diff --git a/2006/0xxx/CVE-2006-0122.json b/2006/0xxx/CVE-2006-0122.json index 17077b2d9b1..fcbf6a8418d 100644 --- a/2006/0xxx/CVE-2006-0122.json +++ b/2006/0xxx/CVE-2006-0122.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0122", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Public/Index.asp in Aquifer CMS allows remote attackers to inject arbitrary web script or HTML via the Keyword parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0122", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://osvdb.org/ref/22/22247-aquifer.txt", - "refsource" : "MISC", - "url" : "http://osvdb.org/ref/22/22247-aquifer.txt" - }, - { - "name" : "20060124 vendor ack/fix: Aquifer CMS Index.asp Keyword Variable XSS (fwd)", - "refsource" : "VIM", - "url" : "http://attrition.org/pipermail/vim/2006-January/000509.html" - }, - { - "name" : "16162", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16162" - }, - { - "name" : "ADV-2006-0074", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0074" - }, - { - "name" : "22247", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22247" - }, - { - "name" : "18326", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18326" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Public/Index.asp in Aquifer CMS allows remote attackers to inject arbitrary web script or HTML via the Keyword parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060124 vendor ack/fix: Aquifer CMS Index.asp Keyword Variable XSS (fwd)", + "refsource": "VIM", + "url": "http://attrition.org/pipermail/vim/2006-January/000509.html" + }, + { + "name": "18326", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18326" + }, + { + "name": "ADV-2006-0074", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0074" + }, + { + "name": "http://osvdb.org/ref/22/22247-aquifer.txt", + "refsource": "MISC", + "url": "http://osvdb.org/ref/22/22247-aquifer.txt" + }, + { + "name": "16162", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16162" + }, + { + "name": "22247", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22247" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0446.json b/2006/0xxx/CVE-2006-0446.json index 9b6feb938fa..806f8174314 100644 --- a/2006/0xxx/CVE-2006-0446.json +++ b/2006/0xxx/CVE-2006-0446.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0446", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in WeBWorK 2.1.3 and 2.2-pre1 allows remote privileged attackers to execute arbitrary commands as the web server via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0446", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://devel.webwork.rochester.edu/twiki/bin/view/Webwork/WeBWorKRelease2pt1pt4", - "refsource" : "CONFIRM", - "url" : "http://devel.webwork.rochester.edu/twiki/bin/view/Webwork/WeBWorKRelease2pt1pt4" - }, - { - "name" : "16371", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16371" - }, - { - "name" : "ADV-2006-0319", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0319" - }, - { - "name" : "18594", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18594" - }, - { - "name" : "webwork-unknown-command-execution(24322)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24322" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in WeBWorK 2.1.3 and 2.2-pre1 allows remote privileged attackers to execute arbitrary commands as the web server via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0319", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0319" + }, + { + "name": "16371", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16371" + }, + { + "name": "18594", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18594" + }, + { + "name": "http://devel.webwork.rochester.edu/twiki/bin/view/Webwork/WeBWorKRelease2pt1pt4", + "refsource": "CONFIRM", + "url": "http://devel.webwork.rochester.edu/twiki/bin/view/Webwork/WeBWorKRelease2pt1pt4" + }, + { + "name": "webwork-unknown-command-execution(24322)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24322" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0536.json b/2006/0xxx/CVE-2006-0536.json index 915479797ac..95622852d03 100644 --- a/2006/0xxx/CVE-2006-0536.json +++ b/2006/0xxx/CVE-2006-0536.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0536", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.27 allows remote attackers to inject arbitrary web script or HTML via the sort parameter. NOTE: some sources say that the affected parameter is \"date,\" but the demonstration URL shows that it is \"sort\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0536", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060203 Neomail Cross Site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/423901/100/0/threaded" - }, - { - "name" : "ADV-2006-0449", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0449" - }, - { - "name" : "22978", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22978" - }, - { - "name" : "1015581", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015581" - }, - { - "name" : "neomail-neomail-script-xss(24470)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24470" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.27 allows remote attackers to inject arbitrary web script or HTML via the sort parameter. NOTE: some sources say that the affected parameter is \"date,\" but the demonstration URL shows that it is \"sort\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060203 Neomail Cross Site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/423901/100/0/threaded" + }, + { + "name": "1015581", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015581" + }, + { + "name": "neomail-neomail-script-xss(24470)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24470" + }, + { + "name": "ADV-2006-0449", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0449" + }, + { + "name": "22978", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22978" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0867.json b/2006/0xxx/CVE-2006-0867.json index 87fd3255322..49469e08485 100644 --- a/2006/0xxx/CVE-2006-0867.json +++ b/2006/0xxx/CVE-2006-0867.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0867", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in certain versions of South River (aka SRT) WebDrive, possibly version 6.08 build 1131 and version 8, allows remote attackers to cause a denial of service (application crash and persistent erratic behavior) via a long string in the name entry field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0867", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060222 South River WebDrive Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/425785/100/0/threaded" - }, - { - "name" : "webdrive-name-bo(24903)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24903" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in certain versions of South River (aka SRT) WebDrive, possibly version 6.08 build 1131 and version 8, allows remote attackers to cause a denial of service (application crash and persistent erratic behavior) via a long string in the name entry field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "webdrive-name-bo(24903)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24903" + }, + { + "name": "20060222 South River WebDrive Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/425785/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1028.json b/2006/1xxx/CVE-2006-1028.json index f00c879fad2..4ef5729f0a9 100644 --- a/2006/1xxx/CVE-2006-1028.json +++ b/2006/1xxx/CVE-2006-1028.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1028", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 allows remote attackers to cause a denial of service (stressed file cache) by creating many files via filenames in the feed parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1028", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060302 JOOMLA CMS 1.0.7 DoS & path disclosing", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426538/100/0/threaded" - }, - { - "name" : "http://www.joomla.org/content/view/938/78/", - "refsource" : "CONFIRM", - "url" : "http://www.joomla.org/content/view/938/78/" - }, - { - "name" : "23817", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23817" - }, - { - "name" : "19105", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19105" - }, - { - "name" : "527", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/527" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 allows remote attackers to cause a denial of service (stressed file cache) by creating many files via filenames in the feed parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060302 JOOMLA CMS 1.0.7 DoS & path disclosing", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426538/100/0/threaded" + }, + { + "name": "19105", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19105" + }, + { + "name": "23817", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23817" + }, + { + "name": "http://www.joomla.org/content/view/938/78/", + "refsource": "CONFIRM", + "url": "http://www.joomla.org/content/view/938/78/" + }, + { + "name": "527", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/527" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1163.json b/2006/1xxx/CVE-2006-1163.json index 1a2b5385cca..05891cd1840 100644 --- a/2006/1xxx/CVE-2006-1163.json +++ b/2006/1xxx/CVE-2006-1163.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1163", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Nodez 4.6.1.1 allows remote attackers to inject arbitrary web script or HTML via the op parameter. NOTE: it is possible that this issue is resultant from the directory traversal vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1163", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hamid.ir/security/nodez.txt", - "refsource" : "MISC", - "url" : "http://hamid.ir/security/nodez.txt" - }, - { - "name" : "17066", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17066" - }, - { - "name" : "ADV-2006-0899", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0899" - }, - { - "name" : "23776", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23776" - }, - { - "name" : "1015747", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015747" - }, - { - "name" : "19165", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19165" - }, - { - "name" : "nodez-op-xss(25121)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25121" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Nodez 4.6.1.1 allows remote attackers to inject arbitrary web script or HTML via the op parameter. NOTE: it is possible that this issue is resultant from the directory traversal vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19165", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19165" + }, + { + "name": "17066", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17066" + }, + { + "name": "http://hamid.ir/security/nodez.txt", + "refsource": "MISC", + "url": "http://hamid.ir/security/nodez.txt" + }, + { + "name": "ADV-2006-0899", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0899" + }, + { + "name": "1015747", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015747" + }, + { + "name": "nodez-op-xss(25121)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25121" + }, + { + "name": "23776", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23776" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1500.json b/2006/1xxx/CVE-2006-1500.json index 4c412919d1c..cc32ac66133 100644 --- a/2006/1xxx/CVE-2006-1500.json +++ b/2006/1xxx/CVE-2006-1500.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1500", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Tilde CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1500", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://osvdb.org/ref/24/24233-tilde.txt", - "refsource" : "MISC", - "url" : "http://osvdb.org/ref/24/24233-tilde.txt" - }, - { - "name" : "17299", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17299" - }, - { - "name" : "ADV-2006-1145", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1145" - }, - { - "name" : "24233", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24233" - }, - { - "name" : "19447", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19447" - }, - { - "name" : "tildecms-index-sql-injection(25510)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25510" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Tilde CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19447", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19447" + }, + { + "name": "tildecms-index-sql-injection(25510)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25510" + }, + { + "name": "http://osvdb.org/ref/24/24233-tilde.txt", + "refsource": "MISC", + "url": "http://osvdb.org/ref/24/24233-tilde.txt" + }, + { + "name": "24233", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24233" + }, + { + "name": "ADV-2006-1145", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1145" + }, + { + "name": "17299", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17299" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1956.json b/2006/1xxx/CVE-2006-1956.json index f9b8b40cc81..dcd879073ac 100644 --- a/2006/1xxx/CVE-2006-1956.json +++ b/2006/1xxx/CVE-2006-1956.