diff --git a/2006/0xxx/CVE-2006-0007.json b/2006/0xxx/CVE-2006-0007.json index 155b3a3aafc..7603b6c210a 100644 --- a/2006/0xxx/CVE-2006-0007.json +++ b/2006/0xxx/CVE-2006-0007.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0007", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2006-0007", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060712 NSFOCUS SA2006-04 : Microsoft Office GIF Filter Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/439887/100/0/threaded" - }, - { - "name" : "20060712 NSFOCUS SA2006-04 : Microsoft Office GIF Filter Buffer Overflow Vulnerability", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2006-q3/0005.html" - }, - { - "name" : "MS06-039", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-039" - }, - { - "name" : "TA06-192A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-192A.html" - }, - { - "name" : "VU#668564", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/668564" - }, - { - "name" : "18915", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18915" - }, - { - "name" : "ADV-2006-2757", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2757" - }, - { - "name" : "27146", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27146" - }, - { - "name" : "oval:org.mitre.oval:def:21", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A21" - }, - { - "name" : "1016470", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016470" - }, - { - "name" : "21013", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21013" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016470", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016470" + }, + { + "name": "27146", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27146" + }, + { + "name": "20060712 NSFOCUS SA2006-04 : Microsoft Office GIF Filter Buffer Overflow Vulnerability", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2006-q3/0005.html" + }, + { + "name": "21013", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21013" + }, + { + "name": "18915", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18915" + }, + { + "name": "ADV-2006-2757", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2757" + }, + { + "name": "MS06-039", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-039" + }, + { + "name": "20060712 NSFOCUS SA2006-04 : Microsoft Office GIF Filter Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/439887/100/0/threaded" + }, + { + "name": "TA06-192A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-192A.html" + }, + { + "name": "VU#668564", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/668564" + }, + { + "name": "oval:org.mitre.oval:def:21", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A21" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0054.json b/2006/0xxx/CVE-2006-0054.json index 57672779c7f..25d57ba9c5b 100644 --- a/2006/0xxx/CVE-2006-0054.json +++ b/2006/0xxx/CVE-2006-0054.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0054", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ipfw firewall in FreeBSD 6.0-RELEASE allows remote attackers to cause a denial of service (firewall crash) via ICMP IP fragments that match a reset, reject or unreach action, which leads to an access of an uninitialized pointer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secteam@freebsd.org", + "ID": "CVE-2006-0054", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FreeBSD-SA-06:04", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:04.ipfw.asc" - }, - { - "name" : "16209", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16209" - }, - { - "name" : "22319", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22319" - }, - { - "name" : "1015477", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015477" - }, - { - "name" : "18378", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18378" - }, - { - "name" : "ipfw-icmp-fragment-dos(24073)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24073" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ipfw firewall in FreeBSD 6.0-RELEASE allows remote attackers to cause a denial of service (firewall crash) via ICMP IP fragments that match a reset, reject or unreach action, which leads to an access of an uninitialized pointer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22319", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22319" + }, + { + "name": "16209", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16209" + }, + { + "name": "18378", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18378" + }, + { + "name": "ipfw-icmp-fragment-dos(24073)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24073" + }, + { + "name": "FreeBSD-SA-06:04", + "refsource": "FREEBSD", + "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:04.ipfw.asc" + }, + { + "name": "1015477", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015477" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0320.json b/2006/0xxx/CVE-2006-0320.json index 9a10fc27b33..ef5e953131f 100644 --- a/2006/0xxx/CVE-2006-0320.json +++ b/2006/0xxx/CVE-2006-0320.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0320", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in admin/processlogin.php in Bit 5 Blog 8.01 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0320", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060115 [eVuln] Bit 5 Blog SQL Injection & Authentication Bypass Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/422068/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/31/summary", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/31/summary" - }, - { - "name" : "16244", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16244" - }, - { - "name" : "ADV-2006-0195", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0195" - }, - { - "name" : "22445", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22445" - }, - { - "name" : "18464", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18464" - }, - { - "name" : "bit5blog-processlogin-sql-injection(24124)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24124" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in admin/processlogin.php in Bit 5 Blog 8.01 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18464", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18464" + }, + { + "name": "bit5blog-processlogin-sql-injection(24124)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24124" + }, + { + "name": "http://evuln.com/vulns/31/summary", + "refsource": "MISC", + "url": "http://evuln.com/vulns/31/summary" + }, + { + "name": "20060115 [eVuln] Bit 5 Blog SQL Injection & Authentication Bypass Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/422068/100/0/threaded" + }, + { + "name": "16244", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16244" + }, + { + "name": "ADV-2006-0195", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0195" + }, + { + "name": "22445", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22445" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0978.json b/2006/0xxx/CVE-2006-0978.json index 5a9eed86831..b0ce6471d7e 100644 --- a/2006/0xxx/CVE-2006-0978.json +++ b/2006/0xxx/CVE-2006-0978.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0978", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the View Headers (aka viewheaders) functionality in ArGoSoft Mail Server Pro 1.8.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the Subject header, (2) the From header, and (3) certain other unspecified headers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0978", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060227 Secunia Research: ArGoSoft Mail Server Pro viewheaders ScriptInsertion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426206/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2006-6/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2006-6/advisory/" - }, - { - "name" : "16834", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16834" - }, - { - "name" : "ADV-2006-0751", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0751" - }, - { - "name" : "23512", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23512" - }, - { - "name" : "18991", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18991" - }, - { - "name" : "504", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/504" - }, - { - "name" : "argosoft-mailserverpro-viewheaders-xss(24945)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24945" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the View Headers (aka viewheaders) functionality in ArGoSoft Mail Server Pro 1.8.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the Subject header, (2) the From header, and (3) certain other unspecified headers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060227 Secunia Research: ArGoSoft Mail Server Pro viewheaders ScriptInsertion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426206/100/0/threaded" + }, + { + "name": "16834", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16834" + }, + { + "name": "504", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/504" + }, + { + "name": "argosoft-mailserverpro-viewheaders-xss(24945)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24945" + }, + { + "name": "18991", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18991" + }, + { + "name": "http://secunia.com/secunia_research/2006-6/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2006-6/advisory/" + }, + { + "name": "23512", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23512" + }, + { + "name": "ADV-2006-0751", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0751" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3519.json b/2006/3xxx/CVE-2006-3519.json index 7fdb1bf03ca..93d50e72b69 100644 --- a/2006/3xxx/CVE-2006-3519.json +++ b/2006/3xxx/CVE-2006-3519.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3519", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in The Banner Engine (tbe) 4.0 allow remote attackers to execute arbitrary web script or HTML via the (1) text parameter in a search action to (a) top.php, and the (2) adminpass or (3) adminlogin parameter to (b) signup.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3519", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060703 TBE 4.0 XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438972/100/0/threaded" - }, - { - "name" : "18793", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18793" - }, - { - "name" : "ADV-2006-2656", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2656" - }, - { - "name" : "1016432", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016432" - }, - { - "name" : "20916", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20916" - }, - { - "name" : "1204", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1204" - }, - { - "name" : "tbe-signup-top-xss(27549)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27549" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in The Banner Engine (tbe) 4.0 allow remote attackers to execute arbitrary web script or HTML via the (1) text parameter in a search action to (a) top.php, and the (2) adminpass or (3) adminlogin parameter to (b) signup.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18793", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18793" + }, + { + "name": "20916", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20916" + }, + { + "name": "1204", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1204" + }, + { + "name": "tbe-signup-top-xss(27549)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27549" + }, + { + "name": "20060703 TBE 4.0 XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438972/100/0/threaded" + }, + { + "name": "ADV-2006-2656", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2656" + }, + { + "name": "1016432", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016432" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3544.json b/2006/3xxx/CVE-2006-3544.json index 60b843ae7ed..89d67cbbdc9 100644 --- a/2006/3xxx/CVE-2006-3544.json +++ b/2006/3xxx/CVE-2006-3544.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3544", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.3 Final allow remote attackers to execute arbitrary SQL commands via the CODE parameter in a (1) Stats, (2) Mail, and (3) Reg action in index.php. NOTE: the developer has disputed this issue, stating that \"At no point does the CODE parameter touch the database. The CODE parameter is used in a SWITCH statement to determine which function to run.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3544", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060702 Invision Power Board v1.3 Final SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438961/100/0/threaded" - }, - { - "name" : "20060710 Re: Invision Power Board v1.3 Final SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/439629/100/0/threaded" - }, - { - "name" : "18782", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18782" - }, - { - "name" : "30084", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30084" - }, - { - "name" : "1225", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1225" - }, - { - "name" : "ipb-index-sql-injection(27555)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27555" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.3 Final allow remote attackers to execute arbitrary SQL commands via the CODE parameter in a (1) Stats, (2) Mail, and (3) Reg action in index.php. NOTE: the developer has disputed this issue, stating that \"At no point does the CODE parameter touch the database. The CODE parameter is used in a SWITCH statement to determine which function to run.