diff --git a/2006/0xxx/CVE-2006-0001.json b/2006/0xxx/CVE-2006-0001.json index 0935e308898..2ff366d2cf7 100644 --- a/2006/0xxx/CVE-2006-0001.json +++ b/2006/0xxx/CVE-2006-0001.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0001", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2006-0001", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060912 Computer Terrorism (UK) :: Incident Response Centre - Microsoft Publisher Font Parsing Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445824/100/0/threaded" - }, - { - "name" : "http://www.computerterrorism.com/research/ct12-09-2006-2.htm", - "refsource" : "MISC", - "url" : "http://www.computerterrorism.com/research/ct12-09-2006-2.htm" - }, - { - "name" : "HPSBST02134", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446630/100/100/threaded" - }, - { - "name" : "SSRT061187", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446630/100/100/threaded" - }, - { - "name" : "MS06-054", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-054" - }, - { - "name" : "TA06-255A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-255A.html" - }, - { - "name" : "VU#406236", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/406236" - }, - { - "name" : "19951", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19951" - }, - { - "name" : "ADV-2006-3565", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3565" - }, - { - "name" : "oval:org.mitre.oval:def:590", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A590" - }, - { - "name" : "1016825", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016825" - }, - { - "name" : "21863", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21863" - }, - { - "name" : "1548", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1548" - }, - { - "name" : "publisher-pub-code-execution(28648)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28648" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:590", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A590" + }, + { + "name": "VU#406236", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/406236" + }, + { + "name": "1548", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1548" + }, + { + "name": "1016825", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016825" + }, + { + "name": "19951", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19951" + }, + { + "name": "MS06-054", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-054" + }, + { + "name": "TA06-255A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-255A.html" + }, + { + "name": "21863", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21863" + }, + { + "name": "publisher-pub-code-execution(28648)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28648" + }, + { + "name": "SSRT061187", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446630/100/100/threaded" + }, + { + "name": "ADV-2006-3565", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3565" + }, + { + "name": "20060912 Computer Terrorism (UK) :: Incident Response Centre - Microsoft Publisher Font Parsing Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445824/100/0/threaded" + }, + { + "name": "http://www.computerterrorism.com/research/ct12-09-2006-2.htm", + "refsource": "MISC", + "url": "http://www.computerterrorism.com/research/ct12-09-2006-2.htm" + }, + { + "name": "HPSBST02134", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446630/100/100/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0043.json b/2006/0xxx/CVE-2006-0043.json index 81fc6f53fcc..b9c0a3d5d39 100644 --- a/2006/0xxx/CVE-2006-0043.json +++ b/2006/0xxx/CVE-2006-0043.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0043", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the realpath function in nfs-server rpc.mountd, as used in SUSE Linux 9.1 through 10.0, allows local users to execute arbitrary code via unspecified vectors involving mount requests and symlinks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-0043", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=350020", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=350020" - }, - { - "name" : "DSA-975", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-975" - }, - { - "name" : "SUSE-SA:2006:005", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2006-Jan/0007.html" - }, - { - "name" : "16388", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16388" - }, - { - "name" : "ADV-2006-0348", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0348" - }, - { - "name" : "18614", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18614" - }, - { - "name" : "18638", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18638" - }, - { - "name" : "18889", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18889" - }, - { - "name" : "nfs-rpcmountd-realpath-bo(24347)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24347" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the realpath function in nfs-server rpc.mountd, as used in SUSE Linux 9.1 through 10.0, allows local users to execute arbitrary code via unspecified vectors involving mount requests and symlinks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0348", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0348" + }, + { + "name": "SUSE-SA:2006:005", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jan/0007.html" + }, + { + "name": "18614", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18614" + }, + { + "name": "18638", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18638" + }, + { + "name": "DSA-975", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-975" + }, + { + "name": "16388", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16388" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=350020", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=350020" + }, + { + "name": "18889", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18889" + }, + { + "name": "nfs-rpcmountd-realpath-bo(24347)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24347" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0732.json b/2006/0xxx/CVE-2006-0732.json index 19bc9ec5a44..a1958127678 100644 --- a/2006/0xxx/CVE-2006-0732.json +++ b/2006/0xxx/CVE-2006-0732.