From d1ecd44e9d09570706728e6ce81a5386ce846322 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 22:32:22 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0072.json | 140 ++++----- 2006/0xxx/CVE-2006-0083.json | 170 +++++------ 2006/0xxx/CVE-2006-0097.json | 190 ++++++------ 2006/0xxx/CVE-2006-0549.json | 180 +++++------ 2006/0xxx/CVE-2006-0612.json | 160 +++++----- 2006/0xxx/CVE-2006-0870.json | 210 ++++++------- 2006/1xxx/CVE-2006-1020.json | 180 +++++------ 2006/1xxx/CVE-2006-1259.json | 180 +++++------ 2006/1xxx/CVE-2006-1346.json | 170 +++++------ 2006/1xxx/CVE-2006-1724.json | 530 ++++++++++++++++----------------- 2006/1xxx/CVE-2006-1970.json | 170 +++++------ 2006/4xxx/CVE-2006-4170.json | 34 +-- 2006/4xxx/CVE-2006-4474.json | 160 +++++----- 2006/4xxx/CVE-2006-4496.json | 140 ++++----- 2006/4xxx/CVE-2006-4773.json | 150 +++++----- 2006/4xxx/CVE-2006-4813.json | 290 +++++++++--------- 2006/4xxx/CVE-2006-4963.json | 170 +++++------ 2006/5xxx/CVE-2006-5558.json | 150 +++++----- 2006/5xxx/CVE-2006-5579.json | 240 +++++++-------- 2010/2xxx/CVE-2010-2346.json | 34 +-- 2010/2xxx/CVE-2010-2388.json | 130 ++++---- 2010/2xxx/CVE-2010-2470.json | 120 ++++---- 2010/2xxx/CVE-2010-2875.json | 160 +++++----- 2010/3xxx/CVE-2010-3260.json | 150 +++++----- 2010/3xxx/CVE-2010-3291.json | 170 +++++------ 2010/3xxx/CVE-2010-3350.json | 190 ++++++------ 2010/3xxx/CVE-2010-3996.json | 160 +++++----- 2010/4xxx/CVE-2010-4171.json | 260 ++++++++-------- 2010/4xxx/CVE-2010-4313.json | 160 +++++----- 2010/4xxx/CVE-2010-4421.json | 170 +++++------ 2010/4xxx/CVE-2010-4518.json | 150 +++++----- 2010/4xxx/CVE-2010-4706.json | 170 +++++------ 2011/1xxx/CVE-2011-1212.json | 34 +-- 2011/1xxx/CVE-2011-1609.json | 180 +++++------ 2011/1xxx/CVE-2011-1663.json | 150 +++++----- 2011/5xxx/CVE-2011-5095.json | 140 ++++----- 2011/5xxx/CVE-2011-5157.json | 150 +++++----- 2011/5xxx/CVE-2011-5306.json | 120 ++++---- 2014/3xxx/CVE-2014-3032.json | 130 ++++---- 2014/3xxx/CVE-2014-3123.json | 150 +++++----- 2014/3xxx/CVE-2014-3220.json | 210 ++++++------- 2014/3xxx/CVE-2014-3382.json | 120 ++++---- 2014/3xxx/CVE-2014-3513.json | 560 +++++++++++++++++------------------ 2014/3xxx/CVE-2014-3664.json | 150 +++++----- 2014/7xxx/CVE-2014-7822.json | 320 ++++++++++---------- 2014/7xxx/CVE-2014-7985.json | 160 +++++----- 2014/8xxx/CVE-2014-8157.json | 290 +++++++++--------- 2014/8xxx/CVE-2014-8661.json | 130 ++++---- 2014/8xxx/CVE-2014-8794.json | 34 +-- 2014/8xxx/CVE-2014-8812.json | 34 +-- 2014/9xxx/CVE-2014-9240.json | 130 ++++---- 2014/9xxx/CVE-2014-9657.json | 250 ++++++++-------- 2016/2xxx/CVE-2016-2132.json | 34 +-- 2016/2xxx/CVE-2016-2531.json | 200 ++++++------- 2016/2xxx/CVE-2016-2545.json | 310 +++++++++---------- 2016/2xxx/CVE-2016-2960.json | 150 +++++----- 2016/6xxx/CVE-2016-6165.json | 34 +-- 2016/6xxx/CVE-2016-6436.json | 130 ++++---- 2016/6xxx/CVE-2016-6447.json | 140 ++++----- 2016/6xxx/CVE-2016-6707.json | 172 +++++------ 2016/6xxx/CVE-2016-6769.json | 148 ++++----- 2016/7xxx/CVE-2016-7163.json | 270 ++++++++--------- 2016/7xxx/CVE-2016-7302.json | 34 +-- 2016/7xxx/CVE-2016-7599.json | 180 +++++------ 2016/7xxx/CVE-2016-7680.json | 34 +-- 2016/7xxx/CVE-2016-7863.json | 180 +++++------ 2017/5xxx/CVE-2017-5041.json | 170 +++++------ 2017/5xxx/CVE-2017-5172.json | 34 +-- 68 files changed, 5650 insertions(+), 5650 deletions(-) diff --git a/2006/0xxx/CVE-2006-0072.json b/2006/0xxx/CVE-2006-0072.json index e00d3ffdebd..3c415c22b98 100644 --- a/2006/0xxx/CVE-2006-0072.json +++ b/2006/0xxx/CVE-2006-0072.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0072", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in termsh on SCO OpenServer 5.0.7 allows remote attackers to execute arbitrary code via a long -o command line argument. NOTE: this is probably a different vulnerability than CVE-2005-0351 since it involves a distinct attack vector." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0072", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060102 SCO Openserver 5.0.x exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/420677" - }, - { - "name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/Openserver_bof.c", - "refsource" : "MISC", - "url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/Openserver_bof.c" - }, - { - "name" : "16122", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16122" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in termsh on SCO OpenServer 5.0.7 allows remote attackers to execute arbitrary code via a long -o command line argument. NOTE: this is probably a different vulnerability than CVE-2005-0351 since it involves a distinct attack vector." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://downloads.securityfocus.com/vulnerabilities/exploits/Openserver_bof.c", + "refsource": "MISC", + "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/Openserver_bof.c" + }, + { + "name": "16122", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16122" + }, + { + "name": "20060102 SCO Openserver 5.0.x exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/420677" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0083.json b/2006/0xxx/CVE-2006-0083.json index eecbd3d3022..fdfeaf57a5a 100644 --- a/2006/0xxx/CVE-2006-0083.json +++ b/2006/0xxx/CVE-2006-0083.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0083", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the logging code of SMS Server Tools (smstools) 1.14.8 and earlier allows local users to execute arbitrary code via unspecified attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0083", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-930", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-930" - }, - { - "name" : "16188", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16188" - }, - { - "name" : "22287", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22287" - }, - { - "name" : "18343", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18343" - }, - { - "name" : "18357", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18357" - }, - { - "name" : "smstools-logging-format-string(24034)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24034" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the logging code of SMS Server Tools (smstools) 1.14.8 and earlier allows local users to execute arbitrary code via unspecified attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "smstools-logging-format-string(24034)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24034" + }, + { + "name": "18343", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18343" + }, + { + "name": "18357", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18357" + }, + { + "name": "16188", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16188" + }, + { + "name": "22287", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22287" + }, + { + "name": "DSA-930", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-930" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0097.json b/2006/0xxx/CVE-2006-0097.json index 7ea4f14d9ca..5d21a9d9c96 100644 --- a/2006/0xxx/CVE-2006-0097.json +++ b/2006/0xxx/CVE-2006-0097.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0097", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the create_named_pipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long (1) arg_host or (2) arg_unix_socket argument, as demonstrated by a long named pipe variable in the host argument to the mysql_connect function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060105 Windows PHP 4.x \"0-day\" buffer overflow", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041013.html" - }, - { - "name" : "20060105 Windows PHP 4.x \"0-day\" buffer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/420986/100/0/threaded" - }, - { - "name" : "20060108 RE: Windows PHP 4.x \"0-day\" buffer overflow", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0274.html" - }, - { - "name" : "http://www.php.net/ChangeLog-4.php#4.4.3", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-4.php#4.4.3" - }, - { - "name" : "16145", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16145" - }, - { - "name" : "ADV-2006-0046", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0046" - }, - { - "name" : "22232", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22232" - }, - { - "name" : "18275", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18275" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the create_named_pipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long (1) arg_host or (2) arg_unix_socket argument, as demonstrated by a long named pipe variable in the host argument to the mysql_connect function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060105 Windows PHP 4.x \"0-day\" buffer overflow", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041013.html" + }, + { + "name": "20060105 Windows PHP 4.x \"0-day\" buffer overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/420986/100/0/threaded" + }, + { + "name": "http://www.php.net/ChangeLog-4.php#4.4.3", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-4.php#4.4.3" + }, + { + "name": "ADV-2006-0046", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0046" + }, + { + "name": "16145", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16145" + }, + { + "name": "22232", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22232" + }, + { + "name": "18275", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18275" + }, + { + "name": "20060108 RE: Windows PHP 4.x \"0-day\" buffer overflow", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0274.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0549.json b/2006/0xxx/CVE-2006-0549.json index a307459c3c5..bb0fd5a01e7 100644 --- a/2006/0xxx/CVE-2006-0549.json +++ b/2006/0xxx/CVE-2006-0549.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0549", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the SYS.DBMS_METADATA_UTIL package in Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DB05 from the January 2006 CPU, in which case this would be subsumed by CVE-2006-0260. However, there are some inconsistencies that make this unclear, and there is also a possibility that this is related to DB06, which is subsumed by CVE-2006-0259." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0549", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.integrigy.com/info/IntegrigySecurityAnalysis-CPU0106.pdf", - "refsource" : "MISC", - "url" : "http://www.integrigy.com/info/IntegrigySecurityAnalysis-CPU0106.pdf" - }, - { - "name" : "http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html", - "refsource" : "MISC", - "url" : "http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html" - }, - { - "name" : "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html" - }, - { - "name" : "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_metadata_util.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_metadata_util.html" - }, - { - "name" : "TA06-018A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-018A.html" - }, - { - "name" : "VU#629316", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/629316" - }, - { - "name" : "oracle-january2006-update(24321)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the SYS.DBMS_METADATA_UTIL package in Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DB05 from the January 2006 CPU, in which case this would be subsumed by CVE-2006-0260. However, there are some inconsistencies that make this unclear, and there is also a possibility that this is related to DB06, which is subsumed by CVE-2006-0259." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_metadata_util.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_metadata_util.html" + }, + { + "name": "VU#629316", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/629316" + }, + { + "name": "http://www.integrigy.com/info/IntegrigySecurityAnalysis-CPU0106.pdf", + "refsource": "MISC", + "url": "http://www.integrigy.com/info/IntegrigySecurityAnalysis-CPU0106.pdf" + }, + { + "name": "oracle-january2006-update(24321)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321" + }, + { + "name": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html" + }, + { + "name": "TA06-018A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-018A.html" + }, + { + "name": "http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html", + "refsource": "MISC", + "url": "http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0612.json b/2006/0xxx/CVE-2006-0612.json index ccc70ca9689..fc77a3cc488 100644 --- a/2006/0xxx/CVE-2006-0612.json +++ b/2006/0xxx/CVE-2006-0612.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0612", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Powersave daemon before 0.10.15.2 allows local users to gain privileges (unauthorized access to an X session) via unspecified vectors. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=379792&group_id=124576", - "refsource" : "MISC", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=379792&group_id=124576" - }, - { - "name" : "16469", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16469" - }, - { - "name" : "ADV-2006-0416", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0416" - }, - { - "name" : "18651", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18651" - }, - { - "name" : "powersave-daemon-gain-privileges(24458)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24458" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Powersave daemon before 0.10.15.2 allows local users to gain privileges (unauthorized access to an X session) via unspecified vectors. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=379792&group_id=124576", + "refsource": "MISC", + "url": "http://sourceforge.net/project/shownotes.php?release_id=379792&group_id=124576" + }, + { + "name": "18651", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18651" + }, + { + "name": "16469", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16469" + }, + { + "name": "ADV-2006-0416", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0416" + }, + { + "name": "powersave-daemon-gain-privileges(24458)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24458" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0870.json b/2006/0xxx/CVE-2006-0870.json index cd7cbc4b7aa..cb14daca585 100644 --- a/2006/0xxx/CVE-2006-0870.json +++ b/2006/0xxx/CVE-2006-0870.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0870", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in pages.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: version 2.3 was later reported to be vulnerable as well." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0870", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060220 MiniNuke CMS System all versions (pages.asp) SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/425599/100/0/threaded" - }, - { - "name" : "20060321 Mini-Nuke<=1.8.2 SQL injection (6)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/428361/100/0/threaded" - }, - { - "name" : "20060420 Mini-NUKE v2.3<<--- SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431602/100/0/threaded" - }, - { - "name" : "20060421 Re: Mini-NUKE v2.3<<--- SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431714/100/0/threaded" - }, - { - "name" : "http://www.nukedx.com/?viewdoc=9", - "refsource" : "MISC", - "url" : "http://www.nukedx.com/?viewdoc=9" - }, - { - "name" : "16730", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16730" - }, - { - "name" : "17636", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17636" - }, - { - "name" : "23438", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23438" - }, - { - "name" : "18439", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18439" - }, - { - "name" : "mininuke-pages-sql-injection(24803)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24803" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in pages.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: version 2.3 was later reported to be vulnerable as well." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16730", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16730" + }, + { + "name": "http://www.nukedx.com/?viewdoc=9", + "refsource": "MISC", + "url": "http://www.nukedx.com/?viewdoc=9" + }, + { + "name": "20060421 Re: Mini-NUKE v2.3<<--- SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431714/100/0/threaded" + }, + { + "name": "18439", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18439" + }, + { + "name": "mininuke-pages-sql-injection(24803)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24803" + }, + { + "name": "17636", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17636" + }, + { + "name": "20060220 MiniNuke CMS System all versions (pages.asp) SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/425599/100/0/threaded" + }, + { + "name": "20060420 Mini-NUKE v2.3<<--- SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431602/100/0/threaded" + }, + { + "name": "20060321 Mini-Nuke<=1.8.2 SQL injection (6)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/428361/100/0/threaded" + }, + { + "name": "23438", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23438" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1020.json b/2006/1xxx/CVE-2006-1020.json index 94ba460e46b..fc2e019ee45 100644 --- a/2006/1xxx/CVE-2006-1020.json +++ b/2006/1xxx/CVE-2006-1020.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1020", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in forumlib.php in Johnny_Vegas Vegas Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the postid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1020", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060313 [eVuln] Vegas Forum SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/427470/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/90/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/90/summary.html" - }, - { - "name" : "17079", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17079" - }, - { - "name" : "ADV-2006-0790", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0790" - }, - { - "name" : "19219", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19219" - }, - { - "name" : "574", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/574" - }, - { - "name" : "vegasforum-forumlib-sql-injection(25167)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25167" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in forumlib.php in Johnny_Vegas Vegas Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the postid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17079", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17079" + }, + { + "name": "19219", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19219" + }, + { + "name": "574", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/574" + }, + { + "name": "ADV-2006-0790", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0790" + }, + { + "name": "http://evuln.com/vulns/90/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/90/summary.html" + }, + { + "name": "vegasforum-forumlib-sql-injection(25167)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25167" + }, + { + "name": "20060313 [eVuln] Vegas Forum SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/427470/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1259.json b/2006/1xxx/CVE-2006-1259.json index ff6f73aa4c9..e32b75b1867 100644 --- a/2006/1xxx/CVE-2006-1259.json +++ b/2006/1xxx/CVE-2006-1259.