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1225", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1225" + }, + { + "name": "20060710 Re: Invision Power Board v1.3 Final SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/439629/100/0/threaded" + }, + { + "name": "18782", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18782" + }, + { + "name": "20060702 Invision Power Board v1.3 Final SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438961/100/0/threaded" + }, + { + "name": "30084", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30084" + }, + { + "name": "ipb-index-sql-injection(27555)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27555" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3550.json b/2006/3xxx/CVE-2006-3550.json index 1bc97e8325e..955cfc20108 100644 --- a/2006/3xxx/CVE-2006-3550.json +++ b/2006/3xxx/CVE-2006-3550.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3550", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in F5 Networks FirePass 4100 5.x allow remote attackers to inject arbitrary web script or HTML via unspecified \"writable form fields and hidden fields,\" including \"authentication frontends.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3550", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060704 [scip_Advisory 2352] F5 FirePass 4100 prior 6.x multiple Cross Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/439033/100/0/threaded" - }, - { - "name" : "20060704 [scip_Advisory 2352] F5 FirePass 4100 prior 6.x multiple Cross Site Scripting", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047635.html" - }, - { - "name" : "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2352", - "refsource" : "MISC", - "url" : "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2352" - }, - { - "name" : "18799", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18799" - }, - { - "name" : "ADV-2006-2678", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2678" - }, - { - "name" : "1016431", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016431" - }, - { - "name" : "1237", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1237" - }, - { - "name" : "firepass-multiple-xss(27547)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27547" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in F5 Networks FirePass 4100 5.x allow remote attackers to inject arbitrary web script or HTML via unspecified \"writable form fields and hidden fields,\" including \"authentication frontends.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2352", + "refsource": "MISC", + "url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2352" + }, + { + "name": "20060704 [scip_Advisory 2352] F5 FirePass 4100 prior 6.x multiple Cross Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/439033/100/0/threaded" + }, + { + "name": "1016431", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016431" + }, + { + "name": "1237", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1237" + }, + { + "name": "18799", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18799" + }, + { + "name": "20060704 [scip_Advisory 2352] F5 FirePass 4100 prior 6.x multiple Cross Site Scripting", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047635.html" + }, + { + "name": "firepass-multiple-xss(27547)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27547" + }, + { + "name": "ADV-2006-2678", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2678" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3798.json b/2006/3xxx/CVE-2006-3798.json index 808ddfd829a..1c534753429 100644 --- a/2006/3xxx/CVE-2006-3798.json +++ b/2006/3xxx/CVE-2006-3798.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3798", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DeluxeBB 1.07 and earlier allows remote attackers to overwrite the (1) _GET, (2) _POST, (3) _ENV, and (4) _SERVER variables via the _COOKIE (aka COOKIE) variable, which can overwrite the other variables during an extract function call, probably leading to multiple security vulnerabilities, aka \"pollution of the global namespace.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3798", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060718 DeluxeBB mutiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440435/100/0/threaded" - }, - { - "name" : "20060718 Advisory : DeluxeBB mutiple vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047989.html" - }, - { - "name" : "19052", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19052" - }, - { - "name" : "1254", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1254" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DeluxeBB 1.07 and earlier allows remote attackers to overwrite the (1) _GET, (2) _POST, (3) _ENV, and (4) _SERVER variables via the _COOKIE (aka COOKIE) variable, which can overwrite the other variables during an extract function call, probably leading to multiple security vulnerabilities, aka \"pollution of the global namespace.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1254", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1254" + }, + { + "name": "19052", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19052" + }, + { + "name": "20060718 Advisory : DeluxeBB mutiple vulnerabilities", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047989.html" + }, + { + "name": "20060718 DeluxeBB mutiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440435/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3926.json b/2006/3xxx/CVE-2006-3926.json index 810178f83b2..93f7e578289 100644 --- a/2006/3xxx/CVE-2006-3926.json +++ b/2006/3xxx/CVE-2006-3926.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3926", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in PhpProBid 5.24 allow remote attackers to execute arbitrary SQL commands via the (1) view or (2) start parameters to (a) viewfeedback.php or the (3) orderType parameter to (b) categories.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3926", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060725 Phpprobid <= 5.24 XSS SQL injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-07/0474.html" - }, - { - "name" : "19158", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19158" - }, - { - "name" : "27545", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27545" - }, - { - "name" : "27546", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27546" - }, - { - "name" : "1016595", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016595" - }, - { - "name" : "21201", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21201" - }, - { - "name" : "1298", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1298" - }, - { - "name" : "phpprobid-categories-sql-injection(28032)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28032" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in PhpProBid 5.24 allow remote attackers to execute arbitrary SQL commands via the (1) view or (2) start parameters to (a) viewfeedback.php or the (3) orderType parameter to (b) categories.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpprobid-categories-sql-injection(28032)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28032" + }, + { + "name": "1016595", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016595" + }, + { + "name": "27546", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27546" + }, + { + "name": "27545", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27545" + }, + { + "name": "21201", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21201" + }, + { + "name": "19158", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19158" + }, + { + "name": "20060725 Phpprobid <= 5.24 XSS SQL injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0474.html" + }, + { + "name": "1298", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1298" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4022.json b/2006/4xxx/CVE-2006-4022.json index 91a7e6761af..dc736d6b334 100644 --- a/2006/4xxx/CVE-2006-4022.json +++ b/2006/4xxx/CVE-2006-4022.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4022", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Intel 2100 PRO/Wireless Network Connection driver PROSet before 7.1.4.6 allows local users to corrupt memory and execute code via \"requests for capabilities from higher-level protocol drivers or user-level applications\" involving crafted frames, a different issue than CVE-2006-3992." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4022", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.intel.com/support/wireless/wlan/pro2100/sb/CS-023067.htm", - "refsource" : "CONFIRM", - "url" : "http://support.intel.com/support/wireless/wlan/pro2100/sb/CS-023067.htm" - }, - { - "name" : "VU#824500", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/824500" - }, - { - "name" : "19299", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19299" - }, - { - "name" : "ADV-2006-3099", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3099" - }, - { - "name" : "1016621", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016621" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Intel 2100 PRO/Wireless Network Connection driver PROSet before 7.1.4.6 allows local users to corrupt memory and execute code via \"requests for capabilities from higher-level protocol drivers or user-level applications\" involving crafted frames, a different issue than CVE-2006-3992." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#824500", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/824500" + }, + { + "name": "http://support.intel.com/support/wireless/wlan/pro2100/sb/CS-023067.htm", + "refsource": "CONFIRM", + "url": "http://support.intel.com/support/wireless/wlan/pro2100/sb/CS-023067.htm" + }, + { + "name": "19299", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19299" + }, + { + "name": "1016621", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016621" + }, + { + "name": "ADV-2006-3099", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3099" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4301.json b/2006/4xxx/CVE-2006-4301.json index 67080929f6d..5835f769881 100644 --- a/2006/4xxx/CVE-2006-4301.json +++ b/2006/4xxx/CVE-2006-4301.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4301", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) via a long Color attribute in multiple DirectX Media Image DirectX Transforms ActiveX COM Objects from (a) dxtmsft.dll and (b) dxtmsft3.dll, including (1) DXImageTransform.Microsoft.MaskFilter.1, (2) DXImageTransform.Microsoft.Chroma.1, and (3) DX3DTransform.Microsoft.Shapes.1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4301", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060821 [XSec-06-09]: Internet Explorer Multiple COM Objects Color Property DoS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/443907/100/0/threaded" - }, - { - "name" : "4251", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4251" - }, - { - "name" : "http://xsec.org/index.php?module=releases&act=view&type=1&id=17", - "refsource" : "MISC", - "url" : "http://xsec.org/index.php?module=releases&act=view&type=1&id=17" - }, - { - "name" : "19640", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19640" - }, - { - "name" : "29524", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29524" - }, - { - "name" : "29525", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29525" - }, - { - "name" : "1439", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1439" - }, - { - "name" : "ie-com-color-dos(28516)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28516" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) via a long Color attribute in multiple DirectX Media Image DirectX Transforms ActiveX COM Objects from (a) dxtmsft.dll and (b) dxtmsft3.dll, including (1) DXImageTransform.Microsoft.MaskFilter.1, (2) DXImageTransform.Microsoft.Chroma.1, and (3) DX3DTransform.Microsoft.Shapes.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29524", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29524" + }, + { + "name": "1439", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1439" + }, + { + "name": "http://xsec.org/index.php?module=releases&act=view&type=1&id=17", + "refsource": "MISC", + "url": "http://xsec.org/index.php?module=releases&act=view&type=1&id=17" + }, + { + "name": "20060821 [XSec-06-09]: Internet Explorer Multiple COM Objects Color Property DoS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/443907/100/0/threaded" + }, + { + "name": "4251", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4251" + }, + { + "name": "19640", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19640" + }, + { + "name": "29525", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29525" + }, + { + "name": "ie-com-color-dos(28516)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28516" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4428.json b/2006/4xxx/CVE-2006-4428.json index 040a6a204e7..5001f8ff111 100644 --- a/2006/4xxx/CVE-2006-4428.json +++ b/2006/4xxx/CVE-2006-4428.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4428", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to execute arbitrary PHP code via a URL in the template parameter. NOTE: CVE disputes this claim, since the $template variable is defined as a static value before it is referenced in an include statement." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4428", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060825 Jupiter CMS 1.1.5 index.php Remote File Include", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444421/100/0/threaded" - }, - { - "name" : "20060829 Re: Jupiter CMS 1.1.5 index.php Remote File Include", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444729/100/0/threaded" - }, - { - "name" : "20060828 Jupiter CMS file include - CVE dispute", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2006-August/000996.html" - }, - { - "name" : "19721", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19721" - }, - { - "name" : "28298", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28298" - }, - { - "name" : "jupitercm-index-file-include(28589)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28589" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to execute arbitrary PHP code via a URL in the template parameter. NOTE: CVE disputes this claim, since the $template variable is defined as a static value before it is referenced in an include statement." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060825 Jupiter CMS 1.1.5 index.php Remote File Include", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444421/100/0/threaded" + }, + { + "name": "28298", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28298" + }, + { + "name": "20060829 Re: Jupiter CMS 1.1.5 index.php Remote File Include", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444729/100/0/threaded" + }, + { + "name": "20060828 Jupiter CMS file include - CVE dispute", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2006-August/000996.html" + }, + { + "name": "jupitercm-index-file-include(28589)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28589" + }, + { + "name": "19721", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19721" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4524.json b/2006/4xxx/CVE-2006-4524.json index f354f33cd22..4062a7499f4 100644 --- a/2006/4xxx/CVE-2006-4524.json +++ b/2006/4xxx/CVE-2006-4524.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4524", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in login_verif.asp in Digiappz Freekot 1.01 allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) password parameters. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4524", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060830 [KAPDA::#56] - FREEKOT SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444752/100/0/threaded" - }, - { - "name" : "http://www.kapda.ir/advisory-410.html", - "refsource" : "MISC", - "url" : "http://www.kapda.ir/advisory-410.html" - }, - { - "name" : "http://www.kapda.ir/attach-1996-xpl_freekot.htm", - "refsource" : "MISC", - "url" : "http://www.kapda.ir/attach-1996-xpl_freekot.htm" - }, - { - "name" : "19768", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19768" - }, - { - "name" : "21669", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21669" - }, - { - "name" : "1488", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1488" - }, - { - "name" : "freekot-login-password-sql-injection(28672)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28672" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in login_verif.asp in Digiappz Freekot 1.01 allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) password parameters. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060830 [KAPDA::#56] - FREEKOT SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444752/100/0/threaded" + }, + { + "name": "http://www.kapda.ir/attach-1996-xpl_freekot.htm", + "refsource": "MISC", + "url": "http://www.kapda.ir/attach-1996-xpl_freekot.htm" + }, + { + "name": "21669", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21669" + }, + { + "name": "http://www.kapda.ir/advisory-410.html", + "refsource": "MISC", + "url": "http://www.kapda.ir/advisory-410.html" + }, + { + "name": "freekot-login-password-sql-injection(28672)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28672" + }, + { + "name": "1488", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1488" + }, + { + "name": "19768", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19768" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4938.json b/2006/4xxx/CVE-2006-4938.json index 86af59f8415..845d30e221d 100644 --- a/2006/4xxx/CVE-2006-4938.json +++ b/2006/4xxx/CVE-2006-4938.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4938", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "help.php in Moodle before 1.6.2 does not check the existence of certain help files before including them, which might allow remote authenticated users to obtain the path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4938", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.moodle.org/en/Release_notes#Moodle_1.6.2", - "refsource" : "CONFIRM", - "url" : "http://docs.moodle.org/en/Release_notes#Moodle_1.6.2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "help.php in Moodle before 1.6.2 does not check the existence of certain help files before including them, which might allow remote authenticated users to obtain the path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://docs.moodle.org/en/Release_notes#Moodle_1.6.2", + "refsource": "CONFIRM", + "url": "http://docs.moodle.org/en/Release_notes#Moodle_1.6.2" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7242.json b/2006/7xxx/CVE-2006-7242.json index 2f27f25aedb..ebb0fdbbae5 100644 --- a/2006/7xxx/CVE-2006-7242.json +++ b/2006/7xxx/CVE-2006-7242.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7242", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-001 does not ensure that the AE Administrator role is present for Site Preferences modifications, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://download2.boulder.ibm.com/sar/CMA/IMA/00yrk/0/readme-ae351-021.htm", - "refsource" : "CONFIRM", - "url" : "http://download2.boulder.ibm.com/sar/CMA/IMA/00yrk/0/readme-ae351-021.htm" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-001 does not ensure that the AE Administrator role is present for Site Preferences modifications, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://download2.boulder.ibm.com/sar/CMA/IMA/00yrk/0/readme-ae351-021.htm", + "refsource": "CONFIRM", + "url": "http://download2.boulder.ibm.com/sar/CMA/IMA/00yrk/0/readme-ae351-021.htm" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2049.json b/2010/2xxx/CVE-2010-2049.json index 3bda85c2ef0..ff9eff18a96 100644 --- a/2010/2xxx/CVE-2010-2049.json +++ b/2010/2xxx/CVE-2010-2049.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2049", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in jsp/audit/reports/ExportReport.jsp in ManageEngine ADAudit Plus 4.0.0 build 4043 allows remote attackers to inject arbitrary web script or HTML via the reportList parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2049", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40253", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40253" - }, - { - "name" : "64726", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/64726" - }, - { - "name" : "39876", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39876" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in jsp/audit/reports/ExportReport.jsp in ManageEngine ADAudit Plus 4.0.0 build 4043 allows remote attackers to inject arbitrary web script or HTML via the reportList parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39876", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39876" + }, + { + "name": "64726", + "refsource": "OSVDB", + "url": "http://osvdb.org/64726" + }, + { + "name": "40253", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40253" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2107.json b/2010/2xxx/CVE-2010-2107.json index eb463599f19..64737edc1c1 100644 --- a/2010/2xxx/CVE-2010-2107.json +++ b/2010/2xxx/CVE-2010-2107.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2107", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Google Chrome before 5.0.375.55 allows attackers to cause a denial of service (memory error) or possibly have unspecified other impact via vectors related to the Safe Browsing functionality." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2107", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=30079", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=30079" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/05/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/05/stable-channel-update.html" - }, - { - "name" : "oval:org.mitre.oval:def:12128", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12128" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Google Chrome before 5.0.375.55 allows attackers to cause a denial of service (memory error) or possibly have unspecified other impact via vectors related to the Safe Browsing functionality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/chromium/issues/detail?id=30079", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=30079" + }, + { + "name": "http://googlechromereleases.blogspot.com/2010/05/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/05/stable-channel-update.html" + }, + { + "name": "oval:org.mitre.oval:def:12128", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12128" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2145.json b/2010/2xxx/CVE-2010-2145.json index d4ca83598e7..55efbe38cd8 100644 --- a/2010/2xxx/CVE-2010-2145.json +++ b/2010/2xxx/CVE-2010-2145.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2145", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in ClearSite Beta 4.50, and possibly other versions, allow remote attackers to execute arbitrary PHP code via a URL in the cs_base_path parameter to (1) docs.php and (2) include/admin/device_admin.php. NOTE: the header.php vector is already covered by CVE-2009-3306. NOTE: this issue may be due to a variable extraction error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2145", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100527 clearsite Remote File Include Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/511507/100/0/threaded" - }, - { - "name" : "40457", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40457" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in ClearSite Beta 4.50, and possibly other versions, allow remote attackers to execute arbitrary PHP code via a URL in the cs_base_path parameter to (1) docs.php and (2) include/admin/device_admin.php. NOTE: the header.php vector is already covered by CVE-2009-3306. NOTE: this issue may be due to a variable extraction error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40457", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40457" + }, + { + "name": "20100527 clearsite Remote File Include Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/511507/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2750.json b/2010/2xxx/CVE-2010-2750.json index 1197e938124..a99592cdb34 100644 --- a/2010/2xxx/CVE-2010-2750.json +++ b/2010/2xxx/CVE-2010-2750.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2750", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka \"Word Index Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-2750", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101014 VUPEN Security Research - Microsoft Office Word Document Array Indexing Vulnerability (CVE-2010-2750)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514292/100/0/threaded" - }, - { - "name" : "MS10-079", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-079" - }, - { - "name" : "TA10-285A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-285A.html" - }, - { - "name" : "oval:org.mitre.oval:def:7582", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7582" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka \"Word Index Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20101014 VUPEN Security Research - Microsoft Office Word Document Array Indexing Vulnerability (CVE-2010-2750)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514292/100/0/threaded" + }, + { + "name": "MS10-079", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-079" + }, + { + "name": "TA10-285A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-285A.html" + }, + { + "name": "oval:org.mitre.oval:def:7582", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7582" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3071.json b/2010/3xxx/CVE-2010-3071.json index 56c88477b70..709d13597ba 100644 --- a/2010/3xxx/CVE-2010-3071.json +++ b/2010/3xxx/CVE-2010-3071.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3071", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "bip before 0.8.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an empty USER command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3071", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100905 CVE Request -- Bip -- Remote Dos (crash) by exchanging user credentials", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/05/1" - }, - { - "name" : "[oss-security] 20100907 Re: CVE Request -- Bip -- Remote Dos (crash) by exchanging user credentials", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/07/6" - }, - { - "name" : "http://bip.t1r.net/", - "refsource" : "CONFIRM", - "url" : "http://bip.t1r.net/" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=595409", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=595409" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=630437", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=630437" - }, - { - "name" : "FEDORA-2010-15774", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052992.html" - }, - { - "name" : "42995", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42995" - }, - { - "name" : "42889", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42889" - }, - { - "name" : "ADV-2011-0096", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0096" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "bip before 0.8.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an empty USER command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42889", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42889" + }, + { + "name": "ADV-2011-0096", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0096" + }, + { + "name": "http://bip.t1r.net/", + "refsource": "CONFIRM", + "url": "http://bip.t1r.net/" + }, + { + "name": "[oss-security] 20100905 CVE Request -- Bip -- Remote Dos (crash) by exchanging user credentials", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/05/1" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=595409", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=595409" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=630437", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630437" + }, + { + "name": "42995", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42995" + }, + { + "name": "FEDORA-2010-15774", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052992.html" + }, + { + "name": "[oss-security] 20100907 Re: CVE Request -- Bip -- Remote Dos (crash) by exchanging user credentials", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/07/6" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3126.json b/2010/3xxx/CVE-2010-3126.json index e24c4cf98cb..c4efe106970 100644 --- a/2010/3xxx/CVE-2010-3126.json +++ b/2010/3xxx/CVE-2010-3126.