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1956", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to obtain sensitive information via an invalid feed parameter, which reveals the path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1956", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060418 [KAPDA::#41] - Mambo/Joomla rss component vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431317/100/0/threaded" - }, - { - "name" : "http://irannetjob.com/content/view/209/28/", - "refsource" : "MISC", - "url" : "http://irannetjob.com/content/view/209/28/" - }, - { - "name" : "http://www.kapda.ir/advisory-313.html", - "refsource" : "MISC", - "url" : "http://www.kapda.ir/advisory-313.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to obtain sensitive information via an invalid feed parameter, which reveals the path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kapda.ir/advisory-313.html", + "refsource": "MISC", + "url": "http://www.kapda.ir/advisory-313.html" + }, + { + "name": "20060418 [KAPDA::#41] - Mambo/Joomla rss component vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431317/100/0/threaded" + }, + { + "name": "http://irannetjob.com/content/view/209/28/", + "refsource": "MISC", + "url": "http://irannetjob.com/content/view/209/28/" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3437.json b/2006/3xxx/CVE-2006-3437.json index de77ee60fa8..5abd81fb3a1 100644 --- a/2006/3xxx/CVE-2006-3437.json +++ b/2006/3xxx/CVE-2006-3437.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3437", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-3437", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3939.json b/2006/3xxx/CVE-2006-3939.json index 1857ea30bf7..a2c63695dde 100644 --- a/2006/3xxx/CVE-2006-3939.json +++ b/2006/3xxx/CVE-2006-3939.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3939", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ScriptsCenter ezUpload Pro 2.2.0 allows remote attackers to perform administrative activities without authentication in (1) filter.php, which permits changing the Extensions Mode file type; (2) access.php, which permits changing the Protection Method; (3) edituser.php, which permits adding upload capabilities to user accounts; (4) settings.php, which permits changing the admin information; and (5) index.php, which permits uploading of arbitrary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3939", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060726 EzUpload multi file vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441172/100/0/threaded" - }, - { - "name" : "19175", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19175" - }, - { - "name" : "1305", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1305" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ScriptsCenter ezUpload Pro 2.2.0 allows remote attackers to perform administrative activities without authentication in (1) filter.php, which permits changing the Extensions Mode file type; (2) access.php, which permits changing the Protection Method; (3) edituser.php, which permits adding upload capabilities to user accounts; (4) settings.php, which permits changing the admin information; and (5) index.php, which permits uploading of arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19175", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19175" + }, + { + "name": "1305", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1305" + }, + { + "name": "20060726 EzUpload multi file vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441172/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4303.json b/2006/4xxx/CVE-2006-4303.json index 3ea08c4db83..45eb4c64070 100644 --- a/2006/4xxx/CVE-2006-4303.json +++ b/2006/4xxx/CVE-2006-4303.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4303", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun Solaris 10 allows remote attackers to cause a denial of service (\"tight loop\" and CPU consumption for listener applications) via unknown vectors related to TCP fusion (do_tcp_fusion)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4303", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "102576", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102576-1" - }, - { - "name" : "1016706", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016706" - }, - { - "name" : "solaris-listener-dos(28420)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28420" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun Solaris 10 allows remote attackers to cause a denial of service (\"tight loop\" and CPU consumption for listener applications) via unknown vectors related to TCP fusion (do_tcp_fusion)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "solaris-listener-dos(28420)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28420" + }, + { + "name": "102576", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102576-1" + }, + { + "name": "1016706", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016706" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4390.json b/2006/4xxx/CVE-2006-4390.json index cad46b87fc9..81ca2fbe59e 100644 --- a/2006/4xxx/CVE-2006-4390.json +++ b/2006/4xxx/CVE-2006-4390.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4390", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CFNetwork in Apple Mac OS X 10.4 through 10.4.7 and 10.3.9 allows remote SSL sites to appear as trusted sites by using encryption without authentication, which can cause the lock icon in Safari to be displayed even when the site's identity cannot be trusted." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4390", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2006-09-29", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html" - }, - { - "name" : "20271", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20271" - }, - { - "name" : "ADV-2006-3852", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3852" - }, - { - "name" : "29267", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29267" - }, - { - "name" : "1016952", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016952" - }, - { - "name" : "22187", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22187" - }, - { - "name" : "macos-cfnetwork-ssl-spoofing(29277)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29277" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CFNetwork in Apple Mac OS X 10.4 through 10.4.7 and 10.3.9 allows remote SSL sites to appear as trusted sites by using encryption without authentication, which can cause the lock icon in Safari to be displayed even when the site's identity cannot be trusted." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20271", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20271" + }, + { + "name": "macos-cfnetwork-ssl-spoofing(29277)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29277" + }, + { + "name": "1016952", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016952" + }, + { + "name": "22187", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22187" + }, + { + "name": "ADV-2006-3852", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3852" + }, + { + "name": "APPLE-SA-2006-09-29", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html" + }, + { + "name": "29267", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29267" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4526.json b/2006/4xxx/CVE-2006-4526.json index 42fec1e8c1a..187f0a3b3b9 100644 --- a/2006/4xxx/CVE-2006-4526.json +++ b/2006/4xxx/CVE-2006-4526.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4526", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in includes/content/viewCat.inc.php in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the searchArray[] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4526", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.gulftech.org/?node=research&article_id=00111-08282006&", - "refsource" : "MISC", - "url" : "http://www.gulftech.org/?node=research&article_id=00111-08282006&" - }, - { - "name" : "http://cubecart.com/site/forums/index.php?showtopic=21540", - "refsource" : "CONFIRM", - "url" : "http://cubecart.com/site/forums/index.php?showtopic=21540" - }, - { - "name" : "http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90&act=Attach&type=post&id=697", - "refsource" : "CONFIRM", - "url" : "http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90&act=Attach&type=post&id=697" - }, - { - "name" : "19782", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19782" - }, - { - "name" : "21659", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21659" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in includes/content/viewCat.inc.php in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the searchArray[] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21659", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21659" + }, + { + "name": "http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90&act=Attach&type=post&id=697", + "refsource": "CONFIRM", + "url": "http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90&act=Attach&type=post&id=697" + }, + { + "name": "19782", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19782" + }, + { + "name": "http://cubecart.com/site/forums/index.php?showtopic=21540", + "refsource": "CONFIRM", + "url": "http://cubecart.com/site/forums/index.php?showtopic=21540" + }, + { + "name": "http://www.gulftech.org/?node=research&article_id=00111-08282006&", + "refsource": "MISC", + "url": "http://www.gulftech.org/?node=research&article_id=00111-08282006&" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4660.json b/2006/4xxx/CVE-2006-4660.json index 5e01c89c4fb..3bfce0626de 100644 --- a/2006/4xxx/CVE-2006-4660.json +++ b/2006/4xxx/CVE-2006-4660.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4660", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the RSS Feed module in AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) allow remote attackers to process arbitrary web script or HTML in the Feeds interface context via the (1) title and (2) description elements within an item element in an RSS feed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4660", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060907 CORE-2006-0322: Multiple vulnerabilities in ICQ Toolbar 1.3 for Internet Explorer", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445515/100/0/threaded" - }, - { - "name" : "http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1510", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1510" - }, - { - "name" : "19900", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19900" - }, - { - "name" : "ADV-2006-3528", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3528" - }, - { - "name" : "21809", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21809" - }, - { - "name" : "1523", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1523" - }, - { - "name" : "icq-toolbar-rss-feed-xss(28809)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the RSS Feed module in AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) allow remote attackers to process arbitrary web script or HTML in the Feeds interface context via the (1) title and (2) description elements within an item element in an RSS feed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1510", + "refsource": "MISC", + "url": "http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1510" + }, + { + "name": "ADV-2006-3528", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3528" + }, + { + "name": "icq-toolbar-rss-feed-xss(28809)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28809" + }, + { + "name": "19900", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19900" + }, + { + "name": "20060907 CORE-2006-0322: Multiple vulnerabilities in ICQ Toolbar 1.3 for Internet Explorer", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445515/100/0/threaded" + }, + { + "name": "21809", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21809" + }, + { + "name": "1523", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1523" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4911.json b/2006/4xxx/CVE-2006-4911.json index 8b43279c319..15f09f01aa1 100644 --- a/2006/4xxx/CVE-2006-4911.json +++ b/2006/4xxx/CVE-2006-4911.