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1259", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Maian Support 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) email or (2) pass parameter to admin/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1259", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060328 [eVuln] Maian Support Authentication Bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/429098/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/103/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/103/summary.html" - }, - { - "name" : "ADV-2006-0992", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0992" - }, - { - "name" : "23944", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23944" - }, - { - "name" : "19275", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19275" - }, - { - "name" : "645", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/645" - }, - { - "name" : "maiansupport-adminindex-sql-injection(25300)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25300" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Maian Support 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) email or (2) pass parameter to admin/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "maiansupport-adminindex-sql-injection(25300)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25300" + }, + { + "name": "23944", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23944" + }, + { + "name": "20060328 [eVuln] Maian Support Authentication Bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/429098/100/0/threaded" + }, + { + "name": "645", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/645" + }, + { + "name": "http://evuln.com/vulns/103/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/103/summary.html" + }, + { + "name": "ADV-2006-0992", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0992" + }, + { + "name": "19275", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19275" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1346.json b/2006/1xxx/CVE-2006-1346.json index 5d82d7983e8..74d52ff4a65 100644 --- a/2006/1xxx/CVE-2006-1346.json +++ b/2006/1xxx/CVE-2006-1346.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1346", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1346", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1595", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1595" - }, - { - "name" : "20060414 Provable vendor ACK for gcards issues", - "refsource" : "VIM", - "url" : "http://attrition.org/pipermail/vim/2006-April/000698.html" - }, - { - "name" : "17165", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17165" - }, - { - "name" : "ADV-2006-1015", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1015" - }, - { - "name" : "24016", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24016" - }, - { - "name" : "19322", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19322" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1595", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1595" + }, + { + "name": "24016", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24016" + }, + { + "name": "19322", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19322" + }, + { + "name": "ADV-2006-1015", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1015" + }, + { + "name": "17165", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17165" + }, + { + "name": "20060414 Provable vendor ACK for gcards issues", + "refsource": "VIM", + "url": "http://attrition.org/pipermail/vim/2006-April/000698.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1724.json b/2006/1xxx/CVE-2006-1724.json index faec6a1bb8e..a66ef5a1a5a 100644 --- a/2006/1xxx/CVE-2006-1724.json +++ b/2006/1xxx/CVE-2006-1724.json @@ -1,267 +1,267 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1724", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to DHTML." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-1724", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-20.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-20.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=282105", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=282105" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm" - }, - { - "name" : "DSA-1046", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1046" - }, - { - "name" : "DSA-1051", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1051" - }, - { - "name" : "FEDORA-2006-410", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html" - }, - { - "name" : "FEDORA-2006-411", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html" - }, - { - "name" : "FLSA:189137-2", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/436338/100/0/threaded" - }, - { - "name" : "HPSBTU02118", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/434524/100/0/threaded" - }, - { - "name" : "SSRT061145", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/434524/100/0/threaded" - }, - { - "name" : "HPSBUX02153", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" - }, - { - "name" : "SSRT061181", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" - }, - { - "name" : "HPSBUX02156", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" - }, - { - "name" : "SSRT061236", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" - }, - { - "name" : "RHSA-2006:0328", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0328.html" - }, - { - "name" : "RHSA-2006:0330", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0330.html" - }, - { - "name" : "SCOSA-2006.26", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt" - }, - { - "name" : "102550", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1" - }, - { - "name" : "228526", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1" - }, - { - "name" : "TA06-107A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-107A.html" - }, - { - "name" : "VU#350262", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/350262" - }, - { - "name" : "17516", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17516" - }, - { - "name" : "oval:org.mitre.oval:def:10243", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10243" - }, - { - "name" : "ADV-2006-1356", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1356" - }, - { - "name" : "ADV-2006-3748", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3748" - }, - { - "name" : "ADV-2006-3749", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3749" - }, - { - "name" : "ADV-2008-0083", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0083" - }, - { - "name" : "oval:org.mitre.oval:def:1901", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1901" - }, - { - "name" : "1015919", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015919" - }, - { - "name" : "1015921", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015921" - }, - { - "name" : "1015920", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015920" - }, - { - "name" : "19631", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19631" - }, - { - "name" : "19649", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19649" - }, - { - "name" : "19863", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19863" - }, - { - "name" : "19941", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19941" - }, - { - "name" : "19714", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19714" - }, - { - "name" : "21033", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21033" - }, - { - "name" : "21622", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21622" - }, - { - "name" : "19696", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19696" - }, - { - "name" : "19780", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19780" - }, - { - "name" : "22065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22065" - }, - { - "name" : "22066", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22066" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to DHTML." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-20.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-20.html" + }, + { + "name": "ADV-2006-3748", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3748" + }, + { + "name": "RHSA-2006:0330", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0330.html" + }, + { + "name": "SSRT061145", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/434524/100/0/threaded" + }, + { + "name": "19941", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19941" + }, + { + "name": "19780", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19780" + }, + { + "name": "RHSA-2006:0328", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0328.html" + }, + { + "name": "21622", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21622" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm" + }, + { + "name": "DSA-1051", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1051" + }, + { + "name": "FEDORA-2006-410", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html" + }, + { + "name": "ADV-2006-3749", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3749" + }, + { + "name": "19714", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19714" + }, + { + "name": "HPSBTU02118", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/434524/100/0/threaded" + }, + { + "name": "21033", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21033" + }, + { + "name": "oval:org.mitre.oval:def:10243", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10243" + }, + { + "name": "VU#350262", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/350262" + }, + { + "name": "ADV-2008-0083", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0083" + }, + { + "name": "102550", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1" + }, + { + "name": "19696", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19696" + }, + { + "name": "FLSA:189137-2", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/436338/100/0/threaded" + }, + { + "name": "SSRT061181", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" + }, + { + "name": "ADV-2006-1356", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1356" + }, + { + "name": "SSRT061236", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=282105", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=282105" + }, + { + "name": "1015921", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015921" + }, + { + "name": "HPSBUX02153", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" + }, + { + "name": "19649", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19649" + }, + { + "name": "19863", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19863" + }, + { + "name": "HPSBUX02156", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded" + }, + { + "name": "SCOSA-2006.26", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt" + }, + { + "name": "TA06-107A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-107A.html" + }, + { + "name": "oval:org.mitre.oval:def:1901", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1901" + }, + { + "name": "17516", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17516" + }, + { + "name": "1015919", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015919" + }, + { + "name": "228526", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1" + }, + { + "name": "FEDORA-2006-411", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html" + }, + { + "name": "22066", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22066" + }, + { + "name": "1015920", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015920" + }, + { + "name": "22065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22065" + }, + { + "name": "19631", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19631" + }, + { + "name": "DSA-1046", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1046" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1970.json b/2006/1xxx/CVE-2006-1970.json index 1b23faf35aa..013167901a0 100644 --- a/2006/1xxx/CVE-2006-1970.json +++ b/2006/1xxx/CVE-2006-1970.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1970", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in classifieds/viewcat.cgi in KCScripts Classifieds, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1970", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/04/portal-pack-6-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/04/portal-pack-6-xss-vuln.html" - }, - { - "name" : "17628", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17628" - }, - { - "name" : "ADV-2006-1440", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1440" - }, - { - "name" : "24764", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24764" - }, - { - "name" : "19695", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19695" - }, - { - "name" : "portalpack-multiple-xss(25940)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25940" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in classifieds/viewcat.cgi in KCScripts Classifieds, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "portalpack-multiple-xss(25940)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25940" + }, + { + "name": "ADV-2006-1440", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1440" + }, + { + "name": "24764", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24764" + }, + { + "name": "19695", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19695" + }, + { + "name": "17628", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17628" + }, + { + "name": "http://pridels0.blogspot.com/2006/04/portal-pack-6-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/04/portal-pack-6-xss-vuln.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4170.json b/2006/4xxx/CVE-2006-4170.json index 768ba1da90f..694e25fcc2e 100644 --- a/2006/4xxx/CVE-2006-4170.json +++ b/2006/4xxx/CVE-2006-4170.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4170", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-4812. Reason: This candidate is a reservation duplicate of CVE-2006-4812. Notes: All CVE users should reference CVE-2006-4812 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-4170", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-4812. Reason: This candidate is a reservation duplicate of CVE-2006-4812. Notes: All CVE users should reference CVE-2006-4812 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4474.json b/2006/4xxx/CVE-2006-4474.json index 8f92662c261..ee4320f24ce 100644 --- a/2006/4xxx/CVE-2006-4474.json +++ b/2006/4xxx/CVE-2006-4474.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4474", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.11 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) Admin Module Manager, (2) Admin Help, and (3) Search." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4474", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.joomla.org/content/view/1841/78/", - "refsource" : "CONFIRM", - "url" : "http://www.joomla.org/content/view/1841/78/" - }, - { - "name" : "http://www.joomla.org/content/view/1843/74/", - "refsource" : "CONFIRM", - "url" : "http://www.joomla.org/content/view/1843/74/" - }, - { - "name" : "ADV-2006-3408", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3408" - }, - { - "name" : "21666", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21666" - }, - { - "name" : "joomla-admin-xss(28633)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28633" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.11 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) Admin Module Manager, (2) Admin Help, and (3) Search." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3408", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3408" + }, + { + "name": "joomla-admin-xss(28633)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28633" + }, + { + "name": "http://www.joomla.org/content/view/1841/78/", + "refsource": "CONFIRM", + "url": "http://www.joomla.org/content/view/1841/78/" + }, + { + "name": "21666", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21666" + }, + { + "name": "http://www.joomla.org/content/view/1843/74/", + "refsource": "CONFIRM", + "url": "http://www.joomla.org/content/view/1843/74/" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4496.json b/2006/4xxx/CVE-2006-4496.json index ea7e5068bd1..d693acb2e00 100644 --- a/2006/4xxx/CVE-2006-4496.json +++ b/2006/4xxx/CVE-2006-4496.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4496", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in comments.php in IwebNegar 1.1 allows remote attackers to inject arbitrary web script or HTML via the comment parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4496", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060830 IwebNegar v1.1 Multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444744/100/0/threaded" - }, - { - "name" : "1476", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1476" - }, - { - "name" : "iwebnegar-comments-xss(28663)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28663" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in comments.php in IwebNegar 1.1 allows remote attackers to inject arbitrary web script or HTML via the comment parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "iwebnegar-comments-xss(28663)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28663" + }, + { + "name": "1476", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1476" + }, + { + "name": "20060830 IwebNegar v1.1 Multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444744/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4773.json b/2006/4xxx/CVE-2006-4773.json index d7712ad83a8..3752df6ce3b 100644 --- a/2006/4xxx/CVE-2006-4773.json +++ b/2006/4xxx/CVE-2006-4773.