.php in Phaos 0.9.2 allows remote attackers to include arbitrary local files via \"..\" sequences in the lang parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4420", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2253", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2253" - }, - { - "name" : "19710", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19710" - }, - { - "name" : "phaos-includelang-file-include(28565)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28565" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in include_lang.php in Phaos 0.9.2 allows remote attackers to include arbitrary local files via \"..\" sequences in the lang parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2253", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2253" + }, + { + "name": "19710", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19710" + }, + { + "name": "phaos-includelang-file-include(28565)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28565" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4486.json b/2006/4xxx/CVE-2006-4486.json index 90de6a09843..dca6cfecfd9 100644 --- a/2006/4xxx/CVE-2006-4486.json +++ b/2006/4xxx/CVE-2006-4486.json @@ -1,197 +1,197 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4486", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in memory allocation routines in PHP before 5.1.6, when running on a 64-bit system, allows context-dependent attackers to bypass the memory_limit restriction." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4486", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061005 rPSA-2006-0182-1 php php-mysql php-pgsql", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447866/100/0/threaded" - }, - { - "name" : "http://www.hardened-php.net/hphp/changelog.html#hardening_patch_0.4.14", - "refsource" : "MISC", - "url" : "http://www.hardened-php.net/hphp/changelog.html#hardening_patch_0.4.14" - }, - { - "name" : "http://www.php.net/ChangeLog-5.php#5.1.6", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php#5.1.6" - }, - { - "name" : "http://www.php.net/release_5_1_6.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/release_5_1_6.php" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-683", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-683" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-221.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-221.htm" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-222.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-222.htm" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm" - }, - { - "name" : "DSA-1331", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1331" - }, - { - "name" : "RHSA-2006:0669", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0669.html" - }, - { - "name" : "RHSA-2006:0682", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0682.html" - }, - { - "name" : "RHSA-2006:0688", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2006-0688.html" - }, - { - "name" : "20061001-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc" - }, - { - "name" : "SUSE-SA:2006:052", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_52_php.html" - }, - { - "name" : "TLSA-2006-38", - "refsource" : "TURBO", - "url" : "http://www.turbolinux.com/security/2006/TLSA-2006-38.txt" - }, - { - "name" : "USN-362-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-362-1" - }, - { - "name" : "19582", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19582" - }, - { - "name" : "oval:org.mitre.oval:def:11086", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11086" - }, - { - "name" : "1016984", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016984" - }, - { - "name" : "21546", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21546" - }, - { - "name" : "22004", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22004" - }, - { - "name" : "22069", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22069" - }, - { - "name" : "22225", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22225" - }, - { - "name" : "22440", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22440" - }, - { - "name" : "22538", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22538" - }, - { - "name" : "22487", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22487" - }, - { - "name" : "22331", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22331" - }, - { - "name" : "25945", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25945" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in memory allocation routines in PHP before 5.1.6, when running on a 64-bit system, allows context-dependent attackers to bypass the memory_limit restriction." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016984", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016984" + }, + { + "name": "https://issues.rpath.com/browse/RPL-683", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-683" + }, + { + "name": "RHSA-2006:0669", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0669.html" + }, + { + "name": "oval:org.mitre.oval:def:11086", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11086" + }, + { + "name": "22487", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22487" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-221.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-221.htm" + }, + { + "name": "TLSA-2006-38", + "refsource": "TURBO", + "url": "http://www.turbolinux.com/security/2006/TLSA-2006-38.txt" + }, + { + "name": "RHSA-2006:0688", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2006-0688.html" + }, + { + "name": "http://www.hardened-php.net/hphp/changelog.html#hardening_patch_0.4.14", + "refsource": "MISC", + "url": "http://www.hardened-php.net/hphp/changelog.html#hardening_patch_0.4.14" + }, + { + "name": "USN-362-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-362-1" + }, + { + "name": "19582", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19582" + }, + { + "name": "http://www.php.net/ChangeLog-5.php#5.1.6", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php#5.1.6" + }, + { + "name": "22004", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22004" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-222.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-222.htm" + }, + { + "name": "22538", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22538" + }, + { + "name": "RHSA-2006:0682", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0682.html" + }, + { + "name": "21546", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21546" + }, + { + "name": "22440", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22440" + }, + { + "name": "20061005 rPSA-2006-0182-1 php php-mysql php-pgsql", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447866/100/0/threaded" + }, + { + "name": "DSA-1331", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1331" + }, + { + "name": "22069", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22069" + }, + { + "name": "22225", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22225" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm" + }, + { + "name": "25945", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25945" + }, + { + "name": "22331", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22331" + }, + { + "name": "http://www.php.net/release_5_1_6.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/release_5_1_6.php" + }, + { + "name": "20061001-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc" + }, + { + "name": "SUSE-SA:2006:052", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_52_php.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5112.json b/2006/5xxx/CVE-2006-5112.json index e596d55e75b..dd94ec25fb8 100644 --- a/2006/5xxx/CVE-2006-5112.json +++ b/2006/5xxx/CVE-2006-5112.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5112", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in InterVations NaviCOPA Web Server 2.01 allows remote attackers to execute arbitrary code via a long HTTP GET request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5112", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2445", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2445" - }, - { - "name" : "VU#693992", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/693992" - }, - { - "name" : "20250", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20250" - }, - { - "name" : "ADV-2006-3819", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3819" - }, - { - "name" : "22124", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22124" - }, - { - "name" : "navicopa-http-get-bo(29221)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29221" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in InterVations NaviCOPA Web Server 2.01 allows remote attackers to execute arbitrary code via a long HTTP GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22124", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22124" + }, + { + "name": "navicopa-http-get-bo(29221)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29221" + }, + { + "name": "20250", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20250" + }, + { + "name": "ADV-2006-3819", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3819" + }, + { + "name": "2445", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2445" + }, + { + "name": "VU#693992", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/693992" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5210.json b/2006/5xxx/CVE-2006-5210.json index 983a3b441b3..a0e99fac97a 100644 --- a/2006/5xxx/CVE-2006-5210.json +++ b/2006/5xxx/CVE-2006-5210.