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3126", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in avast! Free Antivirus version 5.0.594 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc90loc.dll that is located in the same folder as an avast license (.avastlic) file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3126", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14743", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14743" - }, - { - "name" : "oval:org.mitre.oval:def:7193", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7193" - }, - { - "name" : "41109", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41109" - }, - { - "name" : "ADV-2010-2175", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2175" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in avast! Free Antivirus version 5.0.594 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc90loc.dll that is located in the same folder as an avast license (.avastlic) file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41109", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41109" + }, + { + "name": "ADV-2010-2175", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2175" + }, + { + "name": "14743", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14743" + }, + { + "name": "oval:org.mitre.oval:def:7193", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7193" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3225.json b/2010/3xxx/CVE-2010-3225.json index 232f0030afb..4569dc46002 100644 --- a/2010/3xxx/CVE-2010-3225.json +++ b/2010/3xxx/CVE-2010-3225.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3225", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the Media Player Network Sharing Service in Microsoft Windows Vista SP1 and SP2 and Windows 7 allows remote attackers to execute arbitrary code via a crafted Real Time Streaming Protocol (RTSP) packet, aka \"RTSP Use After Free Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-3225", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-075", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-075" - }, - { - "name" : "TA10-285A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-285A.html" - }, - { - "name" : "oval:org.mitre.oval:def:6684", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6684" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the Media Player Network Sharing Service in Microsoft Windows Vista SP1 and SP2 and Windows 7 allows remote attackers to execute arbitrary code via a crafted Real Time Streaming Protocol (RTSP) packet, aka \"RTSP Use After Free Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS10-075", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-075" + }, + { + "name": "oval:org.mitre.oval:def:6684", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6684" + }, + { + "name": "TA10-285A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-285A.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3471.json b/2010/3xxx/CVE-2010-3471.json index c689c0056e6..72a5b82aadc 100644 --- a/2010/3xxx/CVE-2010-3471.json +++ b/2010/3xxx/CVE-2010-3471.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3471", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Session fixation vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.7-P8AE-FP007 allows remote attackers to hijack web sessions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3471", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://download2.boulder.ibm.com/sar/CMA/IMA/00y3y/0/readme-4027-P8AE-FP007.htm", - "refsource" : "CONFIRM", - "url" : "http://download2.boulder.ibm.com/sar/CMA/IMA/00y3y/0/readme-4027-P8AE-FP007.htm" - }, - { - "name" : "PJ37346", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PJ37346" - }, - { - "name" : "43271", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43271" - }, - { - "name" : "41460", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41460" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Session fixation vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.7-P8AE-FP007 allows remote attackers to hijack web sessions via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43271", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43271" + }, + { + "name": "41460", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41460" + }, + { + "name": "PJ37346", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PJ37346" + }, + { + "name": "http://download2.boulder.ibm.com/sar/CMA/IMA/00y3y/0/readme-4027-P8AE-FP007.htm", + "refsource": "CONFIRM", + "url": "http://download2.boulder.ibm.com/sar/CMA/IMA/00y3y/0/readme-4027-P8AE-FP007.htm" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3811.json b/2010/3xxx/CVE-2010-3811.json index b77ed74852d..a9ed97d0e41 100644 --- a/2010/3xxx/CVE-2010-3811.json +++ b/2010/3xxx/CVE-2010-3811.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3811", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element attributes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-3811", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4455", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4455" - }, - { - "name" : "http://support.apple.com/kb/HT4456", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4456" - }, - { - "name" : "APPLE-SA-2010-11-18-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html" - }, - { - "name" : "APPLE-SA-2010-11-22-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "oval:org.mitre.oval:def:11538", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11538" - }, - { - "name" : "42314", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42314" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2010-3046", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3046" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element attributes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "http://support.apple.com/kb/HT4455", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4455" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "ADV-2010-3046", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3046" + }, + { + "name": "oval:org.mitre.oval:def:11538", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11538" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "APPLE-SA-2010-11-18-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html" + }, + { + "name": "42314", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42314" + }, + { + "name": "http://support.apple.com/kb/HT4456", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4456" + }, + { + "name": "APPLE-SA-2010-11-22-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3941.json b/2010/3xxx/CVE-2010-3941.json index 01d62a1a4da..e1b5631e932 100644 --- a/2010/3xxx/CVE-2010-3941.json +++ b/2010/3xxx/CVE-2010-3941.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3941", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka \"Win32k Double Free Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-3941", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-098", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-098" - }, - { - "name" : "TA10-348A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-348A.html" - }, - { - "name" : "oval:org.mitre.oval:def:11959", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11959" - }, - { - "name" : "1024880", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024880" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka \"Win32k Double Free Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-348A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html" + }, + { + "name": "MS10-098", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-098" + }, + { + "name": "1024880", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024880" + }, + { + "name": "oval:org.mitre.oval:def:11959", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11959" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0541.json b/2011/0xxx/CVE-2011-0541.json index 19ca7eaf9a3..4a82676f977 100644 --- a/2011/0xxx/CVE-2011-0541.json +++ b/2011/0xxx/CVE-2011-0541.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0541", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-0541", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110201 CVE request: fuse", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/02/02/2" - }, - { - "name" : "[oss-security] 20110203 Re: CVE request: fuse", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/02/03/5" - }, - { - "name" : "[oss-security] 20110208 Re: CVE request: fuse", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/02/08/4" - }, - { - "name" : "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=bf5ffb5fd8558bd799791834def431c0cee5a11f", - "refsource" : "CONFIRM", - "url" : "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=bf5ffb5fd8558bd799791834def431c0cee5a11f" - }, - { - "name" : "SUSE-SR:2011:005", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=bf5ffb5fd8558bd799791834def431c0cee5a11f", + "refsource": "CONFIRM", + "url": "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=bf5ffb5fd8558bd799791834def431c0cee5a11f" + }, + { + "name": "[oss-security] 20110201 CVE request: fuse", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/02/02/2" + }, + { + "name": "SUSE-SR:2011:005", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html" + }, + { + "name": "[oss-security] 20110203 Re: CVE request: fuse", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/02/03/5" + }, + { + "name": "[oss-security] 20110208 Re: CVE request: fuse", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/02/08/4" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0545.json b/2011/0xxx/CVE-2011-0545.json index 2d6c003e2b5..79295f5795d 100644 --- a/2011/0xxx/CVE-2011-0545.json +++ b/2011/0xxx/CVE-2011-0545.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0545", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in adduser.do in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts, and possibly have unspecified other impact, via the userRole parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0545", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110322 NSOADV-2011-001: Symantec LiveUpdate Administrator CSRF vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/517109/100/0/threaded" - }, - { - "name" : "17026", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/17026" - }, - { - "name" : "http://sotiriu.de/adv/NSOADV-2011-001.txt", - "refsource" : "MISC", - "url" : "http://sotiriu.de/adv/NSOADV-2011-001.txt" - }, - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110321_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110321_00" - }, - { - "name" : "71261", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/71261" - }, - { - "name" : "1025242", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025242" - }, - { - "name" : "43820", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43820" - }, - { - "name" : "8160", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8160" - }, - { - "name" : "ADV-2011-0727", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0727" - }, - { - "name" : "symantec-lua-gui-csrf(66213)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66213" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in adduser.do in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts, and possibly have unspecified other impact, via the userRole parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43820", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43820" + }, + { + "name": "symantec-lua-gui-csrf(66213)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66213" + }, + { + "name": "71261", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/71261" + }, + { + "name": "http://sotiriu.de/adv/NSOADV-2011-001.txt", + "refsource": "MISC", + "url": "http://sotiriu.de/adv/NSOADV-2011-001.txt" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110321_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110321_00" + }, + { + "name": "17026", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/17026" + }, + { + "name": "8160", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8160" + }, + { + "name": "ADV-2011-0727", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0727" + }, + { + "name": "1025242", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025242" + }, + { + "name": "20110322 NSOADV-2011-001: Symantec LiveUpdate Administrator CSRF vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/517109/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0603.json b/2011/0xxx/CVE-2011-0603.json index 4ea0c96a2da..663b24aab28 100644 --- a/2011/0xxx/CVE-2011-0603.json +++ b/2011/0xxx/CVE-2011-0603.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0603", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image, a different vulnerability than CVE-2011-0566 and CVE-2011-0567." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-0603", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-03.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-03.html" - }, - { - "name" : "RHSA-2011:0301", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0301.html" - }, - { - "name" : "46222", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46222" - }, - { - "name" : "oval:org.mitre.oval:def:12492", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12492" - }, - { - "name" : "1025033", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025033" - }, - { - "name" : "43470", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43470" - }, - { - "name" : "ADV-2011-0337", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0337" - }, - { - "name" : "ADV-2011-0492", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0492" - }, - { - "name" : "adobe-reader-acrobat-images-ce(65306)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65306" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image, a different vulnerability than CVE-2011-0566 and CVE-2011-0567." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0492", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0492" + }, + { + "name": "43470", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43470" + }, + { + "name": "RHSA-2011:0301", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0301.html" + }, + { + "name": "adobe-reader-acrobat-images-ce(65306)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65306" + }, + { + "name": "ADV-2011-0337", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0337" + }, + { + "name": "1025033", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025033" + }, + { + "name": "46222", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46222" + }, + { + "name": "oval:org.mitre.oval:def:12492", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12492" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-03.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-03.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0872.json b/2011/0xxx/CVE-2011-0872.json index bd8705ba8e5..d18df332a83 100644 --- a/2011/0xxx/CVE-2011-0872.json +++ b/2011/0xxx/CVE-2011-0872.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0872", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect availability via unknown vectors related to NIO." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-0872", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100147041", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100147041" - }, - { - "name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-015/index.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-015/index.html" - }, - { - "name" : "http://www.ibm.com/developerworks/java/jdk/alerts/", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/developerworks/java/jdk/alerts/" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBUX02697", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132439520301822&w=2" - }, - { - "name" : "SSRT100591", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132439520301822&w=2" - }, - { - "name" : "HPSBMU02797", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" - }, - { - "name" : "SSRT100867", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "SUSE-SA:2011:032", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00002.html" - }, - { - "name" : "SUSE-SA:2011:030", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00003.html" - }, - { - "name" : "SUSE-SA:2011:036", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00022.html" - }, - { - "name" : "SUSE-SU-2011:0807", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00009.html" - }, - { - "name" : "SUSE-SU-2011:0863", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00001.html" - }, - { - "name" : "SUSE-SU-2011:0966", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00025.html" - }, - { - "name" : "openSUSE-SU-2011:0633", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-06/msg00003.html" - }, - { - "name" : "TA11-201A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" - }, - { - "name" : "oval:org.mitre.oval:def:14241", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14241" - }, - { - "name" : "oval:org.mitre.oval:def:14915", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14915" - }, - { - "name" : "44930", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44930" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect availability via unknown vectors related to NIO." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-015/index.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-015/index.html" + }, + { + "name": "SUSE-SU-2011:0863", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00001.html" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "TA11-201A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" + }, + { + "name": "SUSE-SA:2011:036", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00022.html" + }, + { + "name": "oval:org.mitre.oval:def:14241", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14241" + }, + { + "name": "SUSE-SA:2011:032", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00002.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html" + }, + { + "name": "SUSE-SU-2011:0966", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00025.html" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100147041", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100147041" + }, + { + "name": "oval:org.mitre.oval:def:14915", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14915" + }, + { + "name": "44930", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44930" + }, + { + "name": "SUSE-SA:2011:030", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00003.html" + }, + { + "name": "SSRT100591", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132439520301822&w=2" + }, + { + "name": "SSRT100867", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" + }, + { + "name": "SUSE-SU-2011:0807", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00009.html" + }, + { + "name": "openSUSE-SU-2011:0633", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-06/msg00003.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" + }, + { + "name": "HPSBUX02697", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132439520301822&w=2" + }, + { + "name": "HPSBMU02797", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" + }, + { + "name": "http://www.ibm.com/developerworks/java/jdk/alerts/", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/developerworks/java/jdk/alerts/" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1313.json b/2011/1xxx/CVE-2011-1313.json index f7d6527a30a..08d23ae9fc3 100644 --- a/2011/1xxx/CVE-2011-1313.json +++ b/2011/1xxx/CVE-2011-1313.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1313", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote backend IIOP servers to cause a denial of service (S0C4 ABEND and storage corruption) by rejecting IIOP requests at opportunistic time instants, as demonstrated by requests associated with an ORB_Request::getACRWorkElementPtr function call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1313", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463" - }, - { - "name" : "PM17170", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM17170" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote backend IIOP servers to cause a denial of service (S0C4 ABEND and storage corruption) by rejecting IIOP requests at opportunistic time instants, as demonstrated by requests associated with an ORB_Request::getACRWorkElementPtr function call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "PM17170", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM17170" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1389.json b/2011/1xxx/CVE-2011-1389.json index 5478ca4efc4..d2aa3a8ca60 100644 --- a/2011/1xxx/CVE-2011-1389.json +++ b/2011/1xxx/CVE-2011-1389.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1389", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in the vendor daemon in Rational Common Licensing in Telelogic License Server 2.0, Rational License Server 7.x, and ibmratl in IBM Rational License Key Server (RLKS) 8.0 through 8.1.2 allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files. NOTE: this might overlap CVE-2011-4135." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1389", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Q200975&sliceId=1", - "refsource" : "MISC", - "url" : "http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Q200975&sliceId=1" - }, - { - "name" : "http://www.flexerasoftware.com/pl/13057.htm", - "refsource" : "MISC", - "url" : "http://www.flexerasoftware.com/pl/13057.htm" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-272/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-272/" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21577760", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21577760" - }, - { - "name" : "49191", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49191" - }, - { - "name" : "47522", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47522" - }, - { - "name" : "47524", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47524" - }, - { - "name" : "rlc-logfiles-code-execution(71739)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71739" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in the vendor daemon in Rational Common Licensing in Telelogic License Server 2.0, Rational License Server 7.x, and ibmratl in IBM Rational License Key Server (RLKS) 8.0 through 8.1.2 allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files. NOTE: this might overlap CVE-2011-4135." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.flexerasoftware.com/pl/13057.htm", + "refsource": "MISC", + "url": "http://www.flexerasoftware.com/pl/13057.htm" + }, + { + "name": "47524", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47524" + }, + { + "name": "http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Q200975&sliceId=1", + "refsource": "MISC", + "url": "http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Q200975&sliceId=1" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-272/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-272/" + }, + { + "name": "47522", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47522" + }, + { + "name": "49191", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49191" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21577760", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21577760" + }, + { + "name": "rlc-logfiles-code-execution(71739)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71739" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1731.json b/2011/1xxx/CVE-2011-1731.json index d62cfaa2b96..882a2650483 100644 --- a/2011/1xxx/CVE-2011-1731.json +++ b/2011/1xxx/CVE-2011-1731.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1731", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed EXEC_INTEGUTIL message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-1731", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110429 ZDI-11-147: HP Data Protector Backup Client Service EXEC_INTEGUTIL Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/517768/100/0/threaded" - }, - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-11-147/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-11-147/" - }, - { - "name" : "HPSBMA02668", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240" - }, - { - "name" : "SSRT100474", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240" - }, - { - "name" : "47638", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47638" - }, - { - "name" : "72190", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/72190" - }, - { - "name" : "1025454", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025454" - }, - { - "name" : "44402", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44402" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed EXEC_INTEGUTIL message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://zerodayinitiative.com/advisories/ZDI-11-147/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-11-147/" + }, + { + "name": "47638", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47638" + }, + { + "name": "HPSBMA02668", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240" + }, + { + "name": "SSRT100474", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240" + }, + { + "name": "44402", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44402" + }, + { + "name": "1025454", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025454" + }, + { + "name": "20110429 ZDI-11-147: HP Data Protector Backup Client Service EXEC_INTEGUTIL Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/517768/100/0/threaded" + }, + { + "name": "72190", + "refsource": "OSVDB", + "url": "http://osvdb.org/72190" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1751.json b/2011/1xxx/CVE-2011-1751.json index 2db3106b58b..38f9b265c3d 100644 --- a/2011/1xxx/CVE-2011-1751.json +++ b/2011/1xxx/CVE-2011-1751.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1751", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The pciej_write function in hw/acpi_piix4.c in the PIIX4 Power Management emulation in qemu-kvm does not check if a device is hotpluggable before unplugging the PCI-ISA bridge, which allows privileged guest users to cause a denial of service (guest crash) and possibly execute arbitrary code by sending a crafted value to the 0xae08 (PCI_EJ_BASE) I/O port, which leads to a use-after-free related to \"active qemu timers.