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0732", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in SAP Business Connector (BC) 4.6 and 4.7 allows remote attackers to read or delete arbitrary files via the fullName parameter to (1) sapbc/SAP/chopSAPLog.dsp or (2) invoke/sap.monitor.rfcTrace/deleteSingle. Details will be updated after the grace period has ended. NOTE: SAP Business Connector is an OEM version of webMethods Integration Server. webMethods states that this issue can only occur when the product is installed as root/admin, and if the attacker has access to a general purpose port; however, both are discouraged in the documentation. In addition, the attacker must already have acquired administrative privileges through other means." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0732", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060215 CYBSEC - Security Pre-Advisory: Arbitrary File Read/Delete in SAPBC", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/425048/100/0/threaded" - }, - { - "name" : "http://www.cybsec.com/vuln/CYBSEC_Security_Pre-Advisory_Arbitrary_File_Read_or_Delete_in_SAP_BC.pdf", - "refsource" : "MISC", - "url" : "http://www.cybsec.com/vuln/CYBSEC_Security_Pre-Advisory_Arbitrary_File_Read_or_Delete_in_SAP_BC.pdf" - }, - { - "name" : "20060515 CYBSEC - Security Advisory: Arbitrary File Read/Delete in SAP BC(Business Connector)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/434014/30/4980/threaded" - }, - { - "name" : "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Arbitrary_File_Read_or_Delete_in_SAP_BC.pdf", - "refsource" : "MISC", - "url" : "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Arbitrary_File_Read_or_Delete_in_SAP_BC.pdf" - }, - { - "name" : "16668", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16668" - }, - { - "name" : "ADV-2006-0611", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0611" - }, - { - "name" : "1015639", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015639" - }, - { - "name" : "1016122", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016122" - }, - { - "name" : "1016090", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016090" - }, - { - "name" : "18880", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18880" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in SAP Business Connector (BC) 4.6 and 4.7 allows remote attackers to read or delete arbitrary files via the fullName parameter to (1) sapbc/SAP/chopSAPLog.dsp or (2) invoke/sap.monitor.rfcTrace/deleteSingle. Details will be updated after the grace period has ended. NOTE: SAP Business Connector is an OEM version of webMethods Integration Server. webMethods states that this issue can only occur when the product is installed as root/admin, and if the attacker has access to a general purpose port; however, both are discouraged in the documentation. In addition, the attacker must already have acquired administrative privileges through other means." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18880", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18880" + }, + { + "name": "20060515 CYBSEC - Security Advisory: Arbitrary File Read/Delete in SAP BC(Business Connector)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/434014/30/4980/threaded" + }, + { + "name": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Arbitrary_File_Read_or_Delete_in_SAP_BC.pdf", + "refsource": "MISC", + "url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Arbitrary_File_Read_or_Delete_in_SAP_BC.pdf" + }, + { + "name": "1016122", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016122" + }, + { + "name": "16668", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16668" + }, + { + "name": "1016090", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016090" + }, + { + "name": "1015639", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015639" + }, + { + "name": "20060215 CYBSEC - Security Pre-Advisory: Arbitrary File Read/Delete in SAPBC", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/425048/100/0/threaded" + }, + { + "name": "ADV-2006-0611", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0611" + }, + { + "name": "http://www.cybsec.com/vuln/CYBSEC_Security_Pre-Advisory_Arbitrary_File_Read_or_Delete_in_SAP_BC.pdf", + "refsource": "MISC", + "url": "http://www.cybsec.com/vuln/CYBSEC_Security_Pre-Advisory_Arbitrary_File_Read_or_Delete_in_SAP_BC.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0824.json b/2006/0xxx/CVE-2006-0824.json index d7941ff84cc..2a4294cc2c4 100644 --- a/2006/0xxx/CVE-2006-0824.json +++ b/2006/0xxx/CVE-2006-0824.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0824", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in lib-common.php in Geeklog 1.4.0 before 1.4.0sr1 and 1.3.11 before 1.3.11sr4 allow remote attackers to include arbitrary local files and execute arbitrary code via (1) absolute paths in unspecified parameters and (2) the language cookie, as demonstrated for code execution using error.log." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0824", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060219 Geeklog Remote Code Execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/425506/100/0/threaded" - }, - { - "name" : "http://www.gulftech.org/?node=research&article_id=00102-02192006", - "refsource" : "MISC", - "url" : "http://www.gulftech.org/?node=research&article_id=00102-02192006" - }, - { - "name" : "http://www.geeklog.net/article.php/geeklog-1.4.0sr1", - "refsource" : "CONFIRM", - "url" : "http://www.geeklog.net/article.php/geeklog-1.4.0sr1" - }, - { - "name" : "16755", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16755" - }, - { - "name" : "ADV-2006-0661", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0661" - }, - { - "name" : "23349", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23349" - }, - { - "name" : "18920", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18920" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in lib-common.php in Geeklog 1.4.0 before 1.4.0sr1 and 1.3.11 before 1.3.11sr4 allow remote attackers to include arbitrary local files and execute arbitrary code via (1) absolute paths in unspecified parameters and (2) the language cookie, as demonstrated for code execution using error.log." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0661", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0661" + }, + { + "name": "http://www.geeklog.net/article.php/geeklog-1.4.0sr1", + "refsource": "CONFIRM", + "url": "http://www.geeklog.net/article.php/geeklog-1.4.0sr1" + }, + { + "name": "23349", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23349" + }, + { + "name": "16755", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16755" + }, + { + "name": "20060219 Geeklog Remote Code Execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/425506/100/0/threaded" + }, + { + "name": "18920", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18920" + }, + { + "name": "http://www.gulftech.org/?node=research&article_id=00102-02192006", + "refsource": "MISC", + "url": "http://www.gulftech.org/?node=research&article_id=00102-02192006" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1041.json b/2006/1xxx/CVE-2006-1041.json index bef875c64ae..90a7f70331a 100644 --- a/2006/1xxx/CVE-2006-1041.json +++ b/2006/1xxx/CVE-2006-1041.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1041", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Gregarius 0.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) rss_query parameter to search.php or (2) tag parameter to tags.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1041", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060303 Gregarius 0.5.2 XSS and SQL Injection Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426656/100/0/threaded" - }, - { - "name" : "16939", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16939" - }, - { - "name" : "ADV-2006-0819", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0819" - }, - { - "name" : "23678", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23678" - }, - { - "name" : "23679", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23679" - }, - { - "name" : "19102", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19102" - }, - { - "name" : "gregarius-multiple-xss(25058)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25058" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Gregarius 0.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) rss_query parameter to search.php or (2) tag parameter to tags.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16939", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16939" + }, + { + "name": "23679", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23679" + }, + { + "name": "20060303 Gregarius 0.5.2 XSS and SQL Injection Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426656/100/0/threaded" + }, + { + "name": "gregarius-multiple-xss(25058)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25058" + }, + { + "name": "ADV-2006-0819", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0819" + }, + { + "name": "23678", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23678" + }, + { + "name": "19102", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19102" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1437.json b/2006/1xxx/CVE-2006-1437.json index ecbd43eb464..4ffdfdc7e5f 100644 --- a/2006/1xxx/CVE-2006-1437.json +++ b/2006/1xxx/CVE-2006-1437.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1437", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "UPOINT @1 Event Publisher stores sensitive information under the web document root with insufifcient access control, which allows remote attackers to read private comments via a direct request to eventpublisher.txt." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1437", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://osvdb.org/ref/24/24236-upoint.txt", - "refsource" : "MISC", - "url" : "http://osvdb.org/ref/24/24236-upoint.txt" - }, - { - "name" : "17647", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17647" - }, - { - "name" : "24237", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24237" - }, - { - "name" : "19727", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19727" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "UPOINT @1 Event Publisher stores sensitive information under the web document root with insufifcient access control, which allows remote attackers to read private comments via a direct request to eventpublisher.txt." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17647", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17647" + }, + { + "name": "19727", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19727" + }, + { + "name": "http://osvdb.org/ref/24/24236-upoint.txt", + "refsource": "MISC", + "url": "http://osvdb.org/ref/24/24236-upoint.txt" + }, + { + "name": "24237", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24237" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1670.json b/2006/1xxx/CVE-2006-1670.json index f4f29ecb41a..a80afc8d2ec 100644 --- a/2006/1xxx/CVE-2006-1670.json +++ b/2006/1xxx/CVE-2006-1670.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1670", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Control cards for Cisco Optical Networking System (ONS) 15000 series nodes before 20060405 allow remote attackers to cause a denial of service (memory exhaustion and possibly card reset) by sending an invalid response when the final ACK is expected, aka bug ID CSCei45910." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1670", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060405 Cisco Optical Networking System 15000 Series and Cisco Transport Controller Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20060405-ons.shtml" - }, - { - "name" : "17384", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17384" - }, - { - "name" : "ADV-2006-1256", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1256" - }, - { - "name" : "24434", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24434" - }, - { - "name" : "1015872", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015872" - }, - { - "name" : "19553", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19553" - }, - { - "name" : "cisco-ons-iplan-ack-dos(25643)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25643" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Control cards for Cisco Optical Networking System (ONS) 15000 series nodes before 20060405 allow remote attackers to cause a denial of service (memory exhaustion and possibly card reset) by sending an invalid response when the final ACK is expected, aka bug ID CSCei45910." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24434", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24434" + }, + { + "name": "1015872", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015872" + }, + { + "name": "ADV-2006-1256", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1256" + }, + { + "name": "19553", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19553" + }, + { + "name": "17384", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17384" + }, + { + "name": "20060405 Cisco Optical Networking System 15000 Series and Cisco Transport Controller Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060405-ons.shtml" + }, + { + "name": "cisco-ons-iplan-ack-dos(25643)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25643" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1844.json b/2006/1xxx/CVE-2006-1844.json index 6b2a9213ff3..d97cf1c0653 100644 --- a/2006/1xxx/CVE-2006-1844.json +++ b/2006/1xxx/CVE-2006-1844.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1844", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1844", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356939", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356939" - }, - { - "name" : "23922", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23922" - }, - { - "name" : "19170", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19170" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356939", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356939" + }, + { + "name": "23922", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23922" + }, + { + "name": "19170", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19170" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4044.json b/2006/4xxx/CVE-2006-4044.json index af699dbabb7..a75426b2ef3 100644 --- a/2006/4xxx/CVE-2006-4044.json +++ b/2006/4xxx/CVE-2006-4044.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4044", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in Beautifier/Core.php in Brad Fears phpCodeCabinet 0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the BEAUT_PATH parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4044", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060804 PHPCodeCabinet Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0146.html" - }, - { - "name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/PHPCabinetRFIAugust052006.html", - "refsource" : "MISC", - "url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/PHPCabinetRFIAugust052006.html" - }, - { - "name" : "19359", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19359" - }, - { - "name" : "ADV-2006-3168", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3168" - }, - { - "name" : "21386", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21386" - }, - { - "name" : "phpcodecabinet-core-file-include(28238)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28238" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in Beautifier/Core.php in Brad Fears phpCodeCabinet 0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the BEAUT_PATH parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21386", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21386" + }, + { + "name": "http://downloads.securityfocus.com/vulnerabilities/exploits/PHPCabinetRFIAugust052006.html", + "refsource": "MISC", + "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/PHPCabinetRFIAugust052006.html" + }, + { + "name": "phpcodecabinet-core-file-include(28238)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28238" + }, + { + "name": "19359", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19359" + }, + { + "name": "20060804 PHPCodeCabinet Vulnerability", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0146.html" + }, + { + "name": "ADV-2006-3168", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3168" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4891.json b/2006/4xxx/CVE-2006-4891.json index 81d4c7ac950..54dfeca9aed 100644 --- a/2006/4xxx/CVE-2006-4891.json +++ b/2006/4xxx/CVE-2006-4891.