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5210", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in IronWebMail before 6.1.1 HotFix-17 allows remote attackers to read arbitrary files via a GET request to the IM_FILE identifier with double-url-encoded \"../\" sequences (\"%252e%252e/\")." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5210", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061013 SYMSA-2006-010: Directory Traversal in IronWebMail", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/448779/100/0/threaded" - }, - { - "name" : "https://supportcenter.ciphertrust.com/vulnerability/IWM501-01.html", - "refsource" : "MISC", - "url" : "https://supportcenter.ciphertrust.com/vulnerability/IWM501-01.html" - }, - { - "name" : "http://www.symantec.com/enterprise/research/SYMSA-2006-010.txt", - "refsource" : "MISC", - "url" : "http://www.symantec.com/enterprise/research/SYMSA-2006-010.txt" - }, - { - "name" : "20436", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20436" - }, - { - "name" : "ADV-2006-4055", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4055" - }, - { - "name" : "1017069", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017069" - }, - { - "name" : "22406", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22406" - }, - { - "name" : "1726", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1726" - }, - { - "name" : "ironwebmail-url-directory-traversal(29620)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29620" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in IronWebMail before 6.1.1 HotFix-17 allows remote attackers to read arbitrary files via a GET request to the IM_FILE identifier with double-url-encoded \"../\" sequences (\"%252e%252e/\")." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://supportcenter.ciphertrust.com/vulnerability/IWM501-01.html", + "refsource": "MISC", + "url": "https://supportcenter.ciphertrust.com/vulnerability/IWM501-01.html" + }, + { + "name": "1017069", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017069" + }, + { + "name": "ADV-2006-4055", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4055" + }, + { + "name": "20436", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20436" + }, + { + "name": "22406", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22406" + }, + { + "name": "ironwebmail-url-directory-traversal(29620)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29620" + }, + { + "name": "20061013 SYMSA-2006-010: Directory Traversal in IronWebMail", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/448779/100/0/threaded" + }, + { + "name": "1726", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1726" + }, + { + "name": "http://www.symantec.com/enterprise/research/SYMSA-2006-010.txt", + "refsource": "MISC", + "url": "http://www.symantec.com/enterprise/research/SYMSA-2006-010.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2878.json b/2010/2xxx/CVE-2010-2878.json index 7f4c5e1ecc7..ac250722bcd 100644 --- a/2010/2xxx/CVE-2010-2878.json +++ b/2010/2xxx/CVE-2010-2878.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2878", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly validate a value associated with a buffer seek for a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-2878", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100824 TPTI-10-10: Adobe Shockwave tSAC Chunk Invalid Seek Memory Corruption Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/513298/100/0/threaded" - }, - { - "name" : "http://dvlabs.tippingpoint.com/advisory/TPTI-10-10", - "refsource" : "MISC", - "url" : "http://dvlabs.tippingpoint.com/advisory/TPTI-10-10" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-20.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-20.html" - }, - { - "name" : "oval:org.mitre.oval:def:11883", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11883" - }, - { - "name" : "1024361", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024361" - }, - { - "name" : "ADV-2010-2176", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2176" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly validate a value associated with a buffer seek for a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024361", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024361" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-20.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html" + }, + { + "name": "20100824 TPTI-10-10: Adobe Shockwave tSAC Chunk Invalid Seek Memory Corruption Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/513298/100/0/threaded" + }, + { + "name": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-10", + "refsource": "MISC", + "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-10" + }, + { + "name": "oval:org.mitre.oval:def:11883", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11883" + }, + { + "name": "ADV-2010-2176", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2176" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2984.json b/2010/2xxx/CVE-2010-2984.json index 89efa743b0f..8faed896032 100644 --- a/2010/2xxx/CVE-2010-2984.json +++ b/2010/2xxx/CVE-2010-2984.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2984", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 4404 series controllers does not properly implement the WEBAUTH_REQD state, which allows remote attackers to bypass intended access restrictions via WLAN traffic, aka Bug ID CSCtb75305." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2984", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 4404 series controllers does not properly implement the WEBAUTH_REQD state, which allows remote attackers to bypass intended access restrictions via WLAN traffic, aka Bug ID CSCtb75305." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3258.json b/2010/3xxx/CVE-2010-3258.json index 019accd1d0b..e8391c0a46a 100644 --- a/2010/3xxx/CVE-2010-3258.json +++ b/2010/3xxx/CVE-2010-3258.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3258", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sandbox implementation in Google Chrome before 6.0.472.53 does not properly deserialize parameters, which has unspecified impact and remote attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3258", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=52682", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=52682" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html" - }, - { - "name" : "oval:org.mitre.oval:def:12133", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12133" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sandbox implementation in Google Chrome before 6.0.472.53 does not properly deserialize parameters, which has unspecified impact and remote attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/chromium/issues/detail?id=52682", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=52682" + }, + { + "name": "oval:org.mitre.oval:def:12133", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12133" + }, + { + "name": "http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3504.json b/2010/3xxx/CVE-2010-3504.json index 58986c69854..9f21fb19382 100644 --- a/2010/3xxx/CVE-2010-3504.json +++ b/2010/3xxx/CVE-2010-3504.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3504", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-3504", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - }, - { - "name" : "TA10-287A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + }, + { + "name": "TA10-287A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3766.json b/2010/3xxx/CVE-2010-3766.json index 9d956a36503..21a04bb2499 100644 --- a/2010/3xxx/CVE-2010-3766.json +++ b/2010/3xxx/CVE-2010-3766.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3766", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via vectors involving a change to an nsDOMAttribute node." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3766", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-264/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-264/" - }, - { - "name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-80.