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4911", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Cisco IPS 5.0 before 5.0(6p2) and 5.1 before 5.1(2), when running in inline or promiscuous mode, allows remote attackers to bypass traffic inspection via a \"crafted sequence of fragmented IP packets\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4911", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060920 Cisco Security Advisory: Cisco Intrusion Prevention System Management Interface Denial of Service and Fragmented Packet Evasion Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20060920-ips.shtml" - }, - { - "name" : "VU#658884", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/658884" - }, - { - "name" : "20127", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20127" - }, - { - "name" : "ADV-2006-3721", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3721" - }, - { - "name" : "29036", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29036" - }, - { - "name" : "1016891", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016891" - }, - { - "name" : "22022", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22022" - }, - { - "name" : "cisco-ips-frag-bypass(29058)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29058" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Cisco IPS 5.0 before 5.0(6p2) and 5.1 before 5.1(2), when running in inline or promiscuous mode, allows remote attackers to bypass traffic inspection via a \"crafted sequence of fragmented IP packets\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20127", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20127" + }, + { + "name": "29036", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29036" + }, + { + "name": "20060920 Cisco Security Advisory: Cisco Intrusion Prevention System Management Interface Denial of Service and Fragmented Packet Evasion Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060920-ips.shtml" + }, + { + "name": "cisco-ips-frag-bypass(29058)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29058" + }, + { + "name": "1016891", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016891" + }, + { + "name": "VU#658884", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/658884" + }, + { + "name": "22022", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22022" + }, + { + "name": "ADV-2006-3721", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3721" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2154.json b/2010/2xxx/CVE-2010-2154.json index 71ad0dcc7e0..f9cc74128d7 100644 --- a/2010/2xxx/CVE-2010-2154.json +++ b/2010/2xxx/CVE-2010-2154.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2154", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Search Site in CMScout 2.09, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2154", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "12806", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12806" - }, - { - "name" : "65010", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/65010" - }, - { - "name" : "39986", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39986" - }, - { - "name" : "ADV-2010-1288", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1288" - }, - { - "name" : "cmscout-search-xss(58996)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58996" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Search Site in CMScout 2.09, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "65010", + "refsource": "OSVDB", + "url": "http://osvdb.org/65010" + }, + { + "name": "39986", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39986" + }, + { + "name": "ADV-2010-1288", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1288" + }, + { + "name": "12806", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12806" + }, + { + "name": "cmscout-search-xss(58996)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58996" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2647.json b/2010/2xxx/CVE-2010-2647.json index d85f767944f..2ece3debb92 100644 --- a/2010/2xxx/CVE-2010-2647.json +++ b/2010/2xxx/CVE-2010-2647.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2647", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an invalid SVG document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=43488", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=43488" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html" - }, - { - "name" : "MDVSA-2011:039", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" - }, - { - "name" : "USN-1006-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1006-1" - }, - { - "name" : "oval:org.mitre.oval:def:11884", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11884" - }, - { - "name" : "41856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41856" - }, - { - "name" : "ADV-2010-2722", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2722" - }, - { - "name" : "ADV-2011-0552", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an invalid SVG document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:039", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=43488", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=43488" + }, + { + "name": "http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html" + }, + { + "name": "ADV-2010-2722", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2722" + }, + { + "name": "USN-1006-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1006-1" + }, + { + "name": "41856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41856" + }, + { + "name": "ADV-2011-0552", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0552" + }, + { + "name": "oval:org.mitre.oval:def:11884", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11884" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3436.json b/2010/3xxx/CVE-2010-3436.json index e04de224f2c..1372042f211 100644 --- a/2010/3xxx/CVE-2010-3436.json +++ b/2010/3xxx/CVE-2010-3436.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3436", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass open_basedir restrictions via vectors related to the length of a filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3436", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://security-tracker.debian.org/tracker/CVE-2010-3436", - "refsource" : "CONFIRM", - "url" : "http://security-tracker.debian.org/tracker/CVE-2010-3436" - }, - { - "name" : "http://svn.php.net/viewvc/php/php-src/trunk/main/fopen_wrappers.c?r1=303824&r2=303823&pathrev=303824", - "refsource" : "CONFIRM", - "url" : "http://svn.php.net/viewvc/php/php-src/trunk/main/fopen_wrappers.c?r1=303824&r2=303823&pathrev=303824" - }, - { - "name" : "http://svn.php.net/viewvc?view=revision&revision=303824", - "refsource" : "CONFIRM", - "url" : "http://svn.php.net/viewvc?view=revision&revision=303824" - }, - { - "name" : "http://www.php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php" - }, - { - "name" : "http://www.php.net/archive/2010.php#id2010-12-10-1", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/archive/2010.php#id2010-12-10-1" - }, - { - "name" : "http://www.php.net/releases/5_2_15.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/releases/5_2_15.php" - }, - { - "name" : "http://www.php.net/releases/5_3_4.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/releases/5_3_4.php" - }, - { - "name" : "http://support.apple.com/kb/HT4581", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4581" - }, - { - "name" : "http://support.apple.com/kb/HT5002", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5002" - }, - { - "name" : "APPLE-SA-2011-03-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html" - }, - { - "name" : "APPLE-SA-2011-10-12-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" - }, - { - "name" : "MDVSA-2010:218", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:218" - }, - { - "name" : "SSA:2010-357-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.490619" - }, - { - "name" : "USN-1042-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1042-1" - }, - { - "name" : "44723", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44723" - }, - { - "name" : "42729", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42729" - }, - { - "name" : "42812", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42812" - }, - { - "name" : "ADV-2010-3313", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3313" - }, - { - "name" : "ADV-2011-0077", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0077" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass open_basedir restrictions via vectors related to the length of a filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://svn.php.net/viewvc?view=revision&revision=303824", + "refsource": "CONFIRM", + "url": "http://svn.php.net/viewvc?view=revision&revision=303824" + }, + { + "name": "ADV-2011-0077", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0077" + }, + { + "name": "42812", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42812" + }, + { + "name": "MDVSA-2010:218", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:218" + }, + { + "name": "http://www.php.net/releases/5_3_4.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/releases/5_3_4.php" + }, + { + "name": "http://svn.php.net/viewvc/php/php-src/trunk/main/fopen_wrappers.c?r1=303824&r2=303823&pathrev=303824", + "refsource": "CONFIRM", + "url": "http://svn.php.net/viewvc/php/php-src/trunk/main/fopen_wrappers.c?r1=303824&r2=303823&pathrev=303824" + }, + { + "name": "APPLE-SA-2011-03-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html" + }, + { + "name": "USN-1042-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1042-1" + }, + { + "name": "44723", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44723" + }, + { + "name": "http://www.php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php" + }, + { + "name": "APPLE-SA-2011-10-12-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" + }, + { + "name": "SSA:2010-357-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.490619" + }, + { + "name": "ADV-2010-3313", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3313" + }, + { + "name": "http://www.php.net/archive/2010.php#id2010-12-10-1", + "refsource": "CONFIRM", + "url": "http://www.php.net/archive/2010.php#id2010-12-10-1" + }, + { + "name": "http://www.php.net/releases/5_2_15.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/releases/5_2_15.php" + }, + { + "name": "http://support.apple.com/kb/HT5002", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5002" + }, + { + "name": "42729", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42729" + }, + { + "name": "http://security-tracker.debian.org/tracker/CVE-2010-3436", + "refsource": "CONFIRM", + "url": "http://security-tracker.debian.org/tracker/CVE-2010-3436" + }, + { + "name": "http://support.apple.com/kb/HT4581", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4581" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3701.json b/2010/3xxx/CVE-2010-3701.json index 45fef485259..1f564500b0d 100644 --- a/2010/3xxx/CVE-2010-3701.json +++ b/2010/3xxx/CVE-2010-3701.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3701", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lib/MessageStoreImpl.cpp in Red Hat Enterprise MRG before 1.2.2 allows remote authenticated users to cause a denial of service (stack memory exhaustion and broker crash) via a large persistent message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3701", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=634014", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=634014" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=640006", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=640006" - }, - { - "name" : "RHSA-2010:0756", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0756.html" - }, - { - "name" : "RHSA-2010:0757", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0757.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lib/MessageStoreImpl.cpp in Red Hat Enterprise MRG before 1.2.2 allows remote authenticated users to cause a denial of service (stack memory exhaustion and broker crash) via a large persistent message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2010:0756", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0756.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=634014", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=634014" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=640006", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=640006" + }, + { + "name": "RHSA-2010:0757", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0757.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3878.json b/2010/3xxx/CVE-2010-3878.json index f47f7151141..d4dde7daf83 100644 --- a/2010/3xxx/CVE-2010-3878.json +++ b/2010/3xxx/CVE-2010-3878.