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4773", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sun StorEdge 6130 Array Controllers with firmware 06.12.10.11 and earlier allow remote attackers to cause a denial of service (controller reboot) via a flood of traffic on the LAN." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4773", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "102601", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102601-1" - }, - { - "name" : "ADV-2006-3637", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3637" - }, - { - "name" : "21925", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21925" - }, - { - "name" : "storedge-controller-traffic-dos(28945)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28945" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sun StorEdge 6130 Array Controllers with firmware 06.12.10.11 and earlier allow remote attackers to cause a denial of service (controller reboot) via a flood of traffic on the LAN." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3637", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3637" + }, + { + "name": "102601", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102601-1" + }, + { + "name": "21925", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21925" + }, + { + "name": "storedge-controller-traffic-dos(28945)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28945" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4813.json b/2006/4xxx/CVE-2006-4813.json index 137627919b6..4a830d83ddc 100644 --- a/2006/4xxx/CVE-2006-4813.json +++ b/2006/4xxx/CVE-2006-4813.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4813", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The __block_prepare_write function in fs/buffer.c for Linux kernel 2.6.x before 2.6.13 does not properly clear buffers during certain error conditions, which allows local users to read portions of files that have been unlinked." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-4813", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207463", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207463" - }, - { - "name" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=152becd26e0563aefdbc4fd1fe491928efe92d1f", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=152becd26e0563aefdbc4fd1fe491928efe92d1f" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm" - }, - { - "name" : "DSA-1233", - "refsource" : "DEBIAN", - "url" : "http://www.us.debian.org/security/2006/dsa-1233" - }, - { - "name" : "MDKSA-2007:012", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:012" - }, - { - "name" : "MDKSA-2007:025", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:025" - }, - { - "name" : "RHSA-2007:0014", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2007-0014.html" - }, - { - "name" : "SUSE-SA:2006:079", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_79_kernel.html" - }, - { - "name" : "USN-395-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-395-1" - }, - { - "name" : "21522", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21522" - }, - { - "name" : "31376", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/31376" - }, - { - "name" : "oval:org.mitre.oval:def:11701", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11701" - }, - { - "name" : "23370", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23370" - }, - { - "name" : "23384", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23384" - }, - { - "name" : "23752", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23752" - }, - { - "name" : "23997", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23997" - }, - { - "name" : "24206", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24206" - }, - { - "name" : "23474", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23474" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The __block_prepare_write function in fs/buffer.c for Linux kernel 2.6.x before 2.6.13 does not properly clear buffers during certain error conditions, which allows local users to read portions of files that have been unlinked." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207463", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207463" + }, + { + "name": "MDKSA-2007:025", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:025" + }, + { + "name": "SUSE-SA:2006:079", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_79_kernel.html" + }, + { + "name": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=152becd26e0563aefdbc4fd1fe491928efe92d1f", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=152becd26e0563aefdbc4fd1fe491928efe92d1f" + }, + { + "name": "oval:org.mitre.oval:def:11701", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11701" + }, + { + "name": "RHSA-2007:0014", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2007-0014.html" + }, + { + "name": "MDKSA-2007:012", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:012" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm" + }, + { + "name": "21522", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21522" + }, + { + "name": "23384", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23384" + }, + { + "name": "23752", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23752" + }, + { + "name": "24206", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24206" + }, + { + "name": "23474", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23474" + }, + { + "name": "DSA-1233", + "refsource": "DEBIAN", + "url": "http://www.us.debian.org/security/2006/dsa-1233" + }, + { + "name": "23370", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23370" + }, + { + "name": "23997", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23997" + }, + { + "name": "USN-395-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-395-1" + }, + { + "name": "31376", + "refsource": "OSVDB", + "url": "http://osvdb.org/31376" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4963.json b/2006/4xxx/CVE-2006-4963.json index 1e59f0cdea0..652d3da3daa 100644 --- a/2006/4xxx/CVE-2006-4963.json +++ b/2006/4xxx/CVE-2006-4963.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4963", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in Exponent CMS 0.96.3 allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence in the view parameter in the show_view action in the calendarmodule module, as demonstrated by executing PHP code through session files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4963", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2391", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2391" - }, - { - "name" : "20111", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20111" - }, - { - "name" : "ADV-2006-3708", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3708" - }, - { - "name" : "29024", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29024" - }, - { - "name" : "22003", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22003" - }, - { - "name" : "exponent-index-file-include(29077)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29077" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in Exponent CMS 0.96.3 allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence in the view parameter in the show_view action in the calendarmodule module, as demonstrated by executing PHP code through session files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29024", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29024" + }, + { + "name": "2391", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2391" + }, + { + "name": "ADV-2006-3708", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3708" + }, + { + "name": "exponent-index-file-include(29077)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29077" + }, + { + "name": "20111", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20111" + }, + { + "name": "22003", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22003" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5558.json b/2006/5xxx/CVE-2006-5558.json index 1804197d1e2..6a65f58044e 100644 --- a/2006/5xxx/CVE-2006-5558.json +++ b/2006/5xxx/CVE-2006-5558.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5558", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the swask command in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via format string specifiers in the -s argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to CVE-2006-2574 are too vague to be certain." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5558", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.23.nu/prdelka/stories/13144/", - "refsource" : "MISC", - "url" : "http://blogs.23.nu/prdelka/stories/13144/" - }, - { - "name" : "2635", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2635" - }, - { - "name" : "20726", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20726" - }, - { - "name" : "oval:org.mitre.oval:def:5804", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5804" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the swask command in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via format string specifiers in the -s argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to CVE-2006-2574 are too vague to be certain." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blogs.23.nu/prdelka/stories/13144/", + "refsource": "MISC", + "url": "http://blogs.23.nu/prdelka/stories/13144/" + }, + { + "name": "20726", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20726" + }, + { + "name": "oval:org.mitre.oval:def:5804", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5804" + }, + { + "name": "2635", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2635" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5579.json b/2006/5xxx/CVE-2006-5579.json index ba30480929f..9c454823942 100644 --- a/2006/5xxx/CVE-2006-5579.json +++ b/2006/5xxx/CVE-2006-5579.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5579", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using JavaScript to cause certain errors simultaneously, which results in the access of previously freed memory, aka \"Script Error Handling Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2006-5579", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061212 Secunia Research: Internet Explorer Script Error Handling MemoryCorruption", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/454205/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2006-58/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2006-58/advisory/" - }, - { - "name" : "HPSBST02180", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/454969/100/200/threaded" - }, - { - "name" : "SSRT061288", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/454969/100/200/threaded" - }, - { - "name" : "MS06-072", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-072" - }, - { - "name" : "TA06-346A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-346A.html" - }, - { - "name" : "VU#599832", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/599832" - }, - { - "name" : "21552", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21552" - }, - { - "name" : "ADV-2006-4966", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4966" - }, - { - "name" : "30813", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30813" - }, - { - "name" : "oval:org.mitre.oval:def:761", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A761" - }, - { - "name" : "1017373", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017373" - }, - { - "name" : "20807", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20807" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using JavaScript to cause certain errors simultaneously, which results in the access of previously freed memory, aka \"Script Error Handling Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://secunia.com/secunia_research/2006-58/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2006-58/advisory/" + }, + { + "name": "ADV-2006-4966", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4966" + }, + { + "name": "VU#599832", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/599832" + }, + { + "name": "TA06-346A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-346A.html" + }, + { + "name": "30813", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30813" + }, + { + "name": "SSRT061288", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded" + }, + { + "name": "HPSBST02180", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded" + }, + { + "name": "MS06-072", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-072" + }, + { + "name": "20061212 Secunia Research: Internet Explorer Script Error Handling MemoryCorruption", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/454205/100/0/threaded" + }, + { + "name": "21552", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21552" + }, + { + "name": "oval:org.mitre.oval:def:761", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A761" + }, + { + "name": "20807", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20807" + }, + { + "name": "1017373", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017373" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2346.json b/2010/2xxx/CVE-2010-2346.json index d5f80dab3c2..61fe1cfd6f4 100644 --- a/2010/2xxx/CVE-2010-2346.json +++ b/2010/2xxx/CVE-2010-2346.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2346", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2346", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2388.json b/2010/2xxx/CVE-2010-2388.json index d7ba53bebee..622662bec8b 100644 --- a/2010/2xxx/CVE-2010-2388.json +++ b/2010/2xxx/CVE-2010-2388.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2388", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-2388", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - }, - { - "name" : "TA10-287A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + }, + { + "name": "TA10-287A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2470.json b/2010/2xxx/CVE-2010-2470.json index c0c2f7bcaf0..bbb7c1442a3 100644 --- a/2010/2xxx/CVE-2010-2470.json +++ b/2010/2xxx/CVE-2010-2470.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2470", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through 3.7.1, when use_suexec is enabled, uses world-readable permissions within (1) .bzr/ and (2) data/webdot/, which allows local users to obtain potentially sensitive data by reading files in these directories, a different vulnerability than CVE-2010-0180." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2470", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=561797", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=561797" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through 3.7.1, when use_suexec is enabled, uses world-readable permissions within (1) .bzr/ and (2) data/webdot/, which allows local users to obtain potentially sensitive data by reading files in these directories, a different vulnerability than CVE-2010-0180." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=561797", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=561797" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2875.json b/2010/2xxx/CVE-2010-2875.json index 6f30af184c9..59c5436986a 100644 --- a/2010/2xxx/CVE-2010-2875.json +++ b/2010/2xxx/CVE-2010-2875.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2875", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a length value associated with the tSAC chunk in a Director movie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-2875", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100824 Adobe Shockwave Player Memory Corruption Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=878" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-20.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-20.html" - }, - { - "name" : "oval:org.mitre.oval:def:11521", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11521" - }, - { - "name" : "1024361", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024361" - }, - { - "name" : "ADV-2010-2176", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2176" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a length value associated with the tSAC chunk in a Director movie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024361", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024361" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-20.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html" + }, + { + "name": "oval:org.mitre.oval:def:11521", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11521" + }, + { + "name": "ADV-2010-2176", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2176" + }, + { + "name": "20100824 Adobe Shockwave Player Memory Corruption Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=878" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3260.json b/2010/3xxx/CVE-2010-3260.json index 317cd07f558..ce03c941f67 100644 --- a/2010/3xxx/CVE-2010-3260.json +++ b/2010/3xxx/CVE-2010-3260.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3260", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "oxf/xml/xerces/XercesSAXParserFactoryImpl.java in the xforms-server component in the XForms service in Orbeon Forms before 3.9 does not properly restrict DTDs in Ajax requests, which allows remote attackers to read arbitrary files or send HTTP requests to intranet servers via an entity declaration in conjunction with an entity reference, related to an \"XML injection\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3260", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.stratsec.net/Research/Advisories/Orbeon-Forms-XML-Entity-Dereferencing-%28SS-2011-004", - "refsource" : "MISC", - "url" : "http://www.stratsec.net/Research/Advisories/Orbeon-Forms-XML-Entity-Dereferencing-%28SS-2011-004" - }, - { - "name" : "http://wiki.orbeon.com/forms/doc/developer-guide/release-notes/39", - "refsource" : "CONFIRM", - "url" : "http://wiki.orbeon.com/forms/doc/developer-guide/release-notes/39" - }, - { - "name" : "https://github.com/orbeon/orbeon-forms/commit/aba6681660f65af7f1676434da68c10298c30200", - "refsource" : "CONFIRM", - "url" : "https://github.com/orbeon/orbeon-forms/commit/aba6681660f65af7f1676434da68c10298c30200" - }, - { - "name" : "47362", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47362" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "oxf/xml/xerces/XercesSAXParserFactoryImpl.java in the xforms-server component in the XForms service in Orbeon Forms before 3.9 does not properly restrict DTDs in Ajax requests, which allows remote attackers to read arbitrary files or send HTTP requests to intranet servers via an entity declaration in conjunction with an entity reference, related to an \"XML injection\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://wiki.orbeon.com/forms/doc/developer-guide/release-notes/39", + "refsource": "CONFIRM", + "url": "http://wiki.orbeon.com/forms/doc/developer-guide/release-notes/39" + }, + { + "name": "47362", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47362" + }, + { + "name": "http://www.stratsec.net/Research/Advisories/Orbeon-Forms-XML-Entity-Dereferencing-%28SS-2011-004", + "refsource": "MISC", + "url": "http://www.stratsec.net/Research/Advisories/Orbeon-Forms-XML-Entity-Dereferencing-%28SS-2011-004" + }, + { + "name": "https://github.com/orbeon/orbeon-forms/commit/aba6681660f65af7f1676434da68c10298c30200", + "refsource": "CONFIRM", + "url": "https://github.com/orbeon/orbeon-forms/commit/aba6681660f65af7f1676434da68c10298c30200" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3291.json b/2010/3xxx/CVE-2010-3291.json index 07d06abf16e..380f03bbbc8 100644 --- a/2010/3xxx/CVE-2010-3291.json +++ b/2010/3xxx/CVE-2010-3291.