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-80.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=590771", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=590771" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100124650", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100124650" - }, - { - "name" : "FEDORA-2010-18773", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html" - }, - { - "name" : "FEDORA-2010-18775", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html" - }, - { - "name" : "FEDORA-2010-18890", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html" - }, - { - "name" : "FEDORA-2010-18920", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html" - }, - { - "name" : "MDVSA-2010:251", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:251" - }, - { - "name" : "RHSA-2010:0966", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0966.html" - }, - { - "name" : "SUSE-SA:2011:003", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html" - }, - { - "name" : "USN-1019-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1019-1" - }, - { - "name" : "45326", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45326" - }, - { - "name" : "oval:org.mitre.oval:def:12649", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12649" - }, - { - "name" : "1024848", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024848" - }, - { - "name" : "42716", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42716" - }, - { - "name" : "42818", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42818" - }, - { - "name" : "ADV-2011-0030", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0030" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via vectors involving a change to an nsDOMAttribute node." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2011:003", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html" + }, + { + "name": "FEDORA-2010-18775", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html" + }, + { + "name": "MDVSA-2010:251", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:251" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100124650", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100124650" + }, + { + "name": "RHSA-2010:0966", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0966.html" + }, + { + "name": "USN-1019-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1019-1" + }, + { + "name": "42818", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42818" + }, + { + "name": "45326", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45326" + }, + { + "name": "oval:org.mitre.oval:def:12649", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12649" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-264/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-264/" + }, + { + "name": "1024848", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024848" + }, + { + "name": "FEDORA-2010-18920", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html" + }, + { + "name": "ADV-2011-0030", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0030" + }, + { + "name": "FEDORA-2010-18890", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-80.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-80.html" + }, + { + "name": "42716", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42716" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=590771", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=590771" + }, + { + "name": "FEDORA-2010-18773", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4140.json b/2010/4xxx/CVE-2010-4140.json index 77eb9d5e213..9d0c9260626 100644 --- a/2010/4xxx/CVE-2010-4140.json +++ b/2010/4xxx/CVE-2010-4140.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4140", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-4140", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4401.json b/2010/4xxx/CVE-2010-4401.json index 69c339c6dc1..6d53c84461e 100644 --- a/2010/4xxx/CVE-2010-4401.json +++ b/2010/4xxx/CVE-2010-4401.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4401", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "languages.inc.php in DynPG CMS 4.2.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4401", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15646", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15646" - }, - { - "name" : "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt" - }, - { - "name" : "http://www.htbridge.ch/advisory/path_disclosure_in_dynpg.html", - "refsource" : "MISC", - "url" : "http://www.htbridge.ch/advisory/path_disclosure_in_dynpg.html" - }, - { - "name" : "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update&read_article=226", - "refsource" : "CONFIRM", - "url" : "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update&read_article=226" - }, - { - "name" : "69632", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/69632" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "languages.inc.php in DynPG CMS 4.2.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update&read_article=226", + "refsource": "CONFIRM", + "url": "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update&read_article=226" + }, + { + "name": "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt" + }, + { + "name": "http://www.htbridge.ch/advisory/path_disclosure_in_dynpg.html", + "refsource": "MISC", + "url": "http://www.htbridge.ch/advisory/path_disclosure_in_dynpg.html" + }, + { + "name": "15646", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15646" + }, + { + "name": "69632", + "refsource": "OSVDB", + "url": "http://osvdb.org/69632" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4523.json b/2010/4xxx/CVE-2010-4523.json index 2b619e168dd..1fd1b62702a 100644 --- a/2010/4xxx/CVE-2010-4523.json +++ b/2010/4xxx/CVE-2010-4523.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4523", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 and earlier allow physically proximate attackers to execute arbitrary code via a long serial-number field on a smart card, related to (1) card-acos5.c, (2) card-atrust-acos.c, and (3) card-starcos.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-4523", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20101221 CVE request: opensc buffer overflow", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/12/21/2" - }, - { - "name" : "[oss-security] 20101222 Re: CVE request: opensc buffer overflow", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/12/22/3" - }, - { - "name" : "http://labs.mwrinfosecurity.com/files/Advisories/mwri_opensc-get-serial-buffer-overflow_2010-12-13.pdf", - "refsource" : "MISC", - "url" : "http://labs.mwrinfosecurity.com/files/Advisories/mwri_opensc-get-serial-buffer-overflow_2010-12-13.pdf" - }, - { - "name" : "http://www.h-online.com/open/news/item/When-a-smart-card-can-root-your-computer-1154829.html", - "refsource" : "MISC", - "url" : "http://www.h-online.com/open/news/item/When-a-smart-card-can-root-your-computer-1154829.html" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607427", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607427" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=664831", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=664831" - }, - { - "name" : "https://www.opensc-project.org/opensc/changeset/4913", - "refsource" : "CONFIRM", - "url" : "https://www.opensc-project.org/opensc/changeset/4913" - }, - { - "name" : "FEDORA-2010-19192", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052796.html" - }, - { - "name" : "FEDORA-2010-19193", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052777.html" - }, - { - "name" : "MDVSA-2011:011", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:011" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "45435", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45435" - }, - { - "name" : "42658", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42658" - }, - { - "name" : "42807", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42807" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2011-0009", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0009" - }, - { - "name" : "ADV-2011-0109", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0109" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 and earlier allow physically proximate attackers to execute arbitrary code via a long serial-number field on a smart card, related to (1) card-acos5.c, (2) card-atrust-acos.c, and (3) card-starcos.