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3878", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the JMX Console in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 allows remote attackers to hijack the authentication of administrators for requests that deploy WAR files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3878", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=604617", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=604617" - }, - { - "name" : "RHSA-2010:0937", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0937.html" - }, - { - "name" : "RHSA-2010:0938", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0938.html" - }, - { - "name" : "RHSA-2010:0939", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0939.html" - }, - { - "name" : "1024813", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024813" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the JMX Console in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 allows remote attackers to hijack the authentication of administrators for requests that deploy WAR files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2010:0938", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0938.html" + }, + { + "name": "RHSA-2010:0937", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0937.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=604617", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=604617" + }, + { + "name": "RHSA-2010:0939", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0939.html" + }, + { + "name": "1024813", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024813" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4974.json b/2010/4xxx/CVE-2010-4974.json index 6eab5f6a4bf..893709c0833 100644 --- a/2010/4xxx/CVE-2010-4974.json +++ b/2010/4xxx/CVE-2010-4974.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4974", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in info.php in BrotherScripts (BS) and ScriptsFeed Auto Dealer allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4974", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14239", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14239" - }, - { - "name" : "http://packetstormsecurity.org/1007-exploits/bsautodealer-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1007-exploits/bsautodealer-sql.txt" - }, - { - "name" : "41384", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41384" - }, - { - "name" : "66013", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/66013" - }, - { - "name" : "40391", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40391" - }, - { - "name" : "8489", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8489" - }, - { - "name" : "autodealer-info-sql-injection(60061)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60061" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in info.php in BrotherScripts (BS) and ScriptsFeed Auto Dealer allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40391", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40391" + }, + { + "name": "14239", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14239" + }, + { + "name": "66013", + "refsource": "OSVDB", + "url": "http://osvdb.org/66013" + }, + { + "name": "autodealer-info-sql-injection(60061)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60061" + }, + { + "name": "8489", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8489" + }, + { + "name": "http://packetstormsecurity.org/1007-exploits/bsautodealer-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1007-exploits/bsautodealer-sql.txt" + }, + { + "name": "41384", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41384" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1033.json b/2011/1xxx/CVE-2011-1033.json index 7d4e1e86fcc..3361c1edadc 100644 --- a/2011/1xxx/CVE-2011-1033.json +++ b/2011/1xxx/CVE-2011-1033.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1033", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in oninit in IBM Informix Dynamic Server (IDS) 11.50 allows remote attackers to execute arbitrary code via crafted arguments in the USELASTCOMMITTED session environment option in a SQL SET ENVIRONMENT statement." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1033", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110207 ZDI-11-050: IBM Informix Dynamic Server SET ENVIRONMENT Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516250/100/0/threaded" - }, - { - "name" : "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-ibm", - "refsource" : "MISC", - "url" : "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-ibm" - }, - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-11-050/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-11-050/" - }, - { - "name" : "46230", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46230" - }, - { - "name" : "43212", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43212" - }, - { - "name" : "8078", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8078" - }, - { - "name" : "ADV-2011-0309", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0309" - }, - { - "name" : "ibm-informix-dynamic-oninit-bo(65209)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65209" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in oninit in IBM Informix Dynamic Server (IDS) 11.50 allows remote attackers to execute arbitrary code via crafted arguments in the USELASTCOMMITTED session environment option in a SQL SET ENVIRONMENT statement." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0309", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0309" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-11-050/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-11-050/" + }, + { + "name": "46230", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46230" + }, + { + "name": "8078", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8078" + }, + { + "name": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-ibm", + "refsource": "MISC", + "url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-ibm" + }, + { + "name": "43212", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43212" + }, + { + "name": "ibm-informix-dynamic-oninit-bo(65209)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65209" + }, + { + "name": "20110207 ZDI-11-050: IBM Informix Dynamic Server SET ENVIRONMENT Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516250/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1184.json b/2011/1xxx/CVE-2011-1184.json index 81c51ef2385..b3b30bc32de 100644 --- a/2011/1xxx/CVE-2011-1184.json +++ b/2011/1xxx/CVE-2011-1184.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1184", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1184", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://svn.apache.org/viewvc?view=rev&rev=1087655", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=rev&rev=1087655" - }, - { - "name" : "http://svn.apache.org/viewvc?view=rev&rev=1158180", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=rev&rev=1158180" - }, - { - "name" : "http://svn.apache.org/viewvc?view=rev&rev=1159309", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=rev&rev=1159309" - }, - { - "name" : "http://tomcat.apache.org/security-5.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-5.html" - }, - { - "name" : "http://tomcat.apache.org/security-6.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-6.html" - }, - { - "name" : "http://tomcat.apache.org/security-7.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-7.html" - }, - { - "name" : "DSA-2401", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2401" - }, - { - "name" : "HPSBUX02860", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136485229118404&w=2" - }, - { - "name" : "SSRT101146", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136485229118404&w=2" - }, - { - "name" : "HPSBST02955", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139344343412337&w=2" - }, - { - "name" : "HPSBOV02762", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133469267822771&w=2" - }, - { - "name" : "SSRT100825", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133469267822771&w=2" - }, - { - "name" : "MDVSA-2011:156", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:156" - }, - { - "name" : "RHSA-2011:1845", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1845.html" - }, - { - "name" : "RHSA-2012:0074", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0074.html" - }, - { - "name" : "RHSA-2012:0075", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0075.html" - }, - { - "name" : "RHSA-2012:0076", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0076.html" - }, - { - "name" : "RHSA-2012:0077", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0077.html" - }, - { - "name" : "RHSA-2012:0078", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0078.html" - }, - { - "name" : "RHSA-2012:0325", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0325.html" - }, - { - "name" : "SUSE-SU-2012:0155", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html" - }, - { - "name" : "openSUSE-SU-2012:0208", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html" - }, - { - "name" : "oval:org.mitre.oval:def:19169", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19169" - }, - { - "name" : "57126", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57126" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:156", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:156" + }, + { + "name": "DSA-2401", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2401" + }, + { + "name": "SUSE-SU-2012:0155", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html" + }, + { + "name": "RHSA-2012:0325", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0325.html" + }, + { + "name": "HPSBUX02860", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2" + }, + { + "name": "http://svn.apache.org/viewvc?view=rev&rev=1159309", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=rev&rev=1159309" + }, + { + "name": "RHSA-2012:0078", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0078.html" + }, + { + "name": "RHSA-2011:1845", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1845.html" + }, + { + "name": "http://svn.apache.org/viewvc?view=rev&rev=1158180", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=rev&rev=1158180" + }, + { + "name": "RHSA-2012:0075", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0075.html" + }, + { + "name": "RHSA-2012:0074", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0074.html" + }, + { + "name": "http://tomcat.apache.org/security-7.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-7.html" + }, + { + "name": "HPSBOV02762", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133469267822771&w=2" + }, + { + "name": "http://svn.apache.org/viewvc?view=rev&rev=1087655", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=rev&rev=1087655" + }, + { + "name": "http://tomcat.apache.org/security-6.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-6.html" + }, + { + "name": "57126", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57126" + }, + { + "name": "SSRT100825", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133469267822771&w=2" + }, + { + "name": "http://tomcat.apache.org/security-5.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-5.html" + }, + { + "name": "openSUSE-SU-2012:0208", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html" + }, + { + "name": "SSRT101146", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2" + }, + { + "name": "RHSA-2012:0076", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0076.html" + }, + { + "name": "HPSBST02955", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2" + }, + { + "name": "oval:org.mitre.oval:def:19169", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19169" + }, + { + "name": "RHSA-2012:0077", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0077.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1828.json b/2011/1xxx/CVE-2011-1828.json index 0d5a2353db6..1baeb62807e 100644 --- a/2011/1xxx/CVE-2011-1828.json +++ b/2011/1xxx/CVE-2011-1828.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1828", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "usb-creator-helper in usb-creator before 0.2.28.3 does not enforce intended PolicyKit restrictions, which allows local users to perform arbitrary unmount operations via the UnmountFile method in a dbus-send command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2011-1828", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://launchpad.net/bugs/771553", - "refsource" : "CONFIRM", - "url" : "https://launchpad.net/bugs/771553" - }, - { - "name" : "USN-1127-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-1127-1/" - }, - { - "name" : "47679", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47679" - }, - { - "name" : "44413", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44413" - }, - { - "name" : "ADV-2011-1143", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/1143" - }, - { - "name" : "usbcreator-unspecified-sec-bypass(67241)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67241" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "usb-creator-helper in usb-creator before 0.2.28.3 does not enforce intended PolicyKit restrictions, which allows local users to perform arbitrary unmount operations via the UnmountFile method in a dbus-send command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1127-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-1127-1/" + }, + { + "name": "47679", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47679" + }, + { + "name": "ADV-2011-1143", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/1143" + }, + { + "name": "https://launchpad.net/bugs/771553", + "refsource": "CONFIRM", + "url": "https://launchpad.net/bugs/771553" + }, + { + "name": "usbcreator-unspecified-sec-bypass(67241)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67241" + }, + { + "name": "44413", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44413" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1840.json b/2011/1xxx/CVE-2011-1840.json index 3a4736a0048..40402ef36d8 100644 --- a/2011/1xxx/CVE-2011-1840.json +++ b/2011/1xxx/CVE-2011-1840.