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3291", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in HP AssetCenter 5.0x through AC_5.03, and AssetManager 5.1x through AM_5.12 and 5.2x through AM_5.22, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2010-3291", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA02596", - "refsource" : "HP", - "url" : "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02535850" - }, - { - "name" : "SSRT100271", - "refsource" : "HP", - "url" : "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02535850" - }, - { - "name" : "44261", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44261" - }, - { - "name" : "1024615", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024615" - }, - { - "name" : "41901", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41901" - }, - { - "name" : "ADV-2010-2737", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2737" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in HP AssetCenter 5.0x through AC_5.03, and AssetManager 5.1x through AM_5.12 and 5.2x through AM_5.22, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41901", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41901" + }, + { + "name": "1024615", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024615" + }, + { + "name": "HPSBMA02596", + "refsource": "HP", + "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02535850" + }, + { + "name": "44261", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44261" + }, + { + "name": "SSRT100271", + "refsource": "HP", + "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02535850" + }, + { + "name": "ADV-2010-2737", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2737" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3350.json b/2010/3xxx/CVE-2010-3350.json index 462d9dc90be..5b8a87d3730 100644 --- a/2010/3xxx/CVE-2010-3350.json +++ b/2010/3xxx/CVE-2010-3350.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3350", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "bareFTP 0.3.4 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598284", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598284" - }, - { - "name" : "http://gitorious.org/bareftp/bareftp/blobs/15489abdb4c698cf832e95184bfe769a1ba70238/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://gitorious.org/bareftp/bareftp/blobs/15489abdb4c698cf832e95184bfe769a1ba70238/ChangeLog" - }, - { - "name" : "FEDORA-2010-18310", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051921.html" - }, - { - "name" : "FEDORA-2010-18323", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051936.html" - }, - { - "name" : "44334", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44334" - }, - { - "name" : "42521", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42521" - }, - { - "name" : "ADV-2010-3141", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3141" - }, - { - "name" : "bareftp-ldlibpath-priv-escalation(64433)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64433" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "bareFTP 0.3.4 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-3141", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3141" + }, + { + "name": "FEDORA-2010-18323", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051936.html" + }, + { + "name": "bareftp-ldlibpath-priv-escalation(64433)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64433" + }, + { + "name": "42521", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42521" + }, + { + "name": "FEDORA-2010-18310", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051921.html" + }, + { + "name": "http://gitorious.org/bareftp/bareftp/blobs/15489abdb4c698cf832e95184bfe769a1ba70238/ChangeLog", + "refsource": "CONFIRM", + "url": "http://gitorious.org/bareftp/bareftp/blobs/15489abdb4c698cf832e95184bfe769a1ba70238/ChangeLog" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598284", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598284" + }, + { + "name": "44334", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44334" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3996.json b/2010/3xxx/CVE-2010-3996.json index 3647a8cfe05..8e4ce0b050c 100644 --- a/2010/3xxx/CVE-2010-3996.json +++ b/2010/3xxx/CVE-2010-3996.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3996", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "festival_server in Centre for Speech Technology Research (CSTR) Festival, probably 2.0.95-beta and earlier, places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3996", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[opensuse-updates] 20101022 openSUSE-SU-2010:0756-1 (moderate): festival security update", - "refsource" : "MLIST", - "url" : "http://lists.opensuse.org/opensuse-updates/2010-10/msg00028.html" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=642507", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=642507" - }, - { - "name" : "SUSE-SR:2010:020", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html" - }, - { - "name" : "SUSE-SR:2010:019", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" - }, - { - "name" : "44395", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44395" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "festival_server in Centre for Speech Technology Research (CSTR) Festival, probably 2.0.95-beta and earlier, places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44395", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44395" + }, + { + "name": "SUSE-SR:2010:020", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html" + }, + { + "name": "[opensuse-updates] 20101022 openSUSE-SU-2010:0756-1 (moderate): festival security update", + "refsource": "MLIST", + "url": "http://lists.opensuse.org/opensuse-updates/2010-10/msg00028.html" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=642507", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=642507" + }, + { + "name": "SUSE-SR:2010:019", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4171.json b/2010/4xxx/CVE-2010-4171.json index 7e291a5f70e..1d217d2eed8 100644 --- a/2010/4xxx/CVE-2010-4171.json +++ b/2010/4xxx/CVE-2010-4171.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4171", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The staprun runtime tool in SystemTap 1.3 does not verify that a module to unload was previously loaded by SystemTap, which allows local users to cause a denial of service (unloading of arbitrary kernel modules)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-4171", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[systemtap] 20101117 important systemtap security fix", - "refsource" : "MLIST", - "url" : "http://sources.redhat.com/ml/systemtap/2010-q4/msg00230.html" - }, - { - "name" : "http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git;a=commit;h=b7565b41228bea196cefa3a7d43ab67f8f9152e2", - "refsource" : "CONFIRM", - "url" : "http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git;a=commit;h=b7565b41228bea196cefa3a7d43ab67f8f9152e2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=653606", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=653606" - }, - { - "name" : "DSA-2348", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2348" - }, - { - "name" : "FEDORA-2010-17865", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051115.html" - }, - { - "name" : "FEDORA-2010-17868", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051122.html" - }, - { - "name" : "FEDORA-2010-17873", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051127.html" - }, - { - "name" : "RHSA-2010:0894", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0894.html" - }, - { - "name" : "44917", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44917" - }, - { - "name" : "1024754", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024754" - }, - { - "name" : "42256", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42256" - }, - { - "name" : "42263", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42263" - }, - { - "name" : "42318", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42318" - }, - { - "name" : "46920", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46920" - }, - { - "name" : "systemtap-staprunmod-dos(63345)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/63345" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The staprun runtime tool in SystemTap 1.3 does not verify that a module to unload was previously loaded by SystemTap, which allows local users to cause a denial of service (unloading of arbitrary kernel modules)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[systemtap] 20101117 important systemtap security fix", + "refsource": "MLIST", + "url": "http://sources.redhat.com/ml/systemtap/2010-q4/msg00230.html" + }, + { + "name": "FEDORA-2010-17873", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051127.html" + }, + { + "name": "42263", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42263" + }, + { + "name": "FEDORA-2010-17865", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051115.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=653606", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=653606" + }, + { + "name": "systemtap-staprunmod-dos(63345)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63345" + }, + { + "name": "http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git;a=commit;h=b7565b41228bea196cefa3a7d43ab67f8f9152e2", + "refsource": "CONFIRM", + "url": "http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git;a=commit;h=b7565b41228bea196cefa3a7d43ab67f8f9152e2" + }, + { + "name": "RHSA-2010:0894", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0894.html" + }, + { + "name": "DSA-2348", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2348" + }, + { + "name": "1024754", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024754" + }, + { + "name": "46920", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46920" + }, + { + "name": "42256", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42256" + }, + { + "name": "42318", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42318" + }, + { + "name": "44917", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44917" + }, + { + "name": "FEDORA-2010-17868", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051122.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4313.json b/2010/4xxx/CVE-2010-4313.json index 41a512e02a9..bbff6f36adf 100644 --- a/2010/4xxx/CVE-2010-4313.json +++ b/2010/4xxx/CVE-2010-4313.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4313", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in fileman_file_upload.php in Orbis CMS 1.0.2 allows remote authenticated users to execute arbitrary code by uploading a .php file, and then accessing it via a direct request to the file in uploads/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4313", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101130 'Orbis CMS' Arbitrary Script Execution Vulnerability (CVE-2010-4313)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514942/100/0/threaded" - }, - { - "name" : "15636", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15636" - }, - { - "name" : "http://www.uncompiled.com/2010/11/orbis-cms-arbitrary-script-execution-vulnerability-cve-2010-4313/", - "refsource" : "MISC", - "url" : "http://www.uncompiled.com/2010/11/orbis-cms-arbitrary-script-execution-vulnerability-cve-2010-4313/" - }, - { - "name" : "45103", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45103" - }, - { - "name" : "69599", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/69599" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in fileman_file_upload.php in Orbis CMS 1.0.2 allows remote authenticated users to execute arbitrary code by uploading a .php file, and then accessing it via a direct request to the file in uploads/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15636", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15636" + }, + { + "name": "20101130 'Orbis CMS' Arbitrary Script Execution Vulnerability (CVE-2010-4313)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514942/100/0/threaded" + }, + { + "name": "69599", + "refsource": "OSVDB", + "url": "http://osvdb.org/69599" + }, + { + "name": "45103", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45103" + }, + { + "name": "http://www.uncompiled.com/2010/11/orbis-cms-arbitrary-script-execution-vulnerability-cve-2010-4313/", + "refsource": "MISC", + "url": "http://www.uncompiled.com/2010/11/orbis-cms-arbitrary-script-execution-vulnerability-cve-2010-4313/" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4421.json b/2010/4xxx/CVE-2010-4421.json index 3e843ee22d2..9c1d165d5cc 100644 --- a/2010/4xxx/CVE-2010-4421.json +++ b/2010/4xxx/CVE-2010-4421.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4421", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-4421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" - }, - { - "name" : "45905", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45905" - }, - { - "name" : "1024972", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024972" - }, - { - "name" : "42895", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42895" - }, - { - "name" : "ADV-2011-0139", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0139" - }, - { - "name" : "oracle-db-databasevault-unspecified(64757)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64757" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0139", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0139" + }, + { + "name": "45905", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45905" + }, + { + "name": "1024972", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024972" + }, + { + "name": "oracle-db-databasevault-unspecified(64757)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64757" + }, + { + "name": "42895", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42895" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4518.json b/2010/4xxx/CVE-2010-4518.json index 0f4b762872a..e138a13f88c 100644 --- a/2010/4xxx/CVE-2010-4518.json +++ b/2010/4xxx/CVE-2010-4518.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4518", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in wp-safe-search/wp-safe-search-jx.php in the Safe Search plugin 0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the v1 parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4518", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.johnleitch.net/Vulnerabilities/WordPress.Safe.Search.0.7.Reflected.Cross-site.Scripting/66", - "refsource" : "MISC", - "url" : "http://www.johnleitch.net/Vulnerabilities/WordPress.Safe.Search.0.7.Reflected.Cross-site.Scripting/66" - }, - { - "name" : "45267", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45267" - }, - { - "name" : "69762", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/69762" - }, - { - "name" : "42544", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42544" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in wp-safe-search/wp-safe-search-jx.php in the Safe Search plugin 0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the v1 parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.johnleitch.net/Vulnerabilities/WordPress.Safe.Search.0.7.Reflected.Cross-site.Scripting/66", + "refsource": "MISC", + "url": "http://www.johnleitch.net/Vulnerabilities/WordPress.Safe.Search.0.7.Reflected.Cross-site.Scripting/66" + }, + { + "name": "69762", + "refsource": "OSVDB", + "url": "http://osvdb.org/69762" + }, + { + "name": "45267", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45267" + }, + { + "name": "42544", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42544" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4706.json b/2010/4xxx/CVE-2010-4706.json index 884cc3deffe..bd55712449c 100644 --- a/2010/4xxx/CVE-2010-4706.json +++ b/2010/4xxx/CVE-2010-4706.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4706", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The pam_sm_close_session function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not properly handle a failure to determine a certain target uid, which might allow local users to delete unintended files by executing a program that relies on the pam_xauth PAM check." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4706", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20101004 Re: Minor security flaw with pam_xauth", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/10/03/1" - }, - { - "name" : "http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=Linux-PAM-1_1_2-3-g05dafc06cd3dfeb7c4b24942e4e1ae33ff75a123", - "refsource" : "CONFIRM", - "url" : "http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=Linux-PAM-1_1_2-3-g05dafc06cd3dfeb7c4b24942e4e1ae33ff75a123" - }, - { - "name" : "GLSA-201206-31", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201206-31.xml" - }, - { - "name" : "46045", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46045" - }, - { - "name" : "49711", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49711" - }, - { - "name" : "linuxpam-pamsmclosesession-weak-security(65035)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65035" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The pam_sm_close_session function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not properly handle a failure to determine a certain target uid, which might allow local users to delete unintended files by executing a program that relies on the pam_xauth PAM check." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=Linux-PAM-1_1_2-3-g05dafc06cd3dfeb7c4b24942e4e1ae33ff75a123", + "refsource": "CONFIRM", + "url": "http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=Linux-PAM-1_1_2-3-g05dafc06cd3dfeb7c4b24942e4e1ae33ff75a123" + }, + { + "name": "GLSA-201206-31", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201206-31.xml" + }, + { + "name": "[oss-security] 20101004 Re: Minor security flaw with pam_xauth", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/10/03/1" + }, + { + "name": "46045", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46045" + }, + { + "name": "49711", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49711" + }, + { + "name": "linuxpam-pamsmclosesession-weak-security(65035)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65035" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1212.json b/2011/1xxx/CVE-2011-1212.json index 7a20b1fb77a..01192cec070 100644 --- a/2011/1xxx/CVE-2011-1212.json +++ b/2011/1xxx/CVE-2011-1212.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1212", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1212", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1609.json b/2011/1xxx/CVE-2011-1609.json index e636f62075c..81afc1e92e9 100644 --- a/2011/1xxx/CVE-2011-1609.json +++ b/2011/1xxx/CVE-2011-1609.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1609", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtg85647." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-1609", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110502 Re: ZDI-11-143: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html" - }, - { - "name" : "20110427 Multiple Vulnerabilities in Cisco Unified Communications Manager", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml" - }, - { - "name" : "47605", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47605" - }, - { - "name" : "1025449", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025449" - }, - { - "name" : "44331", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44331" - }, - { - "name" : "ADV-2011-1122", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/1122" - }, - { - "name" : "cisco-ucm-sql-injection(67125)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67125" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtg85647." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44331", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44331" + }, + { + "name": "20110502 Re: ZDI-11-143: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html" + }, + { + "name": "1025449", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025449" + }, + { + "name": "ADV-2011-1122", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/1122" + }, + { + "name": "cisco-ucm-sql-injection(67125)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67125" + }, + { + "name": "20110427 Multiple Vulnerabilities in Cisco Unified Communications Manager", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml" + }, + { + "name": "47605", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47605" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1663.json b/2011/1xxx/CVE-2011-1663.json index e7ecbf75532..5e05b1617a3 100644 --- a/2011/1xxx/CVE-2011-1663.json +++ b/2011/1xxx/CVE-2011-1663.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1663", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1663", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/1111174", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1111174" - }, - { - "name" : "47098", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47098" - }, - { - "name" : "43950", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43950" - }, - { - "name" : "translation-unspecified-sql-injection(66476)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66476" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "translation-unspecified-sql-injection(66476)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66476" + }, + { + "name": "http://drupal.org/node/1111174", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1111174" + }, + { + "name": "43950", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43950" + }, + { + "name": "47098", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47098" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5095.json b/2011/5xxx/CVE-2011-5095.json index 5a3bf46551a..03f8d0c01c9 100644 --- a/2011/5xxx/CVE-2011-5095.json +++ b/2011/5xxx/CVE-2011-5095.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5095", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-1923." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5095", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdf", - "refsource" : "MISC", - "url" : "http://www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdf" - }, - { - "name" : "http://www.nessus.org/plugins/index.php?view=single&id=53360", - "refsource" : "MISC", - "url" : "http://www.nessus.org/plugins/index.php?view=single&id=53360" - }, - { - "name" : "https://discussions.nessus.org/thread/3381", - "refsource" : "MISC", - "url" : "https://discussions.nessus.org/thread/3381" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-1923." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdf", + "refsource": "MISC", + "url": "http://www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdf" + }, + { + "name": "http://www.nessus.org/plugins/index.php?view=single&id=53360", + "refsource": "MISC", + "url": "http://www.nessus.org/plugins/index.php?view=single&id=53360" + }, + { + "name": "https://discussions.nessus.org/thread/3381", + "refsource": "MISC", + "url": "https://discussions.nessus.org/thread/3381" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5157.json b/2011/5xxx/CVE-2011-5157.json index 68b04ada5c6..a169c973c39 100644 --- a/2011/5xxx/CVE-2011-5157.json +++ b/2011/5xxx/CVE-2011-5157.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5157", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Attachmate Reflection before 14.1 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, a related issue to CVE-2011-0107. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5157", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.attachmate.com/techdocs/1708.html", - "refsource" : "CONFIRM", - "url" : "http://support.attachmate.com/techdocs/1708.html" - }, - { - "name" : "50496", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50496" - }, - { - "name" : "46692", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46692" - }, - { - "name" : "attachmate-reflection-priv-esc(78318)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Attachmate Reflection before 14.1 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, a related issue to CVE-2011-0107. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.attachmate.com/techdocs/1708.html", + "refsource": "CONFIRM", + "url": "http://support.attachmate.com/techdocs/1708.html" + }, + { + "name": "attachmate-reflection-priv-esc(78318)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78318" + }, + { + "name": "50496", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50496" + }, + { + "name": "46692", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46692" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5306.json b/2011/5xxx/CVE-2011-5306.json index 2d863555504..a3c0ec36c44 100644 --- a/2011/5xxx/CVE-2011-5306.json +++ b/2011/5xxx/CVE-2011-5306.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5306", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/setup_edit.cgi in CosmoShop ePRO 10.05.00 allows remote attackers to hijack the authentication of administrators for requests that modify settings via a setup action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5306", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.htbridge.com/advisory/HTB22878", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB22878" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/setup_edit.cgi in CosmoShop ePRO 10.05.00 allows remote attackers to hijack the authentication of administrators for requests that modify settings via a setup action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.htbridge.com/advisory/HTB22878", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB22878" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3032.json b/2014/3xxx/CVE-2014-3032.json index 17a5c4fe358..6193e6b8a3b 100644 --- a/2014/3xxx/CVE-2014-3032.json +++ b/2014/3xxx/CVE-2014-3032.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3032", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Web GUI in IBM Tivoli Netcool/OMNIbus 7.3.0 before 7.3.0.6, 7.3.1 before 7.3.1.7, and 7.4.0 before 7.4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-3032", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21694026", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21694026" - }, - { - "name" : "ibm-netcool-cve20143032-xss(93188)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93188" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Web GUI in IBM Tivoli Netcool/OMNIbus 7.3.0 before 7.3.0.6, 7.3.1 before 7.3.1.7, and 7.4.0 before 7.4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21694026", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694026" + }, + { + "name": "ibm-netcool-cve20143032-xss(93188)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93188" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3123.json b/2014/3xxx/CVE-2014-3123.json index 309c1859d88..923cf32ab21 100644 --- a/2014/3xxx/CVE-2014-3123.json +++ b/2014/3xxx/CVE-2014-3123.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3123", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in admin/manage-images.php in the NextCellent Gallery plugin before 1.19.18 for WordPress allows remote authenticated users with the NextGEN Upload images, NextGEN Manage gallery, or NextGEN Manage others gallery permission to inject arbitrary web script or HTML via the \"Alt & Title Text\" field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3123", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vapid.dhs.org/advisories/wordpress/plugins/nextCellent-gallery-1.9.13", - "refsource" : "MISC", - "url" : "http://www.vapid.dhs.org/advisories/wordpress/plugins/nextCellent-gallery-1.9.13" - }, - { - "name" : "https://wordpress.org/plugins/nextcellent-gallery-nextgen-legacy/changelog", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/nextcellent-gallery-nextgen-legacy/changelog" - }, - { - "name" : "67085", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67085" - }, - { - "name" : "58031", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58031" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in admin/manage-images.php in the NextCellent Gallery plugin before 1.19.18 for WordPress allows remote authenticated users with the NextGEN Upload images, NextGEN Manage gallery, or NextGEN Manage others gallery permission to inject arbitrary web script or HTML via the \"Alt & Title Text\" field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "58031", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58031" + }, + { + "name": "https://wordpress.org/plugins/nextcellent-gallery-nextgen-legacy/changelog", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/nextcellent-gallery-nextgen-legacy/changelog" + }, + { + "name": "67085", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67085" + }, + { + "name": "http://www.vapid.dhs.org/advisories/wordpress/plugins/nextCellent-gallery-1.9.13", + "refsource": "MISC", + "url": "http://www.vapid.dhs.org/advisories/wordpress/plugins/nextCellent-gallery-1.9.13" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3220.json b/2014/3xxx/CVE-2014-3220.json index b08ebd22811..6129b2c5d3a 100644 --- a/2014/3xxx/CVE-2014-3220.json +++ b/2014/3xxx/CVE-2014-3220.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3220", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote authenticated users to change the password of arbitrary users via the name parameter in a request to the user's page in mgmt/shared/authz/users/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3220", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "33143", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/33143" - }, - { - "name" : "20140501 F5 BIG-IQ authed arbitrary user password change", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/May/10" - }, - { - "name" : "20140502 Re: F5 BIG-IQ authed arbitrary user password change", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/May/11" - }, - { - "name" : "20140504 Re: F5 BIG-IQ authed arbitrary user password change", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/May/16" - }, - { - "name" : "http://volatile-minds.blogspot.com/2014/05/f5-big-iq-v41020130-authenticated.html", - "refsource" : "MISC", - "url" : "http://volatile-minds.blogspot.com/2014/05/f5-big-iq-v41020130-authenticated.html" - }, - { - "name" : "https://gist.github.com/brandonprry/2e73acd63094fa2a4f63", - "refsource" : "MISC", - "url" : "https://gist.github.com/brandonprry/2e73acd63094fa2a4f63" - }, - { - "name" : "http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15229.html", - "refsource" : "CONFIRM", - "url" : "http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15229.html" - }, - { - "name" : "67191", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67191" - }, - { - "name" : "67227", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67227" - }, - { - "name" : "58440", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58440" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote authenticated users to change the password of arbitrary users via the name parameter in a request to the user's page in mgmt/shared/authz/users/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://volatile-minds.blogspot.com/2014/05/f5-big-iq-v41020130-authenticated.html", + "refsource": "MISC", + "url": "http://volatile-minds.blogspot.com/2014/05/f5-big-iq-v41020130-authenticated.html" + }, + { + "name": "33143", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/33143" + }, + { + "name": "https://gist.github.com/brandonprry/2e73acd63094fa2a4f63", + "refsource": "MISC", + "url": "https://gist.github.com/brandonprry/2e73acd63094fa2a4f63" + }, + { + "name": "67191", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67191" + }, + { + "name": "http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15229.html", + "refsource": "CONFIRM", + "url": "http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15229.html" + }, + { + "name": "67227", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67227" + }, + { + "name": "58440", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58440" + }, + { + "name": "20140501 F5 BIG-IQ authed arbitrary user password change", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/May/10" + }, + { + "name": "20140504 Re: F5 BIG-IQ authed arbitrary user password change", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/May/16" + }, + { + "name": "20140502 Re: F5 BIG-IQ authed arbitrary user password change", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/May/11" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3382.json b/2014/3xxx/CVE-2014-3382.json index 61cb92ae05b..e0544285802 100644 --- a/2014/3xxx/CVE-2014-3382.json +++ b/2014/3xxx/CVE-2014-3382.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3382", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SQL*Net inspection engine in Cisco ASA Software 7.2 before 7.2(5.13), 8.2 before 8.2(5.50), 8.3 before 8.3(2.42), 8.4 before 8.4(7.15), 8.5 before 8.5(1.21), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.5), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via crafted SQL REDIRECT packets, aka Bug ID CSCum46027." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3382", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141008 Multiple Vulnerabilities in Cisco ASA Software", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SQL*Net inspection engine in Cisco ASA Software 7.2 before 7.2(5.13), 8.2 before 8.2(5.50), 8.3 before 8.3(2.42), 8.4 before 8.4(7.15), 8.5 before 8.5(1.21), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.5), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via crafted SQL REDIRECT packets, aka Bug ID CSCum46027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141008 Multiple Vulnerabilities in Cisco ASA Software", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3513.json b/2014/3xxx/CVE-2014-3513.json index bb280a221d7..0274ed56c74 100644 --- a/2014/3xxx/CVE-2014-3513.json +++ b/2014/3xxx/CVE-2014-3513.json @@ -1,282 +1,282 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3513", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3513", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2b0532f3984324ebe1236a63d15893792384328d", - "refsource" : "CONFIRM", - "url" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2b0532f3984324ebe1236a63d15893792384328d" - }, - { - "name" : "https://www.openssl.org/news/secadv_20141015.txt", - "refsource" : "CONFIRM", - "url" : "https://www.openssl.org/news/secadv_20141015.txt" - }, - { - "name" : "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6", - "refsource" : "CONFIRM", - "url" : "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0416.