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.h-online.com/open/news/item/When-a-smart-card-can-root-your-computer-1154829.html", + "refsource": "MISC", + "url": "http://www.h-online.com/open/news/item/When-a-smart-card-can-root-your-computer-1154829.html" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "[oss-security] 20101222 Re: CVE request: opensc buffer overflow", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/12/22/3" + }, + { + "name": "https://www.opensc-project.org/opensc/changeset/4913", + "refsource": "CONFIRM", + "url": "https://www.opensc-project.org/opensc/changeset/4913" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607427", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607427" + }, + { + "name": "MDVSA-2011:011", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:011" + }, + { + "name": "FEDORA-2010-19193", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052777.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=664831", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=664831" + }, + { + "name": "42807", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42807" + }, + { + "name": "http://labs.mwrinfosecurity.com/files/Advisories/mwri_opensc-get-serial-buffer-overflow_2010-12-13.pdf", + "refsource": "MISC", + "url": "http://labs.mwrinfosecurity.com/files/Advisories/mwri_opensc-get-serial-buffer-overflow_2010-12-13.pdf" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "ADV-2011-0109", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0109" + }, + { + "name": "42658", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42658" + }, + { + "name": "ADV-2011-0009", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0009" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483" + }, + { + "name": "FEDORA-2010-19192", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052796.html" + }, + { + "name": "[oss-security] 20101221 CVE request: opensc buffer overflow", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/12/21/2" + }, + { + "name": "45435", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45435" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4924.json b/2010/4xxx/CVE-2010-4924.json index 3871f90ed78..3eb911ecbdd 100644 --- a/2010/4xxx/CVE-2010-4924.json +++ b/2010/4xxx/CVE-2010-4924.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4924", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** PHP remote file inclusion vulnerability in logic/controller.class.php in clearBudget 0.9.8 allows remote attackers to execute arbitrary PHP code via a URL in the actionPath parameter. NOTE: this issue has been disputed by a reliable third party." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4924", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14614", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14614" - }, - { - "name" : "[vim] 20100811 clearBudget v0.9.8 Remote File Include Vulnerability", - "refsource" : "MLIST", - "url" : "http://attrition.org/pipermail/vim/2010-August/002388.html" - }, - { - "name" : "42351", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42351" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** PHP remote file inclusion vulnerability in logic/controller.class.php in clearBudget 0.9.8 allows remote attackers to execute arbitrary PHP code via a URL in the actionPath parameter. NOTE: this issue has been disputed by a reliable third party." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14614", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14614" + }, + { + "name": "[vim] 20100811 clearBudget v0.9.8 Remote File Include Vulnerability", + "refsource": "MLIST", + "url": "http://attrition.org/pipermail/vim/2010-August/002388.html" + }, + { + "name": "42351", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42351" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4982.json b/2010/4xxx/CVE-2010-4982.json index 0b1763cbcfd..cb6696a240a 100644 --- a/2010/4xxx/CVE-2010-4982.json +++ b/2010/4xxx/CVE-2010-4982.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4982", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in address_book/contacts.php in My Kazaam Address & Contact Organizer allows remote attackers to execute arbitrary SQL commands via the var1 parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4982", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14326", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14326" - }, - { - "name" : "ADV-2010-1785", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1785" - }, - { - "name" : "aco-contacts-sql-injection(60269)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60269" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in address_book/contacts.php in My Kazaam Address & Contact Organizer allows remote attackers to execute arbitrary SQL commands via the var1 parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "aco-contacts-sql-injection(60269)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60269" + }, + { + "name": "ADV-2010-1785", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1785" + }, + { + "name": "14326", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14326" + } + ] + } +} \ No newline at end of file diff --git a/2014/10xxx/CVE-2014-10041.json b/2014/10xxx/CVE-2014-10041.json index 0a331fc6518..576c8c360cc 100644 --- a/2014/10xxx/CVE-2014-10041.json +++ b/2014/10xxx/CVE-2014-10041.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-10041", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-10041", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3210.json b/2014/3xxx/CVE-2014-3210.json index d308c81bc19..e54a663440b 100644 --- a/2014/3xxx/CVE-2014-3210.json +++ b/2014/3xxx/CVE-2014-3210.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3210", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in dopbs-backend-forms.php in the Booking System (Booking Calendar) plugin before 1.3 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the booking_form_id parameter to wp-admin/admin-ajax.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3210", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140521 Wordpress Booking System (Booking Calendar) plugin SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/532168/100/0/threaded" - }, - { - "name" : "http://wordpress.org/plugins/booking-system/changelog", - "refsource" : "MISC", - "url" : "http://wordpress.org/plugins/booking-system/changelog" - }, - { - "name" : "http://packetstormsecurity.com/files/126762/WordPress-Booking-System-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/126762/WordPress-Booking-System-SQL-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in dopbs-backend-forms.php in the Booking System (Booking Calendar) plugin before 1.3 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the booking_form_id parameter to wp-admin/admin-ajax.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/126762/WordPress-Booking-System-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/126762/WordPress-Booking-System-SQL-Injection.html" + }, + { + "name": "http://wordpress.org/plugins/booking-system/changelog", + "refsource": "MISC", + "url": "http://wordpress.org/plugins/booking-system/changelog" + }, + { + "name": "20140521 Wordpress Booking System (Booking Calendar) plugin SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/532168/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3327.json b/2014/3xxx/CVE-2014-3327.json index 226a1aaf416..82d4dc19671 100644 --- a/2014/3xxx/CVE-2014-3327.json +++ b/2014/3xxx/CVE-2014-3327.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3327", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The EnergyWise module in Cisco IOS 12.2, 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.2.xXO, 3.3.xSG, 3.4.xSG, and 3.5.xE before 3.5.3E allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 packet, aka Bug ID CSCup52101." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3327", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140806 Cisco IOS Software and Cisco IOS XE Software EnergyWise Crafted Packet Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140806-energywise" - }, - { - "name" : "69066", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69066" - }, - { - "name" : "1030682", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030682" - }, - { - "name" : "60650", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60650" - }, - { - "name" : "ciscoios-xe-cve20143327-dos(95137)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95137" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The EnergyWise module in Cisco IOS 12.2, 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.2.xXO, 3.3.xSG, 3.4.xSG, and 3.5.xE before 3.5.3E allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 packet, aka Bug ID CSCup52101." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "60650", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60650" + }, + { + "name": "20140806 Cisco IOS Software and Cisco IOS XE Software EnergyWise Crafted Packet Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140806-energywise" + }, + { + "name": "1030682", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030682" + }, + { + "name": "ciscoios-xe-cve20143327-dos(95137)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95137" + }, + { + "name": "69066", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69066" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3554.json b/2014/3xxx/CVE-2014-3554.json index fa96689862b..9c7e96d2af6 100644 --- a/2014/3xxx/CVE-2014-3554.json +++ b/2014/3xxx/CVE-2014-3554.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3554", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the ndp_msg_opt_dnssl_domain function in libndp allows remote routers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS Search List (DNSSL) in an IPv6 router advertisement." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3554", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140729 CVE-2014-3554: libndp buffer overflow", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/07/29/2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1118583", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1118583" - }, - { - "name" : "68945", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68945" - }, - { - "name" : "libndp-cve20143554-bo(94927)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94927" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the ndp_msg_opt_dnssl_domain function in libndp allows remote routers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS Search List (DNSSL) in an IPv6 router advertisement." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140729 CVE-2014-3554: libndp buffer overflow", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/07/29/2" + }, + { + "name": "libndp-cve20143554-bo(94927)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94927" + }, + { + "name": "68945", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68945" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1118583", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1118583" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3795.json b/2014/3xxx/CVE-2014-3795.json index 9881c814ffe..a0c56172c49 100644 --- a/2014/3xxx/CVE-2014-3795.json +++ b/2014/3xxx/CVE-2014-3795.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3795", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-3795", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4269.json b/2014/4xxx/CVE-2014-4269.json index 8b7f2c9b987..ce8911d5bbd 100644 --- a/2014/4xxx/CVE-2014-4269.json +++ b/2014/4xxx/CVE-2014-4269.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4269", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote authenticated users to affect confidentiality via unknown vectors related to User Interface, a different vulnerability than CVE-2014-4270." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-4269", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded" - }, - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/23" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" - }, - { - "name" : "68577", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68577" - }, - { - "name" : "1030579", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030579" - }, - { - "name" : "59289", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59289" - }, - { - "name" : "oracle-cpujul2014-cve20144269(94566)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94566" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote authenticated users to affect confidentiality via unknown vectors related to User Interface, a different vulnerability than CVE-2014-4270." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" + }, + { + "name": "1030579", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030579" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" + }, + { + "name": "oracle-cpujul2014-cve20144269(94566)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94566" + }, + { + "name": "59289", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59289" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/23" + }, + { + "name": "68577", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68577" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4476.json b/2014/4xxx/CVE-2014-4476.json index cff7bcffeb7..ec8b2a9960e 100644 --- a/2014/4xxx/CVE-2014-4476.json +++ b/2014/4xxx/CVE-2014-4476.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4476", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4477 and CVE-2014-4479." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4476", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/HT204243", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204243" - }, - { - "name" : "http://support.apple.com/HT204245", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204245" - }, - { - "name" : "http://support.apple.com/HT204246", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204246" - }, - { - "name" : "https://support.apple.com/kb/HT204949", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT204949" - }, - { - "name" : "APPLE-SA-2015-01-27-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html" - }, - { - "name" : "APPLE-SA-2015-01-27-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-01-27-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00002.html" - }, - { - "name" : "APPLE-SA-2015-06-30-6", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html" - }, - { - "name" : "72329", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72329" - }, - { - "name" : "1031647", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031647" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4477 and CVE-2014-4479." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031647", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031647" + }, + { + "name": "http://support.apple.com/HT204245", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204245" + }, + { + "name": "http://support.apple.com/HT204246", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204246" + }, + { + "name": "APPLE-SA-2015-06-30-6", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html" + }, + { + "name": "http://support.apple.com/HT204243", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204243" + }, + { + "name": "APPLE-SA-2015-01-27-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html" + }, + { + "name": "APPLE-SA-2015-01-27-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00002.html" + }, + { + "name": "https://support.apple.com/kb/HT204949", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT204949" + }, + { + "name": "72329", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72329" + }, + { + "name": "APPLE-SA-2015-01-27-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8180.json b/2014/8xxx/CVE-2014-8180.json index 9b2bad2b38d..d566b7333ff 100644 --- a/2014/8xxx/CVE-2014-8180.json +++ b/2014/8xxx/CVE-2014-8180.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8180", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-8180", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.2/html/installation_guide/preparing_your_environment_for_installation#restricting_access_to_mongod", - "refsource" : "CONFIRM", - "url" : "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.2/html/installation_guide/preparing_your_environment_for_installation#restricting_access_to_mongod" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1301703", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1301703" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.2/html/installation_guide/preparing_your_environment_for_installation#restricting_access_to_mongod", + "refsource": "CONFIRM", + "url": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.2/html/installation_guide/preparing_your_environment_for_installation#restricting_access_to_mongod" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1301703", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301703" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8363.json b/2014/8xxx/CVE-2014-8363.json index b65c554997b..4327d15ff7f 100644 --- a/2014/8xxx/CVE-2014-8363.json +++ b/2014/8xxx/CVE-2014-8363.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8363", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in ss_handler.php in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8363", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/127771/WordPress-WPSS-0.62-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127771/WordPress-WPSS-0.62-SQL-Injection.html" - }, - { - "name" : "69089", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69089" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in ss_handler.php in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/127771/WordPress-WPSS-0.62-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127771/WordPress-WPSS-0.62-SQL-Injection.html" + }, + { + "name": "69089", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69089" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8376.json b/2014/8xxx/CVE-2014-8376.json index d24b3905e17..150a6f96fab 100644 --- a/2014/8xxx/CVE-2014-8376.json +++ b/2014/8xxx/CVE-2014-8376.