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1840", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MartiniCreations PassmanLite Password Manager application before 1.48 for Android stores the master password and unspecified other account information in cleartext, which allows local users to obtain sensitive information by leveraging shell access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1840", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.simonroses.com/wp-content/uploads/2011/05/SRF-SA-2011-01.txt", - "refsource" : "MISC", - "url" : "http://www.simonroses.com/wp-content/uploads/2011/05/SRF-SA-2011-01.txt" - }, - { - "name" : "47765", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47765" - }, - { - "name" : "8250", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MartiniCreations PassmanLite Password Manager application before 1.48 for Android stores the master password and unspecified other account information in cleartext, which allows local users to obtain sensitive information by leveraging shell access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8250", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8250" + }, + { + "name": "47765", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47765" + }, + { + "name": "http://www.simonroses.com/wp-content/uploads/2011/05/SRF-SA-2011-01.txt", + "refsource": "MISC", + "url": "http://www.simonroses.com/wp-content/uploads/2011/05/SRF-SA-2011-01.txt" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1924.json b/2011/1xxx/CVE-2011-1924.json index 5c16357d174..7db53d6df5d 100644 --- a/2011/1xxx/CVE-2011-1924.json +++ b/2011/1xxx/CVE-2011-1924.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1924", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the policy_summarize function in or/policies.c in Tor before 0.2.1.30 allows remote attackers to cause a denial of service (directory authority crash) via a crafted policy that triggers creation of a long port list." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1924", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[tor-announce] 20110228 Tor 0.2.1.30 is released", - "refsource" : "MLIST", - "url" : "https://lists.torproject.org/pipermail/tor-announce/2011-February/000000.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=705192", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=705192" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=705194", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=705194" - }, - { - "name" : "https://gitweb.torproject.org/tor.git/commit/43414eb98821d3b5c6c65181d7545ce938f82c8e", - "refsource" : "CONFIRM", - "url" : "https://gitweb.torproject.org/tor.git/commit/43414eb98821d3b5c6c65181d7545ce938f82c8e" - }, - { - "name" : "FEDORA-2011-7972", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061258.html" - }, - { - "name" : "46618", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46618" - }, - { - "name" : "43548", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43548" - }, - { - "name" : "44862", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44862" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the policy_summarize function in or/policies.c in Tor before 0.2.1.30 allows remote attackers to cause a denial of service (directory authority crash) via a crafted policy that triggers creation of a long port list." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43548", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43548" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=705194", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=705194" + }, + { + "name": "44862", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44862" + }, + { + "name": "46618", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46618" + }, + { + "name": "https://gitweb.torproject.org/tor.git/commit/43414eb98821d3b5c6c65181d7545ce938f82c8e", + "refsource": "CONFIRM", + "url": "https://gitweb.torproject.org/tor.git/commit/43414eb98821d3b5c6c65181d7545ce938f82c8e" + }, + { + "name": "FEDORA-2011-7972", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061258.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=705192", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=705192" + }, + { + "name": "[tor-announce] 20110228 Tor 0.2.1.30 is released", + "refsource": "MLIST", + "url": "https://lists.torproject.org/pipermail/tor-announce/2011-February/000000.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5025.json b/2011/5xxx/CVE-2011-5025.json index 1d49126f71e..87cece8132c 100644 --- a/2011/5xxx/CVE-2011-5025.json +++ b/2011/5xxx/CVE-2011-5025.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5025", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the wiki application in Yaws 1.88 allow remote attackers to inject arbitrary web script or HTML via (1) the tag parameter to editTag.yaws, (2) the index parameter to showOldPage.yaws, (3) the node parameter to allRefsToMe.yaws, or (4) the text parameter to editPage.yaws." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5025", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sitewat.ch/Advisory/View/4", - "refsource" : "MISC", - "url" : "https://sitewat.ch/Advisory/View/4" - }, - { - "name" : "51276", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51276" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the wiki application in Yaws 1.88 allow remote attackers to inject arbitrary web script or HTML via (1) the tag parameter to editTag.yaws, (2) the index parameter to showOldPage.yaws, (3) the node parameter to allRefsToMe.yaws, or (4) the text parameter to editPage.yaws." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51276", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51276" + }, + { + "name": "https://sitewat.ch/Advisory/View/4", + "refsource": "MISC", + "url": "https://sitewat.ch/Advisory/View/4" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5179.json b/2011/5xxx/CVE-2011-5179.json index 69137902e83..6dc3da91340 100644 --- a/2011/5xxx/CVE-2011-5179.json +++ b/2011/5xxx/CVE-2011-5179.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5179", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly before 1.04, for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5179", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111127 Wordpress skysa-official plugin Cross-Site Scripting Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/520662/100/0/threaded" - }, - { - "name" : "50824", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50824" - }, - { - "name" : "skysaappbar-skysa-xss(71486)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71486" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly before 1.04, for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50824", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50824" + }, + { + "name": "skysaappbar-skysa-xss(71486)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71486" + }, + { + "name": "20111127 Wordpress skysa-official plugin Cross-Site Scripting Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/520662/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3213.json b/2014/3xxx/CVE-2014-3213.json index 02a3f81f1d2..7a29bedd731 100644 --- a/2014/3xxx/CVE-2014-3213.json +++ b/2014/3xxx/CVE-2014-3213.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3213", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3213", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3369.json b/2014/3xxx/CVE-2014-3369.json index 0ad7562ec9a..305f076dfa4 100644 --- a/2014/3xxx/CVE-2014-3369.json +++ b/2014/3xxx/CVE-2014-3369.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3369", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SIP IX implementation in Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.1.1 allows remote attackers to cause a denial of service (device reload) via crafted SDP packets, aka Bug ID CSCuo42252." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3369", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35828", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35828" - }, - { - "name" : "20141015 Multiple Vulnerabilities in Cisco TelePresence Video Communication Server and Cisco Expressway Software", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-vcs" - }, - { - "name" : "1031055", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031055" - }, - { - "name" : "60850", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60850" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SIP IX implementation in Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.1.1 allows remote attackers to cause a denial of service (device reload) via crafted SDP packets, aka Bug ID CSCuo42252." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "60850", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60850" + }, + { + "name": "1031055", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031055" + }, + { + "name": "20141015 Multiple Vulnerabilities in Cisco TelePresence Video Communication Server and Cisco Expressway Software", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-vcs" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35828", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35828" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3515.json b/2014/3xxx/CVE-2014-3515.json index 51d2f23c87d..d4ba67915b8 100644 --- a/2014/3xxx/CVE-2014-3515.json +++ b/2014/3xxx/CVE-2014-3515.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3515", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to \"type confusion\" issues in (1) ArrayObject and (2) SPLObjectStorage." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3515", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.php.net/?p=php-src.git;a=commit;h=88223c5245e9b470e1e6362bfd96829562ffe6ab", - "refsource" : "CONFIRM", - "url" : "http://git.php.net/?p=php-src.git;a=commit;h=88223c5245e9b470e1e6362bfd96829562ffe6ab" - }, - { - "name" : "http://www.php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php" - }, - { - "name" : "https://bugs.php.net/bug.php?id=67492", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=67492" - }, - { - "name" : "http://support.apple.com/kb/HT6443", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6443" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683486", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683486" - }, - { - "name" : "DSA-2974", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2974" - }, - { - "name" : "HPSBUX03102", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141017844705317&w=2" - }, - { - "name" : "SSRT101681", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141017844705317&w=2" - }, - { - "name" : "RHSA-2014:1765", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1765.html" - }, - { - "name" : "RHSA-2014:1766", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1766.html" - }, - { - "name" : "openSUSE-SU-2014:1236", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html" - }, - { - "name" : "68237", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68237" - }, - { - "name" : "59794", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59794" - }, - { - "name" : "59831", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59831" - }, - { - "name" : "60998", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60998" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to \"type confusion\" issues in (1) ArrayObject and (2) SPLObjectStorage." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.php.net/?p=php-src.git;a=commit;h=88223c5245e9b470e1e6362bfd96829562ffe6ab", + "refsource": "CONFIRM", + "url": "http://git.php.net/?p=php-src.git;a=commit;h=88223c5245e9b470e1e6362bfd96829562ffe6ab" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683486", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683486" + }, + { + "name": "RHSA-2014:1766", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html" + }, + { + "name": "https://bugs.php.net/bug.php?id=67492", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=67492" + }, + { + "name": "HPSBUX03102", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141017844705317&w=2" + }, + { + "name": "DSA-2974", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2974" + }, + { + "name": "59794", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59794" + }, + { + "name": "http://www.php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php" + }, + { + "name": "60998", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60998" + }, + { + "name": "http://support.apple.com/kb/HT6443", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6443" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" + }, + { + "name": "RHSA-2014:1765", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html" + }, + { + "name": "SSRT101681", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141017844705317&w=2" + }, + { + "name": "68237", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68237" + }, + { + "name": "59831", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59831" + }, + { + "name": "openSUSE-SU-2014:1236", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3756.json b/2014/3xxx/CVE-2014-3756.json index 37731188721..5278fd2cc50 100644 --- a/2014/3xxx/CVE-2014-3756.json +++ b/2014/3xxx/CVE-2014-3756.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3756", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the (1) user or (2) channel name in a Qt dialog, (3) subject common name or (4) email address to the Certificate Wizard, or (5) server name in a tooltip." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3756", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140514 Re: Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/05/15/4" - }, - { - "name" : "[oss-security] 20140515 Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/05/15/1" - }, - { - "name" : "http://mumble.info/security/Mumble-SA-2014-006.txt", - "refsource" : "CONFIRM", - "url" : "http://mumble.info/security/Mumble-SA-2014-006.txt" - }, - { - "name" : "67401", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67401" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the (1) user or (2) channel name in a Qt dialog, (3) subject common name or (4) email address to the Certificate Wizard, or (5) server name in a tooltip." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://mumble.info/security/Mumble-SA-2014-006.txt", + "refsource": "CONFIRM", + "url": "http://mumble.info/security/Mumble-SA-2014-006.txt" + }, + { + "name": "67401", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67401" + }, + { + "name": "[oss-security] 20140514 Re: Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/05/15/4" + }, + { + "name": "[oss-security] 20140515 Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/05/15/1" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3964.json b/2014/3xxx/CVE-2014-3964.json index 20599602e60..8cac0c8c27e 100644 --- a/2014/3xxx/CVE-2014-3964.json +++ b/2014/3xxx/CVE-2014-3964.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3964", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3964", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7424.json b/2014/7xxx/CVE-2014-7424.json index 89e0ef8f843..8b07b501b85 100644 --- a/2014/7xxx/CVE-2014-7424.json +++ b/2014/7xxx/CVE-2014-7424.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7424", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Quran Abu Bakr AshShatiri Free (aka com.wQuranAbuBakrFREE) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7424", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#483761", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/483761" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Quran Abu Bakr AshShatiri Free (aka com.wQuranAbuBakrFREE) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#483761", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/483761" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7968.json b/2014/7xxx/CVE-2014-7968.json index 92be4bd285f..91235c7fb92 100644 --- a/2014/7xxx/CVE-2014-7968.json +++ b/2014/7xxx/CVE-2014-7968.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7968", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VDSM allows remote attackers to cause a denial of service (connection blocking) by keeping an SSL connection open." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7968", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141008 CVE request for VDSM denial of service", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/10/08/6" - }, - { - "name" : "[oss-security] 20141008 Re: CVE request for VDSM denial of service", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/10/08/18" - }, - { - "name" : "[oss-security] 20141008 Re: CVE request for VDSM denial of service", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/10/08/16" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1150812", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1150812" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VDSM allows remote attackers to cause a denial of service (connection blocking) by keeping an SSL connection open." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20141008 Re: CVE request for VDSM denial of service", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/10/08/16" + }, + { + "name": "[oss-security] 20141008 Re: CVE request for VDSM denial of service", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/10/08/18" + }, + { + "name": "[oss-security] 20141008 CVE request for VDSM denial of service", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/10/08/6" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1150812", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1150812" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7980.json b/2014/7xxx/CVE-2014-7980.json index 2406c46234b..a2e1e2fc87a 100644 --- a/2014/7xxx/CVE-2014-7980.json +++ b/2014/7xxx/CVE-2014-7980.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7980", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in template.php in Zen theme 7.x-3.x before 7.x-3.3 and 7.x-5.x before 7.x-5.5 for Drupal allow remote authenticated users with the \"administer themes\" permission to inject arbitrary web script or HTML via the skip_link_text setting and unspecified other theme settings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7980", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/2254925", - "refsource" : "MISC", - "url" : "http://drupal.org/node/2254925" - }, - { - "name" : "https://www.drupal.org/node/2254835", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2254835" - }, - { - "name" : "https://www.drupal.org/node/2254837", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2254837" - }, - { - "name" : "67175", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67175" - }, - { - "name" : "58318", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in template.php in Zen theme 7.x-3.x before 7.x-3.3 and 7.x-5.x before 7.x-5.5 for Drupal allow remote authenticated users with the \"administer themes\" permission to inject arbitrary web script or HTML via the skip_link_text setting and unspecified other theme settings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/node/2254837", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2254837" + }, + { + "name": "67175", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67175" + }, + { + "name": "58318", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58318" + }, + { + "name": "http://drupal.org/node/2254925", + "refsource": "MISC", + "url": "http://drupal.org/node/2254925" + }, + { + "name": "https://www.drupal.org/node/2254835", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2254835" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8084.json b/2014/8xxx/CVE-2014-8084.json index bdfdd6c1173..8e0c81774e6 100644 --- a/2014/8xxx/CVE-2014-8084.json +++ b/2014/8xxx/CVE-2014-8084.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8084", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in oc-includes/osclass/controller/ajax.php in OSClass before 3.4.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ajaxfile parameter in a custom action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8084", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141231 [KIS-2014-15] Osclass <= 3.4.2 (ajax.php) Local File Inclusion Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534360/100/0/threaded" - }, - { - "name" : "20141231 [KIS-2014-15] Osclass <= 3.4.2 (ajax.php) Local File Inclusion Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/133" - }, - { - "name" : "http://karmainsecurity.com/KIS-2014-15", - "refsource" : "MISC", - "url" : "http://karmainsecurity.com/KIS-2014-15" - }, - { - "name" : "http://packetstormsecurity.com/files/129776/Osclass-3.4.2-Local-File-Inclusion.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129776/Osclass-3.4.2-Local-File-Inclusion.html" - }, - { - "name" : "http://blog.osclass.org/2014/10/09/osclass-3-4-3-ready-download/", - "refsource" : "CONFIRM", - "url" : "http://blog.osclass.org/2014/10/09/osclass-3-4-3-ready-download/" - }, - { - "name" : "71841", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71841" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in oc-includes/osclass/controller/ajax.php in OSClass before 3.4.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ajaxfile parameter in a custom action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141231 [KIS-2014-15] Osclass <= 3.4.2 (ajax.php) Local File Inclusion Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534360/100/0/threaded" + }, + { + "name": "71841", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71841" + }, + { + "name": "http://karmainsecurity.com/KIS-2014-15", + "refsource": "MISC", + "url": "http://karmainsecurity.com/KIS-2014-15" + }, + { + "name": "http://blog.osclass.org/2014/10/09/osclass-3-4-3-ready-download/", + "refsource": "CONFIRM", + "url": "http://blog.osclass.org/2014/10/09/osclass-3-4-3-ready-download/" + }, + { + "name": "http://packetstormsecurity.com/files/129776/Osclass-3.4.2-Local-File-Inclusion.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129776/Osclass-3.4.2-Local-File-Inclusion.html" + }, + { + "name": "20141231 [KIS-2014-15] Osclass <= 3.4.2 (ajax.php) Local File Inclusion Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/133" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8232.json b/2014/8xxx/CVE-2014-8232.json index ec83fb8acd1..37e1adb8075 100644 --- a/2014/8xxx/CVE-2014-8232.json +++ b/2014/8xxx/CVE-2014-8232.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8232", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8232", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8332.json b/2014/8xxx/CVE-2014-8332.json index 3a4433aa046..a69ee74ad66 100644 --- a/2014/8xxx/CVE-2014-8332.json +++ b/2014/8xxx/CVE-2014-8332.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8332", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8332", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8780.json b/2014/8xxx/CVE-2014-8780.json index 965a6c105da..bcfc545410c 100644 --- a/2014/8xxx/CVE-2014-8780.json +++ b/2014/8xxx/CVE-2014-8780.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8780", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Jease 2.11 allows remote authenticated users to inject arbitrary web script or HTML via a content section note." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8780", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141217 Jease CMS v2.11 - Persistent UI Web Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534272/100/0/threaded" - }, - { - "name" : "https://www.vulnerability-lab.com/get_content.php?id=1373", - "refsource" : "MISC", - "url" : "https://www.vulnerability-lab.com/get_content.php?id=1373" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Jease 2.11 allows remote authenticated users to inject arbitrary web script or HTML via a content section note." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141217 Jease CMS v2.11 - Persistent UI Web Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534272/100/0/threaded" + }, + { + "name": "https://www.vulnerability-lab.com/get_content.php?id=1373", + "refsource": "MISC", + "url": "https://www.vulnerability-lab.com/get_content.php?id=1373" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9622.json b/2014/9xxx/CVE-2014-9622.json index 58de2423eca..863718f235b 100644 --- a/2014/9xxx/CVE-2014-9622.json +++ b/2014/9xxx/CVE-2014-9622.