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0416.html" - }, - { - "name" : "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc", - "refsource" : "CONFIRM", - "url" : "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686997", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686997" - }, - { - "name" : "https://support.f5.com/kb/en-us/solutions/public/15000/700/sol15722.html", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/kb/en-us/solutions/public/15000/700/sol15722.html" - }, - { - "name" : "https://support.apple.com/HT205217", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205217" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10091", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10091" - }, - { - "name" : "APPLE-SA-2015-09-16-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html" - }, - { - "name" : "DSA-3053", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3053" - }, - { - "name" : "GLSA-201412-39", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201412-39.xml" - }, - { - "name" : "HPSBMU03260", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142495837901899&w=2" - }, - { - "name" : "SSRT101894", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142495837901899&w=2" - }, - { - "name" : "HPSBGN03233", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142118135300698&w=2" - }, - { - "name" : "SSRT101739", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142118135300698&w=2" - }, - { - "name" : "SSRT101868", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142118135300698&w=2" - }, - { - "name" : "HPSBMU03267", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142624590206005&w=2" - }, - { - "name" : "HPSBMU03304", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142791032306609&w=2" - }, - { - "name" : "HPSBMU03296", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142834685803386&w=2" - }, - { - "name" : "HPSBHF03300", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142804214608580&w=2" - }, - { - "name" : "HPSBMU03223", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=143290583027876&w=2" - }, - { - "name" : "HPSBMU03261", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=143290522027658&w=2" - }, - { - "name" : "HPSBMU03263", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=143290437727362&w=2" - }, - { - "name" : "MDVSA-2015:062", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062" - }, - { - "name" : "NetBSD-SA2014-015", - "refsource" : "NETBSD", - "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc" - }, - { - "name" : "RHSA-2014:1652", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1652.html" - }, - { - "name" : "RHSA-2014:1692", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1692.html" - }, - { - "name" : "openSUSE-SU-2014:1331", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html" - }, - { - "name" : "SUSE-SU-2014:1357", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html" - }, - { - "name" : "USN-2385-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2385-1" - }, - { - "name" : "70584", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70584" - }, - { - "name" : "1031052", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031052" - }, - { - "name" : "61207", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61207" - }, - { - "name" : "59627", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59627" - }, - { - "name" : "61058", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61058" - }, - { - "name" : "61073", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61073" - }, - { - "name" : "61298", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61298" - }, - { - "name" : "61439", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61439" - }, - { - "name" : "61837", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61837" - }, - { - "name" : "61959", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61959" - }, - { - "name" : "61990", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61990" - }, - { - "name" : "62070", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62070" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc", + "refsource": "CONFIRM", + "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc" + }, + { + "name": "HPSBHF03300", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142804214608580&w=2" + }, + { + "name": "openSUSE-SU-2014:1331", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html" + }, + { + "name": "https://www.openssl.org/news/secadv_20141015.txt", + "refsource": "CONFIRM", + "url": "https://www.openssl.org/news/secadv_20141015.txt" + }, + { + "name": "1031052", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031052" + }, + { + "name": "62070", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62070" + }, + { + "name": "61073", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61073" + }, + { + "name": "USN-2385-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2385-1" + }, + { + "name": "HPSBMU03304", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142791032306609&w=2" + }, + { + "name": "GLSA-201412-39", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml" + }, + { + "name": "DSA-3053", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3053" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888" + }, + { + "name": "HPSBMU03223", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=143290583027876&w=2" + }, + { + "name": "SSRT101868", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142118135300698&w=2" + }, + { + "name": "HPSBMU03260", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142495837901899&w=2" + }, + { + "name": "https://support.apple.com/HT205217", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205217" + }, + { + "name": "70584", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70584" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380" + }, + { + "name": "APPLE-SA-2015-09-16-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html" + }, + { + "name": "SUSE-SU-2014:1357", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10091", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10091" + }, + { + "name": "NetBSD-SA2014-015", + "refsource": "NETBSD", + "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc" + }, + { + "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2b0532f3984324ebe1236a63d15893792384328d", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2b0532f3984324ebe1236a63d15893792384328d" + }, + { + "name": "https://support.f5.com/kb/en-us/solutions/public/15000/700/sol15722.html", + "refsource": "CONFIRM", + "url": "https://support.f5.com/kb/en-us/solutions/public/15000/700/sol15722.html" + }, + { + "name": "61837", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61837" + }, + { + "name": "61207", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61207" + }, + { + "name": "RHSA-2014:1652", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1652.html" + }, + { + "name": "59627", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59627" + }, + { + "name": "SSRT101894", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142495837901899&w=2" + }, + { + "name": "61298", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61298" + }, + { + "name": "HPSBMU03263", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=143290437727362&w=2" + }, + { + "name": "HPSBMU03296", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142834685803386&w=2" + }, + { + "name": "61990", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61990" + }, + { + "name": "61959", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61959" + }, + { + "name": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6", + "refsource": "CONFIRM", + "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0416.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0416.html" + }, + { + "name": "HPSBMU03267", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142624590206005&w=2" + }, + { + "name": "HPSBMU03261", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=143290522027658&w=2" + }, + { + "name": "61058", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61058" + }, + { + "name": "MDVSA-2015:062", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062" + }, + { + "name": "HPSBGN03233", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142118135300698&w=2" + }, + { + "name": "SSRT101739", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142118135300698&w=2" + }, + { + "name": "61439", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61439" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997" + }, + { + "name": "RHSA-2014:1692", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1692.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3664.json b/2014/3xxx/CVE-2014-3664.json index 8fdfbf3f735..78d983d2814 100644 --- a/2014/3xxx/CVE-2014-3664.json +++ b/2014/3xxx/CVE-2014-3664.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3664", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3664", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1147765", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1147765" - }, - { - "name" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", - "refsource" : "CONFIRM", - "url" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01" - }, - { - "name" : "RHSA-2016:0070", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:0070" - }, - { - "name" : "jenkins-cve20143664-dir-traversal(96973)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96973" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1147765", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1147765" + }, + { + "name": "jenkins-cve20143664-dir-traversal(96973)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96973" + }, + { + "name": "RHSA-2016:0070", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:0070" + }, + { + "name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", + "refsource": "CONFIRM", + "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7822.json b/2014/7xxx/CVE-2014-7822.json index 8aec4a1d327..49fecef7c83 100644 --- a/2014/7xxx/CVE-2014-7822.json +++ b/2014/7xxx/CVE-2014-7822.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7822", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-7822", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "36743", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/36743/" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8d0207652cbe27d1f962050737848e5ad4671958", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8d0207652cbe27d1f962050737848e5ad4671958" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1163792", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1163792" - }, - { - "name" : "https://github.com/torvalds/linux/commit/8d0207652cbe27d1f962050737848e5ad4671958", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/8d0207652cbe27d1f962050737848e5ad4671958" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" - }, - { - "name" : "DSA-3170", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3170" - }, - { - "name" : "RHSA-2015:0102", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0102.html" - }, - { - "name" : "RHSA-2015:0164", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0164.html" - }, - { - "name" : "RHSA-2015:0674", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0674.html" - }, - { - "name" : "RHSA-2015:0694", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0694.html" - }, - { - "name" : "SUSE-SU-2015:0529", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html" - }, - { - "name" : "SUSE-SU-2015:0736", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html" - }, - { - "name" : "SUSE-SU-2015:1488", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html" - }, - { - "name" : "SUSE-SU-2015:1489", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html" - }, - { - "name" : "openSUSE-SU-2015:0714", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html" - }, - { - "name" : "USN-2541-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2541-1" - }, - { - "name" : "USN-2542-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2542-1" - }, - { - "name" : "USN-2543-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2543-1" - }, - { - "name" : "USN-2544-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2544-1" - }, - { - "name" : "72347", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72347" - }, - { - "name" : "117810", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/117810" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1163792", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1163792" + }, + { + "name": "USN-2544-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2544-1" + }, + { + "name": "DSA-3170", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3170" + }, + { + "name": "36743", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/36743/" + }, + { + "name": "USN-2542-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2542-1" + }, + { + "name": "SUSE-SU-2015:1489", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html" + }, + { + "name": "SUSE-SU-2015:0736", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html" + }, + { + "name": "RHSA-2015:0164", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0164.html" + }, + { + "name": "SUSE-SU-2015:1488", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html" + }, + { + "name": "72347", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72347" + }, + { + "name": "USN-2541-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2541-1" + }, + { + "name": "https://github.com/torvalds/linux/commit/8d0207652cbe27d1f962050737848e5ad4671958", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/8d0207652cbe27d1f962050737848e5ad4671958" + }, + { + "name": "RHSA-2015:0694", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0694.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" + }, + { + "name": "117810", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/117810" + }, + { + "name": "SUSE-SU-2015:0529", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html" + }, + { + "name": "openSUSE-SU-2015:0714", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8d0207652cbe27d1f962050737848e5ad4671958", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8d0207652cbe27d1f962050737848e5ad4671958" + }, + { + "name": "USN-2543-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2543-1" + }, + { + "name": "RHSA-2015:0102", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0102.html" + }, + { + "name": "RHSA-2015:0674", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0674.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7985.json b/2014/7xxx/CVE-2014-7985.json index bebcd4093dc..4bfa4e6ca25 100644 --- a/2014/7xxx/CVE-2014-7985.json +++ b/2014/7xxx/CVE-2014-7985.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7985", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in EspoCRM before 2.6.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter to install/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7985", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141029 Multiple vulnerabilities in EspoCRM", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/533844/100/0/threaded" - }, - { - "name" : "http://blog.espocrm.com/news/espocrm-2-6-0-released", - "refsource" : "MISC", - "url" : "http://blog.espocrm.com/news/espocrm-2-6-0-released" - }, - { - "name" : "http://packetstormsecurity.com/files/128888/EspoCRM-2.5.2-XSS-LFI-Access-Control.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128888/EspoCRM-2.5.2-XSS-LFI-Access-Control.html" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23238", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23238" - }, - { - "name" : "70809", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in EspoCRM before 2.6.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter to install/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141029 Multiple vulnerabilities in EspoCRM", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/533844/100/0/threaded" + }, + { + "name": "http://blog.espocrm.com/news/espocrm-2-6-0-released", + "refsource": "MISC", + "url": "http://blog.espocrm.com/news/espocrm-2-6-0-released" + }, + { + "name": "http://packetstormsecurity.com/files/128888/EspoCRM-2.5.2-XSS-LFI-Access-Control.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128888/EspoCRM-2.5.2-XSS-LFI-Access-Control.html" + }, + { + "name": "70809", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70809" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23238", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23238" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8157.json b/2014/8xxx/CVE-2014-8157.json index cc3866d7bb8..2ce407bbcd1 100644 --- a/2014/8xxx/CVE-2014-8157.json +++ b/2014/8xxx/CVE-2014-8157.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8157", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-8157", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ocert.org/advisories/ocert-2015-001.html", - "refsource" : "MISC", - "url" : "http://www.ocert.org/advisories/ocert-2015-001.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1179282", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1179282" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2015-0038.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2015-0038.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "DSA-3138", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3138" - }, - { - "name" : "MDVSA-2015:034", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:034" - }, - { - "name" : "MDVSA-2015:159", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:159" - }, - { - "name" : "RHSA-2015:0074", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0074.html" - }, - { - "name" : "RHSA-2015:0698", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0698.html" - }, - { - "name" : "SSA:2015-302-02", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606" - }, - { - "name" : "openSUSE-SU-2015:0200", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-02/msg00014.html" - }, - { - "name" : "USN-2483-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2483-1" - }, - { - "name" : "USN-2483-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2483-2" - }, - { - "name" : "72296", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72296" - }, - { - "name" : "62583", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62583" - }, - { - "name" : "62615", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62615" - }, - { - "name" : "62619", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62619" - }, - { - "name" : "62765", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62765" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62583", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62583" + }, + { + "name": "http://www.ocert.org/advisories/ocert-2015-001.html", + "refsource": "MISC", + "url": "http://www.ocert.org/advisories/ocert-2015-001.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1179282", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1179282" + }, + { + "name": "62619", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62619" + }, + { + "name": "72296", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72296" + }, + { + "name": "62765", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62765" + }, + { + "name": "USN-2483-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2483-2" + }, + { + "name": "USN-2483-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2483-1" + }, + { + "name": "http://advisories.mageia.org/MGASA-2015-0038.