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8376", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the context administration sub-panel in the Site Banner module before 7.x-4.1 for Drupal allows remote authenticated users with the \"Administer contexts\" Context UI module permission to inject arbitrary web script or HTML via vectors related to context settings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8376", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.drupal.org/node/2324689", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2324689" - }, - { - "name" : "https://www.drupal.org/node/2324303", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2324303" - }, - { - "name" : "69343", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69343" - }, - { - "name" : "60758", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60758" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the context administration sub-panel in the Site Banner module before 7.x-4.1 for Drupal allows remote authenticated users with the \"Administer contexts\" Context UI module permission to inject arbitrary web script or HTML via vectors related to context settings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "60758", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60758" + }, + { + "name": "https://www.drupal.org/node/2324303", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2324303" + }, + { + "name": "https://www.drupal.org/node/2324689", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2324689" + }, + { + "name": "69343", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69343" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9441.json b/2014/9xxx/CVE-2014-9441.json index 3b2a3da63a0..66f96aa90ca 100644 --- a/2014/9xxx/CVE-2014-9441.json +++ b/2014/9xxx/CVE-2014-9441.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9441", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the Lightbox Photo Gallery plugin 1.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) ll__opt[image2_url] or (3) ll__opt[image3_url] parameter in a ll_save_settings action to wp-admin/admin-ajax.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9441", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/129507", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129507" - }, - { - "name" : "lightboxphoto-wordpress-multiple-csrf(99490)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99490" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Lightbox Photo Gallery plugin 1.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) ll__opt[image2_url] or (3) ll__opt[image3_url] parameter in a ll_save_settings action to wp-admin/admin-ajax.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "lightboxphoto-wordpress-multiple-csrf(99490)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99490" + }, + { + "name": "http://packetstormsecurity.com/files/129507", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129507" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9469.json b/2014/9xxx/CVE-2014-9469.json index 89e3d53163c..558c6b28957 100644 --- a/2014/9xxx/CVE-2014-9469.json +++ b/2014/9xxx/CVE-2014-9469.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9469", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in vBulletin 3.5.4, 3.6.0, 3.6.7, 3.8.7, 4.2.2, 5.0.5, and 5.1.3." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9469", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150212 CVE-2014-9469 vBulletin XSS (Cross-Site Scripting) Security Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Feb/49" - }, - { - "name" : "http://packetstormsecurity.com/files/130393/vBulletin-5.1.3-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130393/vBulletin-5.1.3-Cross-Site-Scripting.html" - }, - { - "name" : "72592", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72592" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in vBulletin 3.5.4, 3.6.0, 3.6.7, 3.8.7, 4.2.2, 5.0.5, and 5.1.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "72592", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72592" + }, + { + "name": "http://packetstormsecurity.com/files/130393/vBulletin-5.1.3-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130393/vBulletin-5.1.3-Cross-Site-Scripting.html" + }, + { + "name": "20150212 CVE-2014-9469 vBulletin XSS (Cross-Site Scripting) Security Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Feb/49" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9487.json b/2014/9xxx/CVE-2014-9487.json index 9ee740af349..9aee56a7e04 100644 --- a/2014/9xxx/CVE-2014-9487.json +++ b/2014/9xxx/CVE-2014-9487.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9487", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The getid3 library in MediaWiki before 1.24.1, 1.23.8, 1.22.15 and 1.19.23 allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. NOTE: Related to CVE-2014-2053." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2014-9487", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[MediaWiki-announce] 20141217 MediaWiki Security and Maintenance Releases: 1.24.1, 1.23.8, 1.22.15 and 1.19.23", - "refsource" : "MLIST", - "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html" - }, - { - "name" : "[oss-security] 20150103 Re: CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/01/03/13" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1175828", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1175828" - }, - { - "name" : "GLSA-201502-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201502-04" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The getid3 library in MediaWiki before 1.24.1, 1.23.8, 1.22.15 and 1.19.23 allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. NOTE: Related to CVE-2014-2053." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150103 Re: CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13" + }, + { + "name": "GLSA-201502-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201502-04" + }, + { + "name": "[MediaWiki-announce] 20141217 MediaWiki Security and Maintenance Releases: 1.24.1, 1.23.8, 1.22.15 and 1.19.23", + "refsource": "MLIST", + "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1175828", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1175828" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9634.json b/2014/9xxx/CVE-2014-9634.json index 7a7b0cd642d..d2c7d7f8fa8 100644 --- a/2014/9xxx/CVE-2014-9634.json +++ b/2014/9xxx/CVE-2014-9634.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9634", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Jenkins before 1.586 does not set the secure flag on session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to capture cookies by intercepting their transmission within an HTTP session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-9634", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150122 Re: ping on CVE Request for jenkins-tomcat: Secure and HttpOnly flags are not, set for cookies with Jenkins on Tomcat", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/01/22/3" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769682", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769682" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1185148", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1185148" - }, - { - "name" : "https://github.com/jenkinsci/jenkins/commit/582128b9ac179a788d43c1478be8a5224dc19710", - "refsource" : "CONFIRM", - "url" : "https://github.com/jenkinsci/jenkins/commit/582128b9ac179a788d43c1478be8a5224dc19710" - }, - { - "name" : "https://issues.jenkins-ci.org/browse/JENKINS-25019", - "refsource" : "CONFIRM", - "url" : "https://issues.jenkins-ci.org/browse/JENKINS-25019" - }, - { - "name" : "https://jenkins.io/changelog-old/", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/changelog-old/" - }, - { - "name" : "72054", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72054" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins before 1.586 does not set the secure flag on session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to capture cookies by intercepting their transmission within an HTTP session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150122 Re: ping on CVE Request for jenkins-tomcat: Secure and HttpOnly flags are not, set for cookies with Jenkins on Tomcat", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/01/22/3" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1185148", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185148" + }, + { + "name": "https://jenkins.io/changelog-old/", + "refsource": "CONFIRM", + "url": "https://jenkins.io/changelog-old/" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769682", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769682" + }, + { + "name": "https://issues.jenkins-ci.org/browse/JENKINS-25019", + "refsource": "CONFIRM", + "url": "https://issues.jenkins-ci.org/browse/JENKINS-25019" + }, + { + "name": "https://github.com/jenkinsci/jenkins/commit/582128b9ac179a788d43c1478be8a5224dc19710", + "refsource": "CONFIRM", + "url": "https://github.com/jenkinsci/jenkins/commit/582128b9ac179a788d43c1478be8a5224dc19710" + }, + { + "name": "72054", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72054" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9639.json b/2014/9xxx/CVE-2014-9639.json index f2d94eab07e..b3349ddf119 100644 --- a/2014/9xxx/CVE-2014-9639.json +++ b/2014/9xxx/CVE-2014-9639.