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9622", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2014-9622", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141114 xdg-open RCE", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Nov/36" - }, - { - "name" : "[oss-security] 20150117 Re: CVE Request: xdg-utils: xdg-open: command injection vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/01/17/10" - }, - { - "name" : "https://bugs.freedesktop.org/show_bug.cgi?id=66670", - "refsource" : "CONFIRM", - "url" : "https://bugs.freedesktop.org/show_bug.cgi?id=66670" - }, - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=472888", - "refsource" : "CONFIRM", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=472888" - }, - { - "name" : "DSA-3131", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3131" - }, - { - "name" : "GLSA-201701-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-09" - }, - { - "name" : "71284", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71284" - }, - { - "name" : "62155", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62155" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.freedesktop.org/show_bug.cgi?id=66670", + "refsource": "CONFIRM", + "url": "https://bugs.freedesktop.org/show_bug.cgi?id=66670" + }, + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=472888", + "refsource": "CONFIRM", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=472888" + }, + { + "name": "20141114 xdg-open RCE", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Nov/36" + }, + { + "name": "[oss-security] 20150117 Re: CVE Request: xdg-utils: xdg-open: command injection vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/01/17/10" + }, + { + "name": "62155", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62155" + }, + { + "name": "71284", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71284" + }, + { + "name": "DSA-3131", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3131" + }, + { + "name": "GLSA-201701-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-09" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9844.json b/2014/9xxx/CVE-2014-9844.json index 12e818c67e1..0b92262db34 100644 --- a/2014/9xxx/CVE-2014-9844.json +++ b/2014/9xxx/CVE-2014-9844.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9844", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9844", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160602 Re: ImageMagick CVEs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/02/13" - }, - { - "name" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=36ed9419a68cb1356b1843b48cc12788179cdaee", - "refsource" : "CONFIRM", - "url" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=36ed9419a68cb1356b1843b48cc12788179cdaee" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343502", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343502" - }, - { - "name" : "SUSE-SU-2016:1782", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html" - }, - { - "name" : "SUSE-SU-2016:1783", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html" - }, - { - "name" : "SUSE-SU-2016:1784", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html" - }, - { - "name" : "openSUSE-SU-2016:1724", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html" - }, - { - "name" : "openSUSE-SU-2016:1748", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html" - }, - { - "name" : "openSUSE-SU-2016:1833", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html" - }, - { - "name" : "USN-3131-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3131-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343502", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343502" + }, + { + "name": "openSUSE-SU-2016:1833", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html" + }, + { + "name": "openSUSE-SU-2016:1724", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html" + }, + { + "name": "SUSE-SU-2016:1782", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html" + }, + { + "name": "[oss-security] 20160602 Re: ImageMagick CVEs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" + }, + { + "name": "openSUSE-SU-2016:1748", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html" + }, + { + "name": "SUSE-SU-2016:1784", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html" + }, + { + "name": "SUSE-SU-2016:1783", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html" + }, + { + "name": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=36ed9419a68cb1356b1843b48cc12788179cdaee", + "refsource": "CONFIRM", + "url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=36ed9419a68cb1356b1843b48cc12788179cdaee" + }, + { + "name": "USN-3131-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3131-1" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2080.json b/2016/2xxx/CVE-2016-2080.json index 946b6110615..35994fcc1e8 100644 --- a/2016/2xxx/CVE-2016-2080.json +++ b/2016/2xxx/CVE-2016-2080.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2080", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2080", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2084.json b/2016/2xxx/CVE-2016-2084.json index bd916a8070e..8081a11070c 100644 --- a/2016/2xxx/CVE-2016-2084.json +++ b/2016/2xxx/CVE-2016-2084.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2084", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP AAM 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP DNS 12.0.0 before build 1.14.628; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, and 11.6.0 before build 6.204.442; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 build 685-HF10; BIG-IQ Cloud, Device, and Security 4.2.0 through 4.5.0; and BIG-IQ ADC 4.5.0 do not properly regenerate certificates and keys when deploying cloud images in Amazon Web Services (AWS), Azure or Verizon cloud services environments, which allows attackers to obtain sensitive information or cause a denial of service (disruption) by leveraging a target instance configuration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2084", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/kb/en-us/solutions/public/k/11/sol11772107.html", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/kb/en-us/solutions/public/k/11/sol11772107.html" - }, - { - "name" : "1035520", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035520" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP AAM 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP DNS 12.0.0 before build 1.14.628; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, and 11.6.0 before build 6.204.442; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 build 685-HF10; BIG-IQ Cloud, Device, and Security 4.2.0 through 4.5.0; and BIG-IQ ADC 4.5.0 do not properly regenerate certificates and keys when deploying cloud images in Amazon Web Services (AWS), Azure or Verizon cloud services environments, which allows attackers to obtain sensitive information or cause a denial of service (disruption) by leveraging a target instance configuration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1035520", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035520" + }, + { + "name": "https://support.f5.com/kb/en-us/solutions/public/k/11/sol11772107.html", + "refsource": "CONFIRM", + "url": "https://support.f5.com/kb/en-us/solutions/public/k/11/sol11772107.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2486.json b/2016/2xxx/CVE-2016-2486.json index b1cb9c99b55..746fc482b18 100644 --- a/2016/2xxx/CVE-2016-2486.json +++ b/2016/2xxx/CVE-2016-2486.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2486", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mp3dec/SoftMP3.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate the relationship between allocated memory and the frame size, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27793371." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-2486", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-06-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-06-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/frameworks/av/+/ad40e57890f81a3cf436c5f06da66396010bd9e5", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/av/+/ad40e57890f81a3cf436c5f06da66396010bd9e5" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mp3dec/SoftMP3.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate the relationship between allocated memory and the frame size, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27793371." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://android.googlesource.com/platform/frameworks/av/+/ad40e57890f81a3cf436c5f06da66396010bd9e5", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/av/+/ad40e57890f81a3cf436c5f06da66396010bd9e5" + }, + { + "name": "http://source.android.com/security/bulletin/2016-06-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-06-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2743.json b/2016/2xxx/CVE-2016-2743.json index b34883b54a2..3e356937e99 100644 --- a/2016/2xxx/CVE-2016-2743.json +++ b/2016/2xxx/CVE-2016-2743.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2743", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2743", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2830.json b/2016/2xxx/CVE-2016-2830.json index 5a076d31a8b..09ff628a2d4 100644 --- a/2016/2xxx/CVE-2016-2830.json +++ b/2016/2xxx/CVE-2016-2830.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2830", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple IP addresses." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2016-2830", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2016/mfsa2016-63.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2016/mfsa2016-63.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1255270", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1255270" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" - }, - { - "name" : "DSA-3640", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3640" - }, - { - "name" : "GLSA-201701-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-15" - }, - { - "name" : "RHSA-2016:1551", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1551.html" - }, - { - "name" : "openSUSE-SU-2016:1964", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html" - }, - { - "name" : "openSUSE-SU-2016:2026", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html" - }, - { - "name" : "USN-3044-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3044-1" - }, - { - "name" : "92261", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92261" - }, - { - "name" : "1036508", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036508" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple IP addresses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3640", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3640" + }, + { + "name": "1036508", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036508" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" + }, + { + "name": "USN-3044-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3044-1" + }, + { + "name": "RHSA-2016:1551", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1551.html" + }, + { + "name": "GLSA-201701-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-15" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1255270", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1255270" + }, + { + "name": "openSUSE-SU-2016:1964", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html" + }, + { + "name": "92261", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92261" + }, + { + "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-63.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-63.html" + }, + { + "name": "openSUSE-SU-2016:2026", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2880.json b/2016/2xxx/CVE-2016-2880.json index 9f49a00bb5f..7d503af4c95 100644 --- a/2016/2xxx/CVE-2016-2880.json +++ b/2016/2xxx/CVE-2016-2880.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-2880", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "QRadar SIEM", - "version" : { - "version_data" : [ - { - "version_value" : "7.1 MR1" - }, - { - "version_value" : "7.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.2" - }, - { - "version_value" : "7.1 MR2" - }, - { - "version_value" : "7" - }, - { - "version_value" : "7.1 MR2" - }, - { - "version_value" : "7.2.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM QRadar 7.2 stores the encryption key used to encrypt the service account password which can be obtained by a local user. IBM Reference #: 1997340." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-2880", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "QRadar SIEM", + "version": { + "version_data": [ + { + "version_value": "7.1 MR1" + }, + { + "version_value": "7.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.2" + }, + { + "version_value": "7.1 MR2" + }, + { + "version_value": "7" + }, + { + "version_value": "7.1 MR2" + }, + { + "version_value": "7.2.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21997340", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21997340" - }, - { - "name" : "96614", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96614" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM QRadar 7.2 stores the encryption key used to encrypt the service account password which can be obtained by a local user. IBM Reference #: 1997340." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96614", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96614" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21997340", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21997340" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6130.json b/2016/6xxx/CVE-2016-6130.json index c79f147f319..2c4b823cff5 100644 --- a/2016/6xxx/CVE-2016-6130.json +++ b/2016/6xxx/CVE-2016-6130.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6130", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel before 4.6 allows local users to obtain sensitive information from kernel memory by changing a certain length value, aka a \"double fetch\" vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6130", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160630 [CVE-2016-6130] Double-Fetch Vulnerability in Linux-4.5/drivers/s390/char/sclp_ctl.c", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/538803/30/0/threaded" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=532c34b5fbf1687df63b3fcd5b2846312ac943c6", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=532c34b5fbf1687df63b3fcd5b2846312ac943c6" - }, - { - "name" : "https://bugzilla.kernel.org/show_bug.cgi?id=116741", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.kernel.org/show_bug.cgi?id=116741" - }, - { - "name" : "https://github.com/torvalds/linux/commit/532c34b5fbf1687df63b3fcd5b2846312ac943c6", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/532c34b5fbf1687df63b3fcd5b2846312ac943c6" - }, - { - "name" : "DSA-3616", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3616" - }, - { - "name" : "91540", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91540" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel before 4.6 allows local users to obtain sensitive information from kernel memory by changing a certain length value, aka a \"double fetch\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/torvalds/linux/commit/532c34b5fbf1687df63b3fcd5b2846312ac943c6", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/532c34b5fbf1687df63b3fcd5b2846312ac943c6" + }, + { + "name": "DSA-3616", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3616" + }, + { + "name": "91540", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91540" + }, + { + "name": "20160630 [CVE-2016-6130] Double-Fetch Vulnerability in Linux-4.5/drivers/s390/char/sclp_ctl.c", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/538803/30/0/threaded" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=532c34b5fbf1687df63b3fcd5b2846312ac943c6", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=532c34b5fbf1687df63b3fcd5b2846312ac943c6" + }, + { + "name": "https://bugzilla.kernel.org/show_bug.cgi?id=116741", + "refsource": "CONFIRM", + "url": "https://bugzilla.kernel.org/show_bug.cgi?id=116741" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6702.json b/2016/6xxx/CVE-2016-6702.json index 5ab48b153c1..c5f034acdbe 100644 --- a/2016/6xxx/CVE-2016-6702.json +++ b/2016/6xxx/CVE-2016-6702.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-6702", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-4.4.4" - }, - { - "version_value" : "Android-5.0.2" - }, - { - "version_value" : "Android-5.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability in libjpeg in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses libjpeg. Android ID: A-30259087." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-6702", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-4.4.4" + }, + { + "version_value": "Android-5.0.2" + }, + { + "version_value": "Android-5.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2016-11-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2016-11-01.html" - }, - { - "name" : "94160", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94160" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability in libjpeg in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses libjpeg. Android ID: A-30259087." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2016-11-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2016-11-01.html" + }, + { + "name": "94160", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94160" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7760.json b/2016/7xxx/CVE-2016-7760.json index 59f8107a47b..34b3c7ce7f2 100644 --- a/2016/7xxx/CVE-2016-7760.json +++ b/2016/7xxx/CVE-2016-7760.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7760", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7760", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7956.json b/2016/7xxx/CVE-2016-7956.json index 3e711e9f2c5..deae1fc57bc 100644 --- a/2016/7xxx/CVE-2016-7956.json +++ b/2016/7xxx/CVE-2016-7956.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7956", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7956", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5435.json b/2017/5xxx/CVE-2017-5435.json index 7cc8490898f..9a4d2bdd7a1 100644 --- a/2017/5xxx/CVE-2017-5435.json +++ b/2017/5xxx/CVE-2017-5435.json @@ -1,139 +1,139 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-5435", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.1" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "45.9" - }, - { - "version_affected" : "<", - "version_value" : "52.1" - } - ] - } - }, - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "53" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use-after-free during transaction processing in the editor" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-5435", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.1" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "45.9" + }, + { + "version_affected": "<", + "version_value": "52.1" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "53" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1350683", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1350683" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-10/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-10/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-11/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-11/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-12/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-12/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-13/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-13/" - }, - { - "name" : "DSA-3831", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3831" - }, - { - "name" : "RHSA-2017:1104", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1104" - }, - { - "name" : "RHSA-2017:1106", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1106" - }, - { - "name" : "RHSA-2017:1201", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1201" - }, - { - "name" : "97940", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97940" - }, - { - "name" : "1038320", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038320" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free during transaction processing in the editor" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:1106", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1106" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-12/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-12/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-11/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-11/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-10/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-10/" + }, + { + "name": "97940", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97940" + }, + { + "name": "DSA-3831", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3831" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-13/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-13/" + }, + { + "name": "1038320", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038320" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1350683", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1350683" + }, + { + "name": "RHSA-2017:1104", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1104" + }, + { + "name": "RHSA-2017:1201", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1201" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5525.json b/2017/5xxx/CVE-2017-5525.json index 80152813b57..94968e7d2f3 100644 --- a/2017/5xxx/CVE-2017-5525.json +++ b/2017/5xxx/CVE-2017-5525.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5525", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-5525", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170118 CVE request Qemu: audio: memory leakage in ac97 device", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/17/19" - }, - { - "name" : "[oss-security] 20170118 Re: CVE request Qemu: audio: memory leakage in ac97 device", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/18/7" - }, - { - "name" : "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" - }, - { - "name" : "http://git.qemu-project.org/?p=qemu.git;a=commit;h=12351a91da97b414eec8cdb09f1d9f41e535a401", - "refsource" : "CONFIRM", - "url" : "http://git.qemu-project.org/?p=qemu.git;a=commit;h=12351a91da97b414eec8cdb09f1d9f41e535a401" - }, - { - "name" : "GLSA-201702-28", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-28" - }, - { - "name" : "95671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20170118 Re: CVE request Qemu: audio: memory leakage in ac97 device", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/18/7" + }, + { + "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" + }, + { + "name": "GLSA-201702-28", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-28" + }, + { + "name": "95671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95671" + }, + { + "name": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=12351a91da97b414eec8cdb09f1d9f41e535a401", + "refsource": "CONFIRM", + "url": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=12351a91da97b414eec8cdb09f1d9f41e535a401" + }, + { + "name": "[oss-security] 20170118 CVE request Qemu: audio: memory leakage in ac97 device", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/17/19" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5580.json b/2017/5xxx/CVE-2017-5580.json index c8d5784d6f6..83f91e0fd37 100644 --- a/2017/5xxx/CVE-2017-5580.json +++ b/2017/5xxx/CVE-2017-5580.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5580", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The parse_instruction function in gallium/auxiliary/tgsi/tgsi_text.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and process crash) via a crafted texture instruction." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-5580", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170124 CVE request Virglrenderer: OOB access while parsing texture instruction", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/24/5" - }, - { - "name" : "[oss-security] 20170125 Re: CVE request Virglrenderer: OOB access while parsing texture instruction", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/25/5" - }, - { - "name" : "[virglrenderer-devel] 20170210 [ANNOUNCE] virglrenderer 0.6.0", - "refsource" : "MLIST", - "url" : "https://lists.freedesktop.org/archives/virglrenderer-devel/2017-February/000145.html" - }, - { - "name" : "https://cgit.freedesktop.org/virglrenderer/commit/src/gallium/auxiliary/tgsi/tgsi_text.c?id=28894a30a17a84529be102b21118e55d6c9f23fa", - "refsource" : "CONFIRM", - "url" : "https://cgit.freedesktop.org/virglrenderer/commit/src/gallium/auxiliary/tgsi/tgsi_text.c?id=28894a30a17a84529be102b21118e55d6c9f23fa" - }, - { - "name" : "GLSA-201707-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201707-06" - }, - { - "name" : "95782", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95782" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The parse_instruction function in gallium/auxiliary/tgsi/tgsi_text.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and process crash) via a crafted texture instruction." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201707-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201707-06" + }, + { + "name": "[virglrenderer-devel] 20170210 [ANNOUNCE] virglrenderer 0.6.0", + "refsource": "MLIST", + "url": "https://lists.freedesktop.org/archives/virglrenderer-devel/2017-February/000145.html" + }, + { + "name": "https://cgit.freedesktop.org/virglrenderer/commit/src/gallium/auxiliary/tgsi/tgsi_text.c?id=28894a30a17a84529be102b21118e55d6c9f23fa", + "refsource": "CONFIRM", + "url": "https://cgit.freedesktop.org/virglrenderer/commit/src/gallium/auxiliary/tgsi/tgsi_text.c?id=28894a30a17a84529be102b21118e55d6c9f23fa" + }, + { + "name": "95782", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95782" + }, + { + "name": "[oss-security] 20170124 CVE request Virglrenderer: OOB access while parsing texture instruction", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/24/5" + }, + { + "name": "[oss-security] 20170125 Re: CVE request Virglrenderer: OOB access while parsing texture instruction", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/25/5" + } + ] + } +} \ No newline at end of file