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2015-0038.html" + }, + { + "name": "62615", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62615" + }, + { + "name": "RHSA-2015:0698", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0698.html" + }, + { + "name": "openSUSE-SU-2015:0200", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00014.html" + }, + { + "name": "MDVSA-2015:034", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:034" + }, + { + "name": "DSA-3138", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3138" + }, + { + "name": "RHSA-2015:0074", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0074.html" + }, + { + "name": "SSA:2015-302-02", + "refsource": "SLACKWARE", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606" + }, + { + "name": "MDVSA-2015:159", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:159" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8661.json b/2014/8xxx/CVE-2014-8661.json index 876279fd3e0..3a0d29d9231 100644 --- a/2014/8xxx/CVE-2014-8661.json +++ b/2014/8xxx/CVE-2014-8661.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8661", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SAP CRM Internet Sales module allows remote attackers to execute arbitrary commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8661", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/", - "refsource" : "MISC", - "url" : "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/" - }, - { - "name" : "http://service.sap.com/sap/support/notes/0002043404", - "refsource" : "MISC", - "url" : "http://service.sap.com/sap/support/notes/0002043404" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SAP CRM Internet Sales module allows remote attackers to execute arbitrary commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://service.sap.com/sap/support/notes/0002043404", + "refsource": "MISC", + "url": "http://service.sap.com/sap/support/notes/0002043404" + }, + { + "name": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/", + "refsource": "MISC", + "url": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8794.json b/2014/8xxx/CVE-2014-8794.json index 33c2e207931..0c1daa71c55 100644 --- a/2014/8xxx/CVE-2014-8794.json +++ b/2014/8xxx/CVE-2014-8794.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8794", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8794", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8812.json b/2014/8xxx/CVE-2014-8812.json index 5da43bc28e1..a8c51a438e2 100644 --- a/2014/8xxx/CVE-2014-8812.json +++ b/2014/8xxx/CVE-2014-8812.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8812", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8812", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9240.json b/2014/9xxx/CVE-2014-9240.json index e8cc72b4a82..5e2f8e3f6a2 100644 --- a/2014/9xxx/CVE-2014-9240.json +++ b/2014/9xxx/CVE-2014-9240.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9240", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in member.php in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the question_id parameter in a do_register action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9240", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/129109/MyBB-1.8.1-Cross-Site-Scripting-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129109/MyBB-1.8.1-Cross-Site-Scripting-SQL-Injection.html" - }, - { - "name" : "http://blog.mybb.com/2014/11/13/mybb-1-8-2-released-security-release/", - "refsource" : "CONFIRM", - "url" : "http://blog.mybb.com/2014/11/13/mybb-1-8-2-released-security-release/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in member.php in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the question_id parameter in a do_register action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.mybb.com/2014/11/13/mybb-1-8-2-released-security-release/", + "refsource": "CONFIRM", + "url": "http://blog.mybb.com/2014/11/13/mybb-1-8-2-released-security-release/" + }, + { + "name": "http://packetstormsecurity.com/files/129109/MyBB-1.8.1-Cross-Site-Scripting-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129109/MyBB-1.8.1-Cross-Site-Scripting-SQL-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9657.json b/2014/9xxx/CVE-2014-9657.json index 2a91fb481a7..b2eb35f444d 100644 --- a/2014/9xxx/CVE-2014-9657.json +++ b/2014/9xxx/CVE-2014-9657.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9657", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9657", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/google-security-research/issues/detail?id=195", - "refsource" : "MISC", - "url" : "http://code.google.com/p/google-security-research/issues/detail?id=195" - }, - { - "name" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=eca0f067068020870a429fe91f6329e499390d55", - "refsource" : "CONFIRM", - "url" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=eca0f067068020870a429fe91f6329e499390d55" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2015-0083.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2015-0083.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" - }, - { - "name" : "DSA-3188", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3188" - }, - { - "name" : "FEDORA-2015-2216", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html" - }, - { - "name" : "FEDORA-2015-2237", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html" - }, - { - "name" : "GLSA-201503-05", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201503-05" - }, - { - "name" : "MDVSA-2015:055", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:055" - }, - { - "name" : "RHSA-2015:0696", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0696.html" - }, - { - "name" : "openSUSE-SU-2015:0627", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html" - }, - { - "name" : "USN-2510-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2510-1" - }, - { - "name" : "USN-2739-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2739-1" - }, - { - "name" : "72986", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3188", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3188" + }, + { + "name": "GLSA-201503-05", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201503-05" + }, + { + "name": "72986", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72986" + }, + { + "name": "USN-2739-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2739-1" + }, + { + "name": "openSUSE-SU-2015:0627", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html" + }, + { + "name": "http://advisories.mageia.org/MGASA-2015-0083.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2015-0083.html" + }, + { + "name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=eca0f067068020870a429fe91f6329e499390d55", + "refsource": "CONFIRM", + "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=eca0f067068020870a429fe91f6329e499390d55" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" + }, + { + "name": "RHSA-2015:0696", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0696.html" + }, + { + "name": "FEDORA-2015-2216", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html" + }, + { + "name": "MDVSA-2015:055", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:055" + }, + { + "name": "USN-2510-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2510-1" + }, + { + "name": "http://code.google.com/p/google-security-research/issues/detail?id=195", + "refsource": "MISC", + "url": "http://code.google.com/p/google-security-research/issues/detail?id=195" + }, + { + "name": "FEDORA-2015-2237", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2132.json b/2016/2xxx/CVE-2016-2132.json index 18d6693b4fd..c35a7fff395 100644 --- a/2016/2xxx/CVE-2016-2132.json +++ b/2016/2xxx/CVE-2016-2132.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2132", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2132", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2531.json b/2016/2xxx/CVE-2016-2531.json index e763d73d712..35decd30400 100644 --- a/2016/2xxx/CVE-2016-2531.json +++ b/2016/2xxx/CVE-2016-2531.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2531", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that triggers a 0xff tag value, a different vulnerability than CVE-2016-2530." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2016-10.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2016-10.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11829", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11829" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=de65fd6b00d0b891930324b9549c93ccfe9cac30", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=de65fd6b00d0b891930324b9549c93ccfe9cac30" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" - }, - { - "name" : "DSA-3516", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3516" - }, - { - "name" : "GLSA-201604-05", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201604-05" - }, - { - "name" : "openSUSE-SU-2016:0660", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00015.html" - }, - { - "name" : "openSUSE-SU-2016:0661", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00016.html" - }, - { - "name" : "1035118", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035118" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that triggers a 0xff tag value, a different vulnerability than CVE-2016-2530." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2016:0661", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00016.html" + }, + { + "name": "openSUSE-SU-2016:0660", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00015.html" + }, + { + "name": "DSA-3516", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3516" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11829", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11829" + }, + { + "name": "GLSA-201604-05", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201604-05" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2016-10.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2016-10.html" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=de65fd6b00d0b891930324b9549c93ccfe9cac30", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=de65fd6b00d0b891930324b9549c93ccfe9cac30" + }, + { + "name": "1035118", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035118" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2545.json b/2016/2xxx/CVE-2016-2545.json index fc8910c508b..17607137089 100644 --- a/2016/2xxx/CVE-2016-2545.json +++ b/2016/2xxx/CVE-2016-2545.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2545", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel before 4.4.1 does not properly maintain a certain linked list, which allows local users to cause a denial of service (race condition and system crash) via a crafted ioctl call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2545", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160119 Security bugs in Linux kernel sound subsystem", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/01/19/1" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee8413b01045c74340aa13ad5bdf905de32be736", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee8413b01045c74340aa13ad5bdf905de32be736" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1311560", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1311560" - }, - { - "name" : "https://github.com/torvalds/linux/commit/ee8413b01045c74340aa13ad5bdf905de32be736", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/ee8413b01045c74340aa13ad5bdf905de32be736" - }, - { - "name" : "DSA-3503", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3503" - }, - { - "name" : "SUSE-SU-2016:2074", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" - }, - { - "name" : "SUSE-SU-2016:0911", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" - }, - { - "name" : "SUSE-SU-2016:1102", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" - }, - { - "name" : "USN-2967-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2967-1" - }, - { - "name" : "USN-2967-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2967-2" - }, - { - "name" : "USN-2929-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2929-1" - }, - { - "name" : "USN-2929-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2929-2" - }, - { - "name" : "USN-2930-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2930-1" - }, - { - "name" : "USN-2930-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2930-2" - }, - { - "name" : "USN-2930-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2930-3" - }, - { - "name" : "USN-2931-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2931-1" - }, - { - "name" : "USN-2932-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2932-1" - }, - { - "name" : "83381", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/83381" - }, - { - "name" : "1035296", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035296" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel before 4.4.1 does not properly maintain a certain linked list, which allows local users to cause a denial of service (race condition and system crash) via a crafted ioctl call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/torvalds/linux/commit/ee8413b01045c74340aa13ad5bdf905de32be736", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/ee8413b01045c74340aa13ad5bdf905de32be736" + }, + { + "name": "USN-2930-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2930-1" + }, + { + "name": "USN-2967-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2967-1" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee8413b01045c74340aa13ad5bdf905de32be736", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee8413b01045c74340aa13ad5bdf905de32be736" + }, + { + "name": "USN-2930-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2930-2" + }, + { + "name": "DSA-3503", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3503" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1311560", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311560" + }, + { + "name": "USN-2967-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2967-2" + }, + { + "name": "[oss-security] 20160119 Security bugs in Linux kernel sound subsystem", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/01/19/1" + }, + { + "name": "USN-2930-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2930-3" + }, + { + "name": "SUSE-SU-2016:1102", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" + }, + { + "name": "USN-2929-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2929-1" + }, + { + "name": "USN-2932-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2932-1" + }, + { + "name": "1035296", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035296" + }, + { + "name": "SUSE-SU-2016:2074", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" + }, + { + "name": "USN-2931-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2931-1" + }, + { + "name": "83381", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/83381" + }, + { + "name": "USN-2929-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2929-2" + }, + { + "name": "SUSE-SU-2016:0911", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2960.json b/2016/2xxx/CVE-2016-2960.json index 72944eed1d2..2ccdd494699 100644 --- a/2016/2xxx/CVE-2016-2960.json +++ b/2016/2xxx/CVE-2016-2960.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2960", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x before 8.5.5.10, 8.5.0.x and 16.0.0.x Liberty before Liberty Fix Pack 16.0.0.3, and 9.0.0.x before 9.0.0.1 allows remote attackers to cause a denial of service via crafted SIP messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-2960", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21984796", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21984796" - }, - { - "name" : "PI61548", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI61548" - }, - { - "name" : "92354", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92354" - }, - { - "name" : "1036514", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036514" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x before 8.5.5.10, 8.5.0.x and 16.0.0.x Liberty before Liberty Fix Pack 16.0.0.3, and 9.0.0.x before 9.0.0.1 allows remote attackers to cause a denial of service via crafted SIP messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21984796", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984796" + }, + { + "name": "92354", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92354" + }, + { + "name": "PI61548", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI61548" + }, + { + "name": "1036514", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036514" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6165.json b/2016/6xxx/CVE-2016-6165.json index 084bc3b9efa..c6847254ec8 100644 --- a/2016/6xxx/CVE-2016-6165.json +++ b/2016/6xxx/CVE-2016-6165.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6165", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6165", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6436.json b/2016/6xxx/CVE-2016-6436.json index f192676c177..186e7ba91e0 100644 --- a/2016/6xxx/CVE-2016-6436.json +++ b/2016/6xxx/CVE-2016-6436.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6436", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in HostScan Engine 3.0.08062 through 3.1.14018 in the Cisco Host Scan package, as used in ASA Web VPN, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz14682." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6436", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20161005 Cisco Host Scan Package Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-chs" - }, - { - "name" : "93407", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93407" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in HostScan Engine 3.0.08062 through 3.1.14018 in the Cisco Host Scan package, as used in ASA Web VPN, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz14682." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93407", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93407" + }, + { + "name": "20161005 Cisco Host Scan Package Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-chs" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6447.json b/2016/6xxx/CVE-2016-6447.json index d8cccf614af..b9c8a44435c 100644 --- a/2016/6xxx/CVE-2016-6447.json +++ b/2016/6xxx/CVE-2016-6447.