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9639", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-9639", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150119 vorbis-tools issues", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jan/78" - }, - { - "name" : "[oss-security] 20150121 CVE request: two issues in vorbis-tools", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/01/21/5" - }, - { - "name" : "[oss-security] 20150122 Re: CVE request: two issues in vorbis-tools", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/01/22/9" - }, - { - "name" : "https://trac.xiph.org/ticket/2136", - "refsource" : "MISC", - "url" : "https://trac.xiph.org/ticket/2136" - }, - { - "name" : "FEDORA-2015-2330", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150570.html" - }, - { - "name" : "FEDORA-2015-2335", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150543.html" - }, - { - "name" : "openSUSE-SU-2015:0522", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-03/msg00054.html" - }, - { - "name" : "72295", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72295" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "72295", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72295" + }, + { + "name": "[oss-security] 20150121 CVE request: two issues in vorbis-tools", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/01/21/5" + }, + { + "name": "FEDORA-2015-2335", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150543.html" + }, + { + "name": "[oss-security] 20150122 Re: CVE request: two issues in vorbis-tools", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/01/22/9" + }, + { + "name": "openSUSE-SU-2015:0522", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00054.html" + }, + { + "name": "20150119 vorbis-tools issues", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jan/78" + }, + { + "name": "https://trac.xiph.org/ticket/2136", + "refsource": "MISC", + "url": "https://trac.xiph.org/ticket/2136" + }, + { + "name": "FEDORA-2015-2330", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150570.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9892.json b/2014/9xxx/CVE-2014-9892.json index e2e119c20ce..ba77a8c3ec4 100644 --- a/2014/9xxx/CVE-2014-9892.json +++ b/2014/9xxx/CVE-2014-9892.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9892", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28770164 and Qualcomm internal bug CR568717." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2014-9892", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-08-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-08-01.html" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=591b1f455c32206704cbcf426bb30911c260c33e", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=591b1f455c32206704cbcf426bb30911c260c33e" - }, - { - "name" : "92222", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92222" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28770164 and Qualcomm internal bug CR568717." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-08-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-08-01.html" + }, + { + "name": "92222", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92222" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=591b1f455c32206704cbcf426bb30911c260c33e", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=591b1f455c32206704cbcf426bb30911c260c33e" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2028.json b/2016/2xxx/CVE-2016-2028.json index 0a4c021830c..6d3711de1d6 100644 --- a/2016/2xxx/CVE-2016-2028.json +++ b/2016/2xxx/CVE-2016-2028.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2028", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4357." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2028", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4357." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2467.json b/2016/2xxx/CVE-2016-2467.json index 1cee2c43537..1fe41f6b504 100644 --- a/2016/2xxx/CVE-2016-2467.json +++ b/2016/2xxx/CVE-2016-2467.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2467", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Qualcomm sound driver in Android before 2016-06-01 on Nexus 5 devices allows attackers to gain privileges via a crafted application, aka internal bug 28029010." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-2467", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-06-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-06-01.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Qualcomm sound driver in Android before 2016-06-01 on Nexus 5 devices allows attackers to gain privileges via a crafted application, aka internal bug 28029010." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-06-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-06-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2633.json b/2016/2xxx/CVE-2016-2633.json index 5f9f059cc8a..1aea797d5ad 100644 --- a/2016/2xxx/CVE-2016-2633.json +++ b/2016/2xxx/CVE-2016-2633.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2633", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2633", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2764.json b/2016/2xxx/CVE-2016-2764.json index f21c2b682ee..bd849db892c 100644 --- a/2016/2xxx/CVE-2016-2764.json +++ b/2016/2xxx/CVE-2016-2764.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2764", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2764", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3037.json b/2016/3xxx/CVE-2016-3037.json index 8cf8945e4cd..d74b86334cc 100644 --- a/2016/3xxx/CVE-2016-3037.json +++ b/2016/3xxx/CVE-2016-3037.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-3037", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cognos TM1", - "version" : { - "version_data" : [ - { - "version_value" : "10.1" - }, - { - "version_value" : "10.1.1" - }, - { - "version_value" : "10.2.0.2" - }, - { - "version_value" : "10.2.2" - }, - { - "version_value" : "10.1.1.2" - }, - { - "version_value" : "10.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Cognos TM1 10.1 and 10.2 provides a service to return the victim's password with a valid session key. An authenticated attacker with user interaction could obtain this sensitive information. IBM X-Force ID: 114613." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-3037", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cognos TM1", + "version": { + "version_data": [ + { + "version_value": "10.1" + }, + { + "version_value": "10.1.1" + }, + { + "version_value": "10.2.0.2" + }, + { + "version_value": "10.2.2" + }, + { + "version_value": "10.1.1.2" + }, + { + "version_value": "10.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21999649", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21999649" - }, - { - "name" : "97917", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Cognos TM1 10.1 and 10.2 provides a service to return the victim's password with a valid session key. An authenticated attacker with user interaction could obtain this sensitive information. IBM X-Force ID: 114613." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21999649", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21999649" + }, + { + "name": "97917", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97917" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3903.json b/2016/3xxx/CVE-2016-3903.json index 86017198771..e0895eaa40f 100644 --- a/2016/3xxx/CVE-2016-3903.json +++ b/2016/3xxx/CVE-2016-3903.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3903", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm camera driver in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29513227 and Qualcomm internal bug CR 1040857." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3903", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-10-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-10-01.html" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=b8874573428e8ce024f57c6242d662fcca5e5d55", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=b8874573428e8ce024f57c6242d662fcca5e5d55" - }, - { - "name" : "93322", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93322" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm camera driver in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29513227 and Qualcomm internal bug CR 1040857." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-10-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-10-01.html" + }, + { + "name": "93322", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93322" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=b8874573428e8ce024f57c6242d662fcca5e5d55", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=b8874573428e8ce024f57c6242d662fcca5e5d55" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6033.json b/2016/6xxx/CVE-2016-6033.json index 0a0f2e6175c..c3d2a573536 100644 --- a/2016/6xxx/CVE-2016-6033.json +++ b/2016/6xxx/CVE-2016-6033.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-6033", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Tivoli Storage Manager for Virtual Environments", - "version" : { - "version_data" : [ - { - "version_value" : "6.3" - }, - { - "version_value" : "6.4" - }, - { - "version_value" : "7.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1995545." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-6033", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Tivoli Storage Manager for Virtual Environments", + "version": { + "version_data": [ + { + "version_value": "6.3" + }, + { + "version_value": "6.4" + }, + { + "version_value": "7.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21995545", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21995545" - }, - { - "name" : "95102", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95102" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1995545." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95102", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95102" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21995545", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21995545" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6391.json b/2016/6xxx/CVE-2016-6391.json index 8a70498ef94..c06115eea77 100644 --- a/2016/6xxx/CVE-2016-6391.json +++ b/2016/6xxx/CVE-2016-6391.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6391", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS 12.2 and 15.0 through 15.3 allows remote attackers to cause a denial of service (traffic-processing outage) via a crafted series of Common Industrial Protocol (CIP) requests, aka Bug ID CSCur69036." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6391", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160928 Cisco IOS Software Common Industrial Protocol Request Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-cip" - }, - { - "name" : "93197", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93197" - }, - { - "name" : "1036914", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036914" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS 12.2 and 15.0 through 15.3 allows remote attackers to cause a denial of service (traffic-processing outage) via a crafted series of Common Industrial Protocol (CIP) requests, aka Bug ID CSCur69036." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036914", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036914" + }, + { + "name": "93197", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93197" + }, + { + "name": "20160928 Cisco IOS Software Common Industrial Protocol Request Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-cip" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6907.json b/2016/6xxx/CVE-2016-6907.json index ca931842d27..0f53673ad6d 100644 --- a/2016/6xxx/CVE-2016-6907.json +++ b/2016/6xxx/CVE-2016-6907.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6907", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6907", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7105.json b/2016/7xxx/CVE-2016-7105.json index 61471775535..de576fab359 100644 --- a/2016/7xxx/CVE-2016-7105.json +++ b/2016/7xxx/CVE-2016-7105.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7105", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7105", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7145.json b/2016/7xxx/CVE-2016-7145.json index e83795b1d17..18fad194dbc 100644 --- a/2016/7xxx/CVE-2016-7145.json +++ b/2016/7xxx/CVE-2016-7145.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7145", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The m_authenticate function in ircd/m_authenticate.c in nefarious2 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7145", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160905 Re: CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/05/9" - }, - { - "name" : "https://github.com/evilnet/nefarious2/commit/f50a84bad996d438e7b31b9e74c32a41e43f8be5", - "refsource" : "CONFIRM", - "url" : "https://github.com/evilnet/nefarious2/commit/f50a84bad996d438e7b31b9e74c32a41e43f8be5" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The m_authenticate function in ircd/m_authenticate.c in nefarious2 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/evilnet/nefarious2/commit/f50a84bad996d438e7b31b9e74c32a41e43f8be5", + "refsource": "CONFIRM", + "url": "https://github.com/evilnet/nefarious2/commit/f50a84bad996d438e7b31b9e74c32a41e43f8be5" + }, + { + "name": "[oss-security] 20160905 Re: CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/05/9" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7310.json b/2016/7xxx/CVE-2016-7310.json index fd28e0735e1..5e485f3852c 100644 --- a/2016/7xxx/CVE-2016-7310.json +++ b/2016/7xxx/CVE-2016-7310.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7310", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7310", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7337.json b/2016/7xxx/CVE-2016-7337.json index e7b7429280a..31e10d3f23f 100644 --- a/2016/7xxx/CVE-2016-7337.json +++ b/2016/7xxx/CVE-2016-7337.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7337", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7337", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7952.json b/2016/7xxx/CVE-2016-7952.json index 89417635cf3..af866248454 100644 --- a/2016/7xxx/CVE-2016-7952.json +++ b/2016/7xxx/CVE-2016-7952.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7952", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "ID": "CVE-2016-7952", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/04/4" - }, - { - "name" : "[oss-security] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/04/2" - }, - { - "name" : "[xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries", - "refsource" : "MLIST", - "url" : "https://lists.x.org/archives/xorg-announce/2016-October/002720.html" - }, - { - "name" : "https://cgit.freedesktop.org/xorg/lib/libXtst/commit/?id=9556ad67af3129ec4a7a4f4b54a0d59701beeae3", - "refsource" : "CONFIRM", - "url" : "https://cgit.freedesktop.org/xorg/lib/libXtst/commit/?id=9556ad67af3129ec4a7a4f4b54a0d59701beeae3" - }, - { - "name" : "FEDORA-2016-c1d4b1df79", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AFLHX7WNEUXXDAGR324T35L5P6RRR7GE/" - }, - { - "name" : "FEDORA-2016-e6ba110670", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RVEUZRHYY3AJEKMFQ4DS7DX3Y2AICFP7/" - }, - { - "name" : "93375", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93375" - }, - { - "name" : "1036945", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036945" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036945", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036945" + }, + { + "name": "FEDORA-2016-c1d4b1df79", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AFLHX7WNEUXXDAGR324T35L5P6RRR7GE/" + }, + { + "name": "93375", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93375" + }, + { + "name": "https://cgit.freedesktop.org/xorg/lib/libXtst/commit/?id=9556ad67af3129ec4a7a4f4b54a0d59701beeae3", + "refsource": "CONFIRM", + "url": "https://cgit.freedesktop.org/xorg/lib/libXtst/commit/?id=9556ad67af3129ec4a7a4f4b54a0d59701beeae3" + }, + { + "name": "[xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries", + "refsource": "MLIST", + "url": "https://lists.x.org/archives/xorg-announce/2016-October/002720.html" + }, + { + "name": "[oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/04/4" + }, + { + "name": "FEDORA-2016-e6ba110670", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RVEUZRHYY3AJEKMFQ4DS7DX3Y2AICFP7/" + }, + { + "name": "[oss-security] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/04/2" + } + ] + } +} \ No newline at end of file