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4891", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in ArticlesTableview.asp in Techno Dreams Articles & Papers Package 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4891", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060917 Techno Dreams Articles&Papers Package <=v2.0(ArticlesTableview.asp) Remote SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/446312/100/0/threaded" - }, - { - "name" : "2386", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2386" - }, - { - "name" : "20073", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20073" - }, - { - "name" : "ADV-2006-3682", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3682" - }, - { - "name" : "21976", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21976" - }, - { - "name" : "1613", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1613" - }, - { - "name" : "technodreams-articlestable-sql-injection(28978)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28978" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in ArticlesTableview.asp in Techno Dreams Articles & Papers Package 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21976", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21976" + }, + { + "name": "ADV-2006-3682", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3682" + }, + { + "name": "20060917 Techno Dreams Articles&Papers Package <=v2.0(ArticlesTableview.asp) Remote SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/446312/100/0/threaded" + }, + { + "name": "1613", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1613" + }, + { + "name": "2386", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2386" + }, + { + "name": "20073", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20073" + }, + { + "name": "technodreams-articlestable-sql-injection(28978)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28978" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5485.json b/2006/5xxx/CVE-2006-5485.json index 0b1c5e8fece..a4abcd047c6 100644 --- a/2006/5xxx/CVE-2006-5485.json +++ b/2006/5xxx/CVE-2006-5485.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5485", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in SpeedBerg 1.2beta1 allow remote attackers to execute arbitrary PHP code via a URL in the SPEEDBERG_PATH parameter to (1) entrancePage.tpl.php, (2) generalToolBox.tlb.php, (3) myToolBox.tlb.php, (4) scriplet.inc.php, (5) simplePage.tpl.php, (6) speedberg.class.php, and (7) standardPage.tpl.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5485", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061022 speedberg <= 1.2beta1 Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/449468/100/0/threaded" - }, - { - "name" : "20061023 Source VERIFY - speedberg RFI", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2006-October/001091.html" - }, - { - "name" : "20670", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20670" - }, - { - "name" : "1762", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1762" - }, - { - "name" : "speedberg-speedberg-file-include(29699)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29699" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in SpeedBerg 1.2beta1 allow remote attackers to execute arbitrary PHP code via a URL in the SPEEDBERG_PATH parameter to (1) entrancePage.tpl.php, (2) generalToolBox.tlb.php, (3) myToolBox.tlb.php, (4) scriplet.inc.php, (5) simplePage.tpl.php, (6) speedberg.class.php, and (7) standardPage.tpl.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061023 Source VERIFY - speedberg RFI", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2006-October/001091.html" + }, + { + "name": "1762", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1762" + }, + { + "name": "20061022 speedberg <= 1.2beta1 Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/449468/100/0/threaded" + }, + { + "name": "speedberg-speedberg-file-include(29699)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29699" + }, + { + "name": "20670", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20670" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5572.json b/2006/5xxx/CVE-2006-5572.json index 6db06ef4300..51bd471995e 100644 --- a/2006/5xxx/CVE-2006-5572.json +++ b/2006/5xxx/CVE-2006-5572.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5572", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-5572", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0118.json b/2010/0xxx/CVE-2010-0118.json index 43e8ac70b12..c7d5d98f0f5 100644 --- a/2010/0xxx/CVE-2010-0118.json +++ b/2010/0xxx/CVE-2010-0118.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0118", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bournal before 1.4.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files associated with a --hack_the_gibson update check." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2010-0118", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100222 Secunia Research: Bournal Insecure Temporary Files Security Issue", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/509685/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2010-6/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2010-6/" - }, - { - "name" : "FEDORA-2010-3168", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036764.html" - }, - { - "name" : "FEDORA-2010-3221", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036701.html" - }, - { - "name" : "FEDORA-2010-3301", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036697.html" - }, - { - "name" : "38353", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38353" - }, - { - "name" : "38554", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38554" - }, - { - "name" : "38814", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38814" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bournal before 1.4.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files associated with a --hack_the_gibson update check." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100222 Secunia Research: Bournal Insecure Temporary Files Security Issue", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/509685/100/0/threaded" + }, + { + "name": "FEDORA-2010-3221", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036701.html" + }, + { + "name": "FEDORA-2010-3168", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036764.html" + }, + { + "name": "38554", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38554" + }, + { + "name": "http://secunia.com/secunia_research/2010-6/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2010-6/" + }, + { + "name": "38814", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38814" + }, + { + "name": "FEDORA-2010-3301", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036697.html" + }, + { + "name": "38353", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38353" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0203.json b/2010/0xxx/CVE-2010-0203.json index 631ad7e4b51..f93d5994e78 100644 --- a/2010/0xxx/CVE-2010-0203.json +++ b/2010/0xxx/CVE-2010-0203.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0203", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0199, and CVE-2010-0202." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-0203", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-09.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-09.html" - }, - { - "name" : "TA10-103C", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-103C.html" - }, - { - "name" : "39329", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39329" - }, - { - "name" : "oval:org.mitre.oval:def:7494", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7494" - }, - { - "name" : "ADV-2010-0873", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0873" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0199, and CVE-2010-0202." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:7494", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7494" + }, + { + "name": "ADV-2010-0873", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0873" + }, + { + "name": "TA10-103C", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-103C.html" + }, + { + "name": "39329", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39329" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-09.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-09.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0247.json b/2010/0xxx/CVE-2010-0247.json index f7bd4429ac4..018b57d9c53 100644 --- a/2010/0xxx/CVE-2010-0247.json +++ b/2010/0xxx/CVE-2010-0247.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0247", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka \"Uninitialized Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-0247", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-002", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-002" - }, - { - "name" : "oval:org.mitre.oval:def:8506", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8506" - }, - { - "name" : "ie-uninitialized-obj-code-exec(55777)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55777" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka \"Uninitialized Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:8506", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8506" + }, + { + "name": "ie-uninitialized-obj-code-exec(55777)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55777" + }, + { + "name": "MS10-002", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-002" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3389.json b/2010/3xxx/CVE-2010-3389.json index 33c6baf06f1..e6bc0f1fc8c 100644 --- a/2010/3xxx/CVE-2010-3389.json +++ b/2010/3xxx/CVE-2010-3389.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3389", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents (aka resource-agents or cluster-agents) 1.0.3 in Linux-HA place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3389", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598549", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598549" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=639044", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=639044" - }, - { - "name" : "GLSA-201110-18", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201110-18.xml" - }, - { - "name" : "RHSA-2011:0264", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0264.html" - }, - { - "name" : "RHSA-2011:1000", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1000.html" - }, - { - "name" : "RHSA-2011:1580", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1580.html" - }, - { - "name" : "43372", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43372" - }, - { - "name" : "ADV-2011-0416", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0416" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents (aka resource-agents or cluster-agents) 1.0.3 in Linux-HA place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=639044", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639044" + }, + { + "name": "ADV-2011-0416", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0416" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598549", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598549" + }, + { + "name": "RHSA-2011:0264", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0264.html" + }, + { + "name": "RHSA-2011:1000", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1000.html" + }, + { + "name": "43372", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43372" + }, + { + "name": "RHSA-2011:1580", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1580.html" + }, + { + "name": "GLSA-201110-18", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201110-18.xml" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3769.json b/2010/3xxx/CVE-2010-3769.json index b0ba177b5fe..e477205b334 100644 --- a/2010/3xxx/CVE-2010-3769.json +++ b/2010/3xxx/CVE-2010-3769.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3769", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers to execute arbitrary code via a crafted document.write call that triggers a buffer over-read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3769", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-75.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-75.