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2016-6447", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Meeting Server before 2.0.1, Acano Server before 1.9.3, Cisco Meeting App before 1.9.8, Acano Meeting Apps before 1.8.35", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Meeting Server before 2.0.1, Acano Server before 1.9.3, Cisco Meeting App before 1.9.8, Acano Meeting Apps before 1.8.35" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to 2.0.1, Acano Server releases prior to 1.8.16 and prior to 1.9.3, Cisco Meeting App releases prior to 1.9.8, Acano Meeting Apps releases prior to 1.8.35. More Information: CSCva75942 CSCvb67878. Known Affected Releases: 1.81.92.0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unspecified" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6447", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Meeting Server before 2.0.1, Acano Server before 1.9.3, Cisco Meeting App before 1.9.8, Acano Meeting Apps before 1.8.35", + "version": { + "version_data": [ + { + "version_value": "Cisco Meeting Server before 2.0.1, Acano Server before 1.9.3, Cisco Meeting App before 1.9.8, Acano Meeting Apps before 1.8.35" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms" - }, - { - "name" : "94073", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94073" - }, - { - "name" : "1037180", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037180" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to 2.0.1, Acano Server releases prior to 1.8.16 and prior to 1.9.3, Cisco Meeting App releases prior to 1.9.8, Acano Meeting Apps releases prior to 1.8.35. More Information: CSCva75942 CSCvb67878. Known Affected Releases: 1.81.92.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms" + }, + { + "name": "1037180", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037180" + }, + { + "name": "94073", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94073" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6707.json b/2016/6xxx/CVE-2016-6707.json index 12dbf09b780..a1b5d937742 100644 --- a/2016/6xxx/CVE-2016-6707.json +++ b/2016/6xxx/CVE-2016-6707.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-6707", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-6.0" - }, - { - "version_value" : "Android-6.0.1" - }, - { - "version_value" : "Android-7.0" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in System Server in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-31350622." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-6707", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-6.0" + }, + { + "version_value": "Android-6.0.1" + }, + { + "version_value": "Android-7.0" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40874", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40874/" - }, - { - "name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=928", - "refsource" : "MISC", - "url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=928" - }, - { - "name" : "https://googleprojectzero.blogspot.com/2016/12/bitunmap-attacking-android-ashmem.html", - "refsource" : "MISC", - "url" : "https://googleprojectzero.blogspot.com/2016/12/bitunmap-attacking-android-ashmem.html" - }, - { - "name" : "https://source.android.com/security/bulletin/2016-11-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2016-11-01.html" - }, - { - "name" : "94164", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94164" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in System Server in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-31350622." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=928", + "refsource": "MISC", + "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=928" + }, + { + "name": "https://googleprojectzero.blogspot.com/2016/12/bitunmap-attacking-android-ashmem.html", + "refsource": "MISC", + "url": "https://googleprojectzero.blogspot.com/2016/12/bitunmap-attacking-android-ashmem.html" + }, + { + "name": "94164", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94164" + }, + { + "name": "40874", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40874/" + }, + { + "name": "https://source.android.com/security/bulletin/2016-11-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2016-11-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6769.json b/2016/6xxx/CVE-2016-6769.json index 4a5a963e226..b92e6fb0433 100644 --- a/2016/6xxx/CVE-2016-6769.json +++ b/2016/6xxx/CVE-2016-6769.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-6769", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-5.0.2" - }, - { - "version_value" : "Android-5.1.1" - }, - { - "version_value" : "Android-6.0" - }, - { - "version_value" : "Android-6.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in Smart Lock could enable a local malicious user to access Smart Lock settings without a PIN. This issue is rated as Moderate because it first requires physical access to an unlocked device where Smart Lock was the last settings pane accessed by the user. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1. Android ID: A-29055171." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-6769", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-5.0.2" + }, + { + "version_value": "Android-5.1.1" + }, + { + "version_value": "Android-6.0" + }, + { + "version_value": "Android-6.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2016-12-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2016-12-01.html" - }, - { - "name" : "94703", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94703" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in Smart Lock could enable a local malicious user to access Smart Lock settings without a PIN. This issue is rated as Moderate because it first requires physical access to an unlocked device where Smart Lock was the last settings pane accessed by the user. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1. Android ID: A-29055171." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2016-12-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2016-12-01.html" + }, + { + "name": "94703", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94703" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7163.json b/2016/7xxx/CVE-2016-7163.json index b7303925ab2..f22b657f559 100644 --- a/2016/7xxx/CVE-2016-7163.json +++ b/2016/7xxx/CVE-2016-7163.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7163", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7163", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160908 CVE Request: OpenJPEG Integer Overflow Issue", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/08/3" - }, - { - "name" : "[oss-security] 20160908 Re: CVE Request: OpenJPEG Integer Overflow Issue", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/08/6" - }, - { - "name" : "https://github.com/uclouvain/openjpeg/commit/c16bc057ba3f125051c9966cf1f5b68a05681de4", - "refsource" : "CONFIRM", - "url" : "https://github.com/uclouvain/openjpeg/commit/c16bc057ba3f125051c9966cf1f5b68a05681de4" - }, - { - "name" : "https://github.com/uclouvain/openjpeg/commit/ef01f18dfc6780b776d0674ed3e7415c6ef54d24", - "refsource" : "CONFIRM", - "url" : "https://github.com/uclouvain/openjpeg/commit/ef01f18dfc6780b776d0674ed3e7415c6ef54d24" - }, - { - "name" : "https://github.com/uclouvain/openjpeg/issues/826", - "refsource" : "CONFIRM", - "url" : "https://github.com/uclouvain/openjpeg/issues/826" - }, - { - "name" : "https://github.com/uclouvain/openjpeg/pull/809", - "refsource" : "CONFIRM", - "url" : "https://github.com/uclouvain/openjpeg/pull/809" - }, - { - "name" : "DSA-3665", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3665" - }, - { - "name" : "FEDORA-2016-231f53426b", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQ2IIIQSJ3J4MONBOGCG6XHLKKJX2HKM/" - }, - { - "name" : "FEDORA-2016-27d3b7742f", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YGKSEWWWED77Q5ZHK4OA2EKSJXLRU3MK/" - }, - { - "name" : "FEDORA-2016-2eac99579c", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4IRSGYMBSHCBZP23CUDIRJ3LBKH6ZJ7/" - }, - { - "name" : "FEDORA-2016-8ed6b7bb5e", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2T6IQAMS4W65MGP7UW5FPE22PXELTK5D/" - }, - { - "name" : "FEDORA-2016-adb346980c", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JYLOX7PZS3ZUHQ6RGI3M6H27B7I5ZZ26/" - }, - { - "name" : "FEDORA-2016-dc53ceffc2", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66BWMMMWXH32J5AOGLAJGZA3GH5LZHXH/" - }, - { - "name" : "RHSA-2017:0559", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0559.html" - }, - { - "name" : "RHSA-2017:0838", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0838.html" - }, - { - "name" : "92897", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92897" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160908 Re: CVE Request: OpenJPEG Integer Overflow Issue", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/08/6" + }, + { + "name": "92897", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92897" + }, + { + "name": "[oss-security] 20160908 CVE Request: OpenJPEG Integer Overflow Issue", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/08/3" + }, + { + "name": "FEDORA-2016-231f53426b", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQ2IIIQSJ3J4MONBOGCG6XHLKKJX2HKM/" + }, + { + "name": "FEDORA-2016-8ed6b7bb5e", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2T6IQAMS4W65MGP7UW5FPE22PXELTK5D/" + }, + { + "name": "RHSA-2017:0559", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0559.html" + }, + { + "name": "https://github.com/uclouvain/openjpeg/issues/826", + "refsource": "CONFIRM", + "url": "https://github.com/uclouvain/openjpeg/issues/826" + }, + { + "name": "RHSA-2017:0838", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0838.html" + }, + { + "name": "https://github.com/uclouvain/openjpeg/commit/ef01f18dfc6780b776d0674ed3e7415c6ef54d24", + "refsource": "CONFIRM", + "url": "https://github.com/uclouvain/openjpeg/commit/ef01f18dfc6780b776d0674ed3e7415c6ef54d24" + }, + { + "name": "DSA-3665", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3665" + }, + { + "name": "https://github.com/uclouvain/openjpeg/pull/809", + "refsource": "CONFIRM", + "url": "https://github.com/uclouvain/openjpeg/pull/809" + }, + { + "name": "FEDORA-2016-dc53ceffc2", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66BWMMMWXH32J5AOGLAJGZA3GH5LZHXH/" + }, + { + "name": "FEDORA-2016-2eac99579c", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4IRSGYMBSHCBZP23CUDIRJ3LBKH6ZJ7/" + }, + { + "name": "https://github.com/uclouvain/openjpeg/commit/c16bc057ba3f125051c9966cf1f5b68a05681de4", + "refsource": "CONFIRM", + "url": "https://github.com/uclouvain/openjpeg/commit/c16bc057ba3f125051c9966cf1f5b68a05681de4" + }, + { + "name": "FEDORA-2016-27d3b7742f", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YGKSEWWWED77Q5ZHK4OA2EKSJXLRU3MK/" + }, + { + "name": "FEDORA-2016-adb346980c", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JYLOX7PZS3ZUHQ6RGI3M6H27B7I5ZZ26/" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7302.json b/2016/7xxx/CVE-2016-7302.json index e24047bb72e..1828f50ef5b 100644 --- a/2016/7xxx/CVE-2016-7302.json +++ b/2016/7xxx/CVE-2016-7302.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7302", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7302", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7599.json b/2016/7xxx/CVE-2016-7599.json index 8db56b72ce9..c3071c23bc9 100644 --- a/2016/7xxx/CVE-2016-7599.json +++ b/2016/7xxx/CVE-2016-7599.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-7599", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that uses HTTP redirects." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-7599", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207421", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207421" - }, - { - "name" : "https://support.apple.com/HT207422", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207422" - }, - { - "name" : "https://support.apple.com/HT207424", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207424" - }, - { - "name" : "https://support.apple.com/HT207427", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207427" - }, - { - "name" : "GLSA-201706-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-15" - }, - { - "name" : "94907", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94907" - }, - { - "name" : "1037459", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037459" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that uses HTTP redirects." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT207427", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207427" + }, + { + "name": "94907", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94907" + }, + { + "name": "https://support.apple.com/HT207421", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207421" + }, + { + "name": "1037459", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037459" + }, + { + "name": "https://support.apple.com/HT207422", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207422" + }, + { + "name": "GLSA-201706-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-15" + }, + { + "name": "https://support.apple.com/HT207424", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207424" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7680.json b/2016/7xxx/CVE-2016-7680.json index a1b86e72016..8ca3f58f7d2 100644 --- a/2016/7xxx/CVE-2016-7680.json +++ b/2016/7xxx/CVE-2016-7680.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7680", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7680", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7863.json b/2016/7xxx/CVE-2016-7863.json index 193fa277dbf..cfccd6a43ec 100644 --- a/2016/7xxx/CVE-2016-7863.json +++ b/2016/7xxx/CVE-2016-7863.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2016-7863", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Flash Player 23.0.0.205 and earlier, 11.2.202.643 and earlier", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Flash Player 23.0.0.205 and earlier, 11.2.202.643 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use after free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-7863", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Flash Player 23.0.0.205 and earlier, 11.2.202.643 and earlier", + "version": { + "version_data": [ + { + "version_value": "Adobe Flash Player 23.0.0.205 and earlier, 11.2.202.643 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-599", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-599" - }, - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-37.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-37.html" - }, - { - "name" : "GLSA-201611-18", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201611-18" - }, - { - "name" : "MS16-141", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-141" - }, - { - "name" : "RHSA-2016:2676", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2676.html" - }, - { - "name" : "94153", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94153" - }, - { - "name" : "1037240", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037240" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-141", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-141" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-37.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-37.html" + }, + { + "name": "94153", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94153" + }, + { + "name": "RHSA-2016:2676", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2676.html" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-599", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-599" + }, + { + "name": "1037240", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037240" + }, + { + "name": "GLSA-201611-18", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201611-18" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5041.json b/2017/5xxx/CVE-2017-5041.json index ec9dc7ad90d..116ec9ce28a 100644 --- a/2017/5xxx/CVE-2017-5041.json +++ b/2017/5xxx/CVE-2017-5041.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5041", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 57.0.2987.100", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 57.0.2987.100" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome prior to 57.0.2987.100 incorrectly handled back-forward navigation, which allowed a remote attacker to display incorrect information for a site via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "incorrect security UI" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5041", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 57.0.2987.100", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 57.0.2987.100" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/642490", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/642490" - }, - { - "name" : "DSA-3810", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3810" - }, - { - "name" : "GLSA-201704-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201704-02" - }, - { - "name" : "RHSA-2017:0499", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0499.html" - }, - { - "name" : "96767", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96767" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome prior to 57.0.2987.100 incorrectly handled back-forward navigation, which allowed a remote attacker to display incorrect information for a site via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "incorrect security UI" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" + }, + { + "name": "GLSA-201704-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201704-02" + }, + { + "name": "https://crbug.com/642490", + "refsource": "CONFIRM", + "url": "https://crbug.com/642490" + }, + { + "name": "DSA-3810", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3810" + }, + { + "name": "96767", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96767" + }, + { + "name": "RHSA-2017:0499", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5172.json b/2017/5xxx/CVE-2017-5172.json index f44a9806ee3..c90fe1e46a2 100644 --- a/2017/5xxx/CVE-2017-5172.json +++ b/2017/5xxx/CVE-2017-5172.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5172", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5172", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file