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1751", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Qemu-devel] 20110519 [PATCH] Ignore pci unplug requests for unpluggable devices", - "refsource" : "MLIST", - "url" : "http://lists.nongnu.org/archive/html/qemu-devel/2011-05/msg01810.html" - }, - { - "name" : "[oss-security] 20110519 CVE-2011-1751 qemu: acpi_piix4: missing hotplug check during device removal", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/05/19/2" - }, - { - "name" : "http://blog.nelhage.com/2011/08/breaking-out-of-kvm/", - "refsource" : "MISC", - "url" : "http://blog.nelhage.com/2011/08/breaking-out-of-kvm/" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=699773", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=699773" - }, - { - "name" : "https://github.com/nelhage/virtunoid", - "refsource" : "MISC", - "url" : "https://github.com/nelhage/virtunoid" - }, - { - "name" : "http://git.kernel.org/?p=virt/kvm/qemu-kvm.git;a=commit;h=505597e4476a6bc219d0ec1362b760d71cb4fdca", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=virt/kvm/qemu-kvm.git;a=commit;h=505597e4476a6bc219d0ec1362b760d71cb4fdca" - }, - { - "name" : "RHSA-2011:0534", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2011-0534.html" - }, - { - "name" : "SUSE-SU-2011:0533", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/8572547" - }, - { - "name" : "openSUSE-SU-2011:0510", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2011-05/msg00043.html" - }, - { - "name" : "USN-1145-1", - "refsource" : "UBUNTU", - "url" : "https://www.ubuntu.com/usn/USN-1145-1/" - }, - { - "name" : "47927", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47927" - }, - { - "name" : "73395", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/73395" - }, - { - "name" : "44393", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44393" - }, - { - "name" : "44458", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44458" - }, - { - "name" : "44648", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44648" - }, - { - "name" : "44658", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44658" - }, - { - "name" : "44660", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44660" - }, - { - "name" : "44900", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44900" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The pciej_write function in hw/acpi_piix4.c in the PIIX4 Power Management emulation in qemu-kvm does not check if a device is hotpluggable before unplugging the PCI-ISA bridge, which allows privileged guest users to cause a denial of service (guest crash) and possibly execute arbitrary code by sending a crafted value to the 0xae08 (PCI_EJ_BASE) I/O port, which leads to a use-after-free related to \"active qemu timers.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110519 CVE-2011-1751 qemu: acpi_piix4: missing hotplug check during device removal", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/05/19/2" + }, + { + "name": "RHSA-2011:0534", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2011-0534.html" + }, + { + "name": "http://git.kernel.org/?p=virt/kvm/qemu-kvm.git;a=commit;h=505597e4476a6bc219d0ec1362b760d71cb4fdca", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=virt/kvm/qemu-kvm.git;a=commit;h=505597e4476a6bc219d0ec1362b760d71cb4fdca" + }, + { + "name": "44648", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44648" + }, + { + "name": "73395", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/73395" + }, + { + "name": "44393", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44393" + }, + { + "name": "44658", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44658" + }, + { + "name": "SUSE-SU-2011:0533", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/8572547" + }, + { + "name": "[Qemu-devel] 20110519 [PATCH] Ignore pci unplug requests for unpluggable devices", + "refsource": "MLIST", + "url": "http://lists.nongnu.org/archive/html/qemu-devel/2011-05/msg01810.html" + }, + { + "name": "47927", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47927" + }, + { + "name": "https://github.com/nelhage/virtunoid", + "refsource": "MISC", + "url": "https://github.com/nelhage/virtunoid" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=699773", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=699773" + }, + { + "name": "44458", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44458" + }, + { + "name": "44660", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44660" + }, + { + "name": "http://blog.nelhage.com/2011/08/breaking-out-of-kvm/", + "refsource": "MISC", + "url": "http://blog.nelhage.com/2011/08/breaking-out-of-kvm/" + }, + { + "name": "USN-1145-1", + "refsource": "UBUNTU", + "url": "https://www.ubuntu.com/usn/USN-1145-1/" + }, + { + "name": "44900", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44900" + }, + { + "name": "openSUSE-SU-2011:0510", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00043.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1787.json b/2011/1xxx/CVE-2011-1787.json index 892a1f6ef57..806f23a3fc1 100644 --- a/2011/1xxx/CVE-2011-1787.json +++ b/2011/1xxx/CVE-2011-1787.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1787", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1 allows guest OS users to gain privileges on the guest OS by mounting a filesystem on top of an arbitrary directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1787", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0009.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0009.html" - }, - { - "name" : "openSUSE-SU-2011:0617", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/8711677" - }, - { - "name" : "48098", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48098" - }, - { - "name" : "1025601", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025601" - }, - { - "name" : "44840", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44840" - }, - { - "name" : "44904", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44904" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1 allows guest OS users to gain privileges on the guest OS by mounting a filesystem on top of an arbitrary directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44904", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44904" + }, + { + "name": "48098", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48098" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html" + }, + { + "name": "44840", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44840" + }, + { + "name": "1025601", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025601" + }, + { + "name": "openSUSE-SU-2011:0617", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/8711677" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5027.json b/2011/5xxx/CVE-2011-5027.json index b5bbcc23369..4cd4e97e47f 100644 --- a/2011/5xxx/CVE-2011-5027.json +++ b/2011/5xxx/CVE-2011-5027.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5027", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in ZABBIX before 1.8.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the profiler." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5027", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zabbix.com/rn1.8.10.php", - "refsource" : "CONFIRM", - "url" : "http://www.zabbix.com/rn1.8.10.php" - }, - { - "name" : "https://support.zabbix.com/browse/ZBX-4015", - "refsource" : "CONFIRM", - "url" : "https://support.zabbix.com/browse/ZBX-4015" - }, - { - "name" : "FEDORA-2011-17559", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071660.html" - }, - { - "name" : "FEDORA-2011-17560", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071687.html" - }, - { - "name" : "51093", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51093" - }, - { - "name" : "77772", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/77772" - }, - { - "name" : "47216", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47216" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in ZABBIX before 1.8.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the profiler." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51093", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51093" + }, + { + "name": "FEDORA-2011-17559", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071660.html" + }, + { + "name": "https://support.zabbix.com/browse/ZBX-4015", + "refsource": "CONFIRM", + "url": "https://support.zabbix.com/browse/ZBX-4015" + }, + { + "name": "FEDORA-2011-17560", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071687.html" + }, + { + "name": "77772", + "refsource": "OSVDB", + "url": "http://osvdb.org/77772" + }, + { + "name": "http://www.zabbix.com/rn1.8.10.php", + "refsource": "CONFIRM", + "url": "http://www.zabbix.com/rn1.8.10.php" + }, + { + "name": "47216", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47216" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5075.json b/2011/5xxx/CVE-2011-5075.json index c1942e39126..77efeb499b4 100644 --- a/2011/5xxx/CVE-2011-5075.json +++ b/2011/5xxx/CVE-2011-5075.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5075", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to obtain sensitive information via a direct request using the save action, which reveals the installation path." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5075", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111119 Support Incident Tracker <= 3.65 (translate.php) Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/520577" - }, - { - "name" : "18132", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18132/" - }, - { - "name" : "[oss-security] 20111121 Re: Fwd: Support Incident Tracker <= 3.65 (translate.php) Remote Code Execution Vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/11/22/3" - }, - { - "name" : "http://bugs.sitracker.org/view.php?id=1737", - "refsource" : "CONFIRM", - "url" : "http://bugs.sitracker.org/view.php?id=1737" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to obtain sensitive information via a direct request using the save action, which reveals the installation path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.sitracker.org/view.php?id=1737", + "refsource": "CONFIRM", + "url": "http://bugs.sitracker.org/view.php?id=1737" + }, + { + "name": "18132", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18132/" + }, + { + "name": "[oss-security] 20111121 Re: Fwd: Support Incident Tracker <= 3.65 (translate.php) Remote Code Execution Vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/11/22/3" + }, + { + "name": "20111119 Support Incident Tracker <= 3.65 (translate.php) Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/520577" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3042.json b/2014/3xxx/CVE-2014-3042.json index 02dc68f56a2..efd7a09cb86 100644 --- a/2014/3xxx/CVE-2014-3042.json +++ b/2014/3xxx/CVE-2014-3042.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM CICS Transaction Server 3.1, 3.2, 4.1, 4.2, and 5.1 on z/OS does not properly implement CEMT transactions, which allows remote authenticated users to cause a denial of service (storage overlay) by using a 3270 emulator to send an invalid 3270 data stream." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-3042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675195", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675195" - }, - { - "name" : "PI16710", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI16710" - }, - { - "name" : "PI16726", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI16726" - }, - { - "name" : "PI16727", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI16727" - }, - { - "name" : "67944", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67944" - }, - { - "name" : "59242", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59242" - }, - { - "name" : "ibm-cicsts-cve20143042-overlay(93338)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93338" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM CICS Transaction Server 3.1, 3.2, 4.1, 4.2, and 5.1 on z/OS does not properly implement CEMT transactions, which allows remote authenticated users to cause a denial of service (storage overlay) by using a 3270 emulator to send an invalid 3270 data stream." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "PI16710", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI16710" + }, + { + "name": "67944", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67944" + }, + { + "name": "PI16727", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI16727" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675195", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675195" + }, + { + "name": "59242", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59242" + }, + { + "name": "PI16726", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI16726" + }, + { + "name": "ibm-cicsts-cve20143042-overlay(93338)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93338" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3543.json b/2014/3xxx/CVE-2014-3543.json index cafcb71eaa6..261c184f0db 100644 --- a/2014/3xxx/CVE-2014-3543.json +++ b/2014/3xxx/CVE-2014-3543.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3543", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via a package with a manifest file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue affecting IMSCP resources and the IMSCC format." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3543", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140721 Moodle security notifications public", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/07/21/1" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45417", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45417" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=264264", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=264264" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via a package with a manifest file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue affecting IMSCP resources and the IMSCC format." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140721 Moodle security notifications public", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/07/21/1" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45417", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45417" + }, + { + "name": "https://moodle.org/mod/forum/discuss.php?d=264264", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=264264" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3711.json b/2014/3xxx/CVE-2014-3711.json index c08b01f1301..0ed313de755 100644 --- a/2014/3xxx/CVE-2014-3711.json +++ b/2014/3xxx/CVE-2014-3711.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3711", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (memory exhaustion) via vectors that trigger a sandboxed process to look up a large number of nonexistent path names." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3711", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-3070", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3070" - }, - { - "name" : "FreeBSD-SA-14:22", - "refsource" : "FREEBSD", - "url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:22.namei.asc" - }, - { - "name" : "1031100", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031100" - }, - { - "name" : "62218", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62218" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (memory exhaustion) via vectors that trigger a sandboxed process to look up a large number of nonexistent path names." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3070", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3070" + }, + { + "name": "62218", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62218" + }, + { + "name": "FreeBSD-SA-14:22", + "refsource": "FREEBSD", + "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:22.namei.asc" + }, + { + "name": "1031100", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031100" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3765.json b/2014/3xxx/CVE-2014-3765.json index 0a5742629ff..7a86d0a026c 100644 --- a/2014/3xxx/CVE-2014-3765.json +++ b/2014/3xxx/CVE-2014-3765.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3765", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3765", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6176.json b/2014/6xxx/CVE-2014-6176.json index 2942631452e..9319abc68bf 100644 --- a/2014/6xxx/CVE-2014-6176.json +++ b/2014/6xxx/CVE-2014-6176.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6176", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 disregard the SSL setting in the SCA module HTTP import binding and unconditionally select the SSLv3 protocol, which makes it easier for remote attackers to hijack sessions or obtain sensitive information by leveraging the use of a weak cipher." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-6176", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21690780", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21690780" - }, - { - "name" : "JR51593", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR51593" - }, - { - "name" : "1031382", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031382" - }, - { - "name" : "1031383", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031383" - }, - { - "name" : "ibm-websphere-cve20146176-weak-security(98488)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98488" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 disregard the SSL setting in the SCA module HTTP import binding and unconditionally select the SSLv3 protocol, which makes it easier for remote attackers to hijack sessions or obtain sensitive information by leveraging the use of a weak cipher." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21690780", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690780" + }, + { + "name": "1031383", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031383" + }, + { + "name": "1031382", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031382" + }, + { + "name": "JR51593", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR51593" + }, + { + "name": "ibm-websphere-cve20146176-weak-security(98488)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98488" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6803.json b/2014/6xxx/CVE-2014-6803.json index 9210fb09ed6..358d3087728 100644 --- a/2014/6xxx/CVE-2014-6803.json +++ b/2014/6xxx/CVE-2014-6803.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6803", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Bank of Moscow EIRTS Rent (aka ru.bm.rbs.android) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6803", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#918481", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/918481" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Bank of Moscow EIRTS Rent (aka ru.bm.rbs.android) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#918481", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/918481" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6922.json b/2014/6xxx/CVE-2014-6922.json index f8f3122a5c1..2fa0cdba1e9 100644 --- a/2014/6xxx/CVE-2014-6922.json +++ b/2014/6xxx/CVE-2014-6922.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6922", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The KFAI Community Radio (aka com.skyblue.pra.kfai) application 2.0.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6922", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#662841", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/662841" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The KFAI Community Radio (aka com.skyblue.pra.kfai) application 2.0.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#662841", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/662841" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7124.json b/2014/7xxx/CVE-2014-7124.json index 6228ab64a4d..66b1bc917a0 100644 --- a/2014/7xxx/CVE-2014-7124.json +++ b/2014/7xxx/CVE-2014-7124.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7124", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IP Alarm (aka com.cosesy.gadget.alarm) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7124", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#442841", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/442841" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IP Alarm (aka com.cosesy.gadget.alarm) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "VU#442841", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/442841" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7390.json b/2014/7xxx/CVE-2014-7390.json index 287569e102e..90108263622 100644 --- a/2014/7xxx/CVE-2014-7390.json +++ b/2014/7xxx/CVE-2014-7390.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7390", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Enchanted Fashion Crush (aka com.tabtale.springcrushbundleint) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7390", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#120321", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/120321" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Enchanted Fashion Crush (aka com.tabtale.springcrushbundleint) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#120321", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/120321" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8006.json b/2014/8xxx/CVE-2014-8006.json index ce6d17de00c..6837da88cf6 100644 --- a/2014/8xxx/CVE-2014-8006.json +++ b/2014/8xxx/CVE-2014-8006.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8006", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Disaster Recovery (DRA) feature on the Cisco ISB8320-E High-Definition IP-Only DVR allows remote attackers to bypass authentication by establishing a TELNET session during a recovery boot, aka Bug ID CSCup85422." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-8006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141216 Cisco ISB8320-E High-Definition IP-Only DVR Remote Unauthenticated Access Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8006" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Disaster Recovery (DRA) feature on the Cisco ISB8320-E High-Definition IP-Only DVR allows remote attackers to bypass authentication by establishing a TELNET session during a recovery boot, aka Bug ID CSCup85422." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141216 Cisco ISB8320-E High-Definition IP-Only DVR Remote Unauthenticated Access Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8006" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8660.json b/2014/8xxx/CVE-2014-8660.json index fdebd09356a..ef719186e11 100644 --- a/2014/8xxx/CVE-2014-8660.json +++ b/2014/8xxx/CVE-2014-8660.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8660", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SAP Document Management Services allows local users to execute arbitrary commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8660", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/", - "refsource" : "MISC", - "url" : "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/" - }, - { - "name" : "https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/", - "refsource" : "MISC", - "url" : "https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/" - }, - { - "name" : "https://service.sap.com/sap/support/notes/1906212", - "refsource" : "MISC", - "url" : "https://service.sap.com/sap/support/notes/1906212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SAP Document Management Services allows local users to execute arbitrary commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/", + "refsource": "MISC", + "url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/" + }, + { + "name": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/", + "refsource": "MISC", + "url": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/" + }, + { + "name": "https://service.sap.com/sap/support/notes/1906212", + "refsource": "MISC", + "url": "https://service.sap.com/sap/support/notes/1906212" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8777.json b/2014/8xxx/CVE-2014-8777.json index 4a41f056829..ce2013a66ef 100644 --- a/2014/8xxx/CVE-2014-8777.json +++ b/2014/8xxx/CVE-2014-8777.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8777", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8777", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2147.json b/2016/2xxx/CVE-2016-2147.json index ec25e60dbd5..b885f5c0700 100644 --- a/2016/2xxx/CVE-2016-2147.json +++ b/2016/2xxx/CVE-2016-2147.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-2147", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-2147", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160311 two udhcpc (busybox) issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/03/11/16" - }, - { - "name" : "[debian-lts-announce] 20180727 [SECURITY] [DLA 1445-1] busybox security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html" - }, - { - "name" : "https://busybox.net/news.html", - "refsource" : "CONFIRM", - "url" : "https://busybox.net/news.html" - }, - { - "name" : "https://git.busybox.net/busybox/commit/?id=d474ffc68290e0a83651c4432eeabfa62cd51e87", - "refsource" : "CONFIRM", - "url" : "https://git.busybox.net/busybox/commit/?id=d474ffc68290e0a83651c4432eeabfa62cd51e87" - }, - { - "name" : "GLSA-201612-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-04" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://git.busybox.net/busybox/commit/?id=d474ffc68290e0a83651c4432eeabfa62cd51e87", + "refsource": "CONFIRM", + "url": "https://git.busybox.net/busybox/commit/?id=d474ffc68290e0a83651c4432eeabfa62cd51e87" + }, + { + "name": "[oss-security] 20160311 two udhcpc (busybox) issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/03/11/16" + }, + { + "name": "GLSA-201612-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-04" + }, + { + "name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1445-1] busybox security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html" + }, + { + "name": "https://busybox.net/news.html", + "refsource": "CONFIRM", + "url": "https://busybox.net/news.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2220.json b/2016/2xxx/CVE-2016-2220.json index 890a13a27a8..afe4e9ebcd4 100644 --- a/2016/2xxx/CVE-2016-2220.json +++ b/2016/2xxx/CVE-2016-2220.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2220", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2220", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2267.json b/2016/2xxx/CVE-2016-2267.json index 7c9971dcfe5..997b5df32f4 100644 --- a/2016/2xxx/CVE-2016-2267.json +++ b/2016/2xxx/CVE-2016-2267.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2267", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2267", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2374.json b/2016/2xxx/CVE-2016-2374.json index 723c151ee84..011acc90600 100644 --- a/2016/2xxx/CVE-2016-2374.json +++ b/2016/2xxx/CVE-2016-2374.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2016-2374", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Pidgin", - "version" : { - "version_data" : [ - { - "version_value" : "2.10.11" - } - ] - } - } - ] - }, - "vendor_name" : "Pidgin" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT MultiMX message sent via the server can result in an out-of-bounds write leading to memory disclosure and code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "out-of-bounds write" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-2374", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Pidgin", + "version": { + "version_data": [ + { + "version_value": "2.10.11" + } + ] + } + } + ] + }, + "vendor_name": "Pidgin" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.talosintelligence.com/reports/TALOS-2016-0142/", - "refsource" : "MISC", - "url" : "http://www.talosintelligence.com/reports/TALOS-2016-0142/" - }, - { - "name" : "http://www.pidgin.im/news/security/?id=107", - "refsource" : "CONFIRM", - "url" : "http://www.pidgin.im/news/security/?id=107" - }, - { - "name" : "DSA-3620", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3620" - }, - { - "name" : "GLSA-201701-38", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-38" - }, - { - "name" : "USN-3031-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3031-1" - }, - { - "name" : "91335", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91335" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT MultiMX message sent via the server can result in an out-of-bounds write leading to memory disclosure and code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "out-of-bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "91335", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91335" + }, + { + "name": "http://www.talosintelligence.com/reports/TALOS-2016-0142/", + "refsource": "MISC", + "url": "http://www.talosintelligence.com/reports/TALOS-2016-0142/" + }, + { + "name": "DSA-3620", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3620" + }, + { + "name": "http://www.pidgin.im/news/security/?id=107", + "refsource": "CONFIRM", + "url": "http://www.pidgin.im/news/security/?id=107" + }, + { + "name": "GLSA-201701-38", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-38" + }, + { + "name": "USN-3031-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3031-1" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6014.json b/2016/6xxx/CVE-2016-6014.json index 767ce1a1a9e..afa28ddbfa9 100644 --- a/2016/6xxx/CVE-2016-6014.json +++ b/2016/6xxx/CVE-2016-6014.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6014", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6014", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6445.json b/2016/6xxx/CVE-2016-6445.json index a6fd0563cde..c7be31a5d8f 100644 --- a/2016/6xxx/CVE-2016-6445.json +++ b/2016/6xxx/CVE-2016-6445.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2016-6445", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6 could allow an unauthenticated, remote attacker to masquerade as a legitimate user. This vulnerability is due to the XMPP service incorrectly processing a deprecated authentication scheme. A successful exploit could allow an attacker to access the system as another user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unspecified" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6445", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6", + "version": { + "version_data": [ + { + "version_value": "Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-msc", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-msc" - }, - { - "name" : "93517", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93517" - }, - { - "name" : "1037000", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037000" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6 could allow an unauthenticated, remote attacker to masquerade as a legitimate user. This vulnerability is due to the XMPP service incorrectly processing a deprecated authentication scheme. A successful exploit could allow an attacker to access the system as another user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-msc", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-msc" + }, + { + "name": "1037000", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037000" + }, + { + "name": "93517", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93517" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6588.json b/2016/6xxx/CVE-2016-6588.json index 60b700fe10f..b7cc3e74438 100644 --- a/2016/6xxx/CVE-2016-6588.json +++ b/2016/6xxx/CVE-2016-6588.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6588", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6588", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18023.json b/2017/18xxx/CVE-2017-18023.json index 9b1c488e262..ee3c93165bc 100644 --- a/2017/18xxx/CVE-2017-18023.json +++ b/2017/18xxx/CVE-2017-18023.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18023", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Office Tracker 11.2.5 has XSS via the logincount parameter to the /otweb/OTPClientLogin URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18023", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/145775/Office-Tracker-11.2.5-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/145775/Office-Tracker-11.2.5-Cross-Site-Scripting.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Office Tracker 11.2.5 has XSS via the logincount parameter to the /otweb/OTPClientLogin URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/145775/Office-Tracker-11.2.5-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/145775/Office-Tracker-11.2.5-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1054.json b/2017/1xxx/CVE-2017-1054.json index c96f2a2c2b2..c5a24d6bc31 100644 --- a/2017/1xxx/CVE-2017-1054.json +++ b/2017/1xxx/CVE-2017-1054.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1054", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1054", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5395.json b/2017/5xxx/CVE-2017-5395.json index a09cd09d2ed..85d66ed8458 100644 --- a/2017/5xxx/CVE-2017-5395.json +++ b/2017/5xxx/CVE-2017-5395.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-5395", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Malicious sites can display a spoofed location bar on a subsequently loaded page when the existing location bar on the new page is scrolled out of view if navigations between pages can be timed correctly. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Android location bar spoofing during scrolling" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-5395", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1293463", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1293463" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-01/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-01/" - }, - { - "name" : "95763", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95763" - }, - { - "name" : "1037693", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037693" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Malicious sites can display a spoofed location bar on a subsequently loaded page when the existing location bar on the new page is scrolled out of view if navigations between pages can be timed correctly. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Android location bar spoofing during scrolling" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1293463", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1293463" + }, + { + "name": "1037693", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037693" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-01/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-01/" + }, + { + "name": "95763", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95763" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5506.json b/2017/5xxx/CVE-2017-5506.json index 735856644fe..8c7910cf7ea 100644 --- a/2017/5xxx/CVE-2017-5506.json +++ b/2017/5xxx/CVE-2017-5506.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5506", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2017-5506", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170116 CVE Request: Imagemagick: various flaws: memory corruption, out-of-bounds writes, memory leaks, double-frees, off-by-one errors", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/16/6" - }, - { - "name" : "[oss-security] 20170116 Re: CVE Request: Imagemagick: various flaws: memory corruption, out-of-bounds writes, memory leaks, double-frees, off-by-one errors", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/17/5" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851383", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851383" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/6235f1f7a9f7b0f83b197f6cd0073dbb6602d0fb", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/6235f1f7a9f7b0f83b197f6cd0073dbb6602d0fb" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/354", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/354" - }, - { - "name" : "DSA-3799", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3799" - }, - { - "name" : "GLSA-201702-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-09" - }, - { - "name" : "95753", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95753" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20170116 CVE Request: Imagemagick: various flaws: memory corruption, out-of-bounds writes, memory leaks, double-frees, off-by-one errors", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/16/6" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851383", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851383" + }, + { + "name": "GLSA-201702-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-09" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/354", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/354" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/6235f1f7a9f7b0f83b197f6cd0073dbb6602d0fb", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/commit/6235f1f7a9f7b0f83b197f6cd0073dbb6602d0fb" + }, + { + "name": "95753", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95753" + }, + { + "name": "DSA-3799", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3799" + }, + { + "name": "[oss-security] 20170116 Re: CVE Request: Imagemagick: various flaws: memory corruption, out-of-bounds writes, memory leaks, double-frees, off-by-one errors", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/17/5" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5677.json b/2017/5xxx/CVE-2017-5677.json index 762e10f129a..a3e5463147a 100644 --- a/2017/5xxx/CVE-2017-5677.json +++ b/2017/5xxx/CVE-2017-5677.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5677", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PEAR HTML_AJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer. It allows remote code execution. In one viewpoint, the root cause is an incorrect regular expression." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5677", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.pear.php.net/2017/02/02/security-html_ajax-058/", - "refsource" : "MISC", - "url" : "http://blog.pear.php.net/2017/02/02/security-html_ajax-058/" - }, - { - "name" : "http://karmainsecurity.com/KIS-2017-01", - "refsource" : "MISC", - "url" : "http://karmainsecurity.com/KIS-2017-01" - }, - { - "name" : "http://seclists.org/fulldisclosure/2017/Feb/12", - "refsource" : "MISC", - "url" : "http://seclists.org/fulldisclosure/2017/Feb/12" - }, - { - "name" : "https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f5acb5adcd195f9a06b732794cb0de7620def646", - "refsource" : "MISC", - "url" : "https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f5acb5adcd195f9a06b732794cb0de7620def646" - }, - { - "name" : "https://pear.php.net/bugs/bug.php?id=21165", - "refsource" : "MISC", - "url" : "https://pear.php.net/bugs/bug.php?id=21165" - }, - { - "name" : "96044", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96044" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PEAR HTML_AJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer. It allows remote code execution. In one viewpoint, the root cause is an incorrect regular expression." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://karmainsecurity.com/KIS-2017-01", + "refsource": "MISC", + "url": "http://karmainsecurity.com/KIS-2017-01" + }, + { + "name": "http://blog.pear.php.net/2017/02/02/security-html_ajax-058/", + "refsource": "MISC", + "url": "http://blog.pear.php.net/2017/02/02/security-html_ajax-058/" + }, + { + "name": "http://seclists.org/fulldisclosure/2017/Feb/12", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2017/Feb/12" + }, + { + "name": "96044", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96044" + }, + { + "name": "https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f5acb5adcd195f9a06b732794cb0de7620def646", + "refsource": "MISC", + "url": "https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f5acb5adcd195f9a06b732794cb0de7620def646" + }, + { + "name": "https://pear.php.net/bugs/bug.php?id=21165", + "refsource": "MISC", + "url": "https://pear.php.net/bugs/bug.php?id=21165" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5687.json b/2017/5xxx/CVE-2017-5687.json index 3ee62d68b8c..449bad9805d 100644 --- a/2017/5xxx/CVE-2017-5687.json +++ b/2017/5xxx/CVE-2017-5687.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5687", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5687", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5937.json b/2017/5xxx/CVE-2017-5937.json index 91ddafb722d..724a9e2f030 100644 --- a/2017/5xxx/CVE-2017-5937.json +++ b/2017/5xxx/CVE-2017-5937.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5937", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The util_format_is_pure_uint function in vrend_renderer.c in Virgil 3d project (aka virglrenderer) 0.6.0 and earlier allows local guest OS users to cause a denial of service (NULL pointer dereference) via a crafted VIRGL_CCMD_CLEAR command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-5937", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170208 Re: CVE request virglrenderer: null pointer dereference in vrend_clear", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/09/4" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1420246", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1420246" - }, - { - "name" : "https://cgit.freedesktop.org/virglrenderer/commit/?id=48f67f60967f963b698ec8df57ec6912a43d6282", - "refsource" : "CONFIRM", - "url" : "https://cgit.freedesktop.org/virglrenderer/commit/?id=48f67f60967f963b698ec8df57ec6912a43d6282" - }, - { - "name" : "96180", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96180" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The util_format_is_pure_uint function in vrend_renderer.c in Virgil 3d project (aka virglrenderer) 0.6.0 and earlier allows local guest OS users to cause a denial of service (NULL pointer dereference) via a crafted VIRGL_CCMD_CLEAR command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1420246", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1420246" + }, + { + "name": "96180", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96180" + }, + { + "name": "[oss-security] 20170208 Re: CVE request virglrenderer: null pointer dereference in vrend_clear", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/09/4" + }, + { + "name": "https://cgit.freedesktop.org/virglrenderer/commit/?id=48f67f60967f963b698ec8df57ec6912a43d6282", + "refsource": "CONFIRM", + "url": "https://cgit.freedesktop.org/virglrenderer/commit/?id=48f67f60967f963b698ec8df57ec6912a43d6282" + } + ] + } +} \ No newline at end of file