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=608336", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=608336" - }, - { - "name" : "DSA-2132", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2132" - }, - { - "name" : "FEDORA-2010-18890", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html" - }, - { - "name" : "FEDORA-2010-18920", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html" - }, - { - "name" : "MDVSA-2010:251", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:251" - }, - { - "name" : "MDVSA-2010:258", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:258" - }, - { - "name" : "SUSE-SA:2011:003", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html" - }, - { - "name" : "45345", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45345" - }, - { - "name" : "69771", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/69771" - }, - { - "name" : "oval:org.mitre.oval:def:12342", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12342" - }, - { - "name" : "1024846", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024846" - }, - { - "name" : "1024848", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024848" - }, - { - "name" : "42716", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42716" - }, - { - "name" : "42818", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42818" - }, - { - "name" : "ADV-2011-0030", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0030" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers to execute arbitrary code via a crafted document.write call that triggers a buffer over-read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2011:003", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html" + }, + { + "name": "MDVSA-2010:258", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:258" + }, + { + "name": "MDVSA-2010:251", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:251" + }, + { + "name": "42818", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42818" + }, + { + "name": "oval:org.mitre.oval:def:12342", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12342" + }, + { + "name": "1024846", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024846" + }, + { + "name": "DSA-2132", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2132" + }, + { + "name": "1024848", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024848" + }, + { + "name": "FEDORA-2010-18920", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html" + }, + { + "name": "ADV-2011-0030", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0030" + }, + { + "name": "45345", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45345" + }, + { + "name": "FEDORA-2010-18890", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=608336", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=608336" + }, + { + "name": "42716", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42716" + }, + { + "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-75.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-75.html" + }, + { + "name": "69771", + "refsource": "OSVDB", + "url": "http://osvdb.org/69771" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3924.json b/2010/3xxx/CVE-2010-3924.json index 8aa17e004cb..911a49eb3db 100644 --- a/2010/3xxx/CVE-2010-3924.json +++ b/2010/3xxx/CVE-2010-3924.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3924", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Aimluck Aipo before 5.1.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2010-3924", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://jvn.jp/en/jp/JVN50704770/91216/index.html", - "refsource" : "CONFIRM", - "url" : "http://jvn.jp/en/jp/JVN50704770/91216/index.html" - }, - { - "name" : "JVN#50704770", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN50704770/index.html" - }, - { - "name" : "JVNDB-2011-000003", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000003.html" - }, - { - "name" : "45755", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45755" - }, - { - "name" : "70412", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70412" - }, - { - "name" : "42860", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42860" - }, - { - "name" : "aipo-unspecified-sql-injection(64592)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64592" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Aimluck Aipo before 5.1.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#50704770", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN50704770/index.html" + }, + { + "name": "42860", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42860" + }, + { + "name": "45755", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45755" + }, + { + "name": "aipo-unspecified-sql-injection(64592)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64592" + }, + { + "name": "http://jvn.jp/en/jp/JVN50704770/91216/index.html", + "refsource": "CONFIRM", + "url": "http://jvn.jp/en/jp/JVN50704770/91216/index.html" + }, + { + "name": "JVNDB-2011-000003", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000003.html" + }, + { + "name": "70412", + "refsource": "OSVDB", + "url": "http://osvdb.org/70412" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4237.json b/2010/4xxx/CVE-2010-4237.json index 4a30a653325..266f0daab47 100644 --- a/2010/4xxx/CVE-2010-4237.json +++ b/2010/4xxx/CVE-2010-4237.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4237", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4237", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4291.json b/2010/4xxx/CVE-2010-4291.json index 8b32b20b593..fb08b061ceb 100644 --- a/2010/4xxx/CVE-2010-4291.json +++ b/2010/4xxx/CVE-2010-4291.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4291", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-4291", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4552.json b/2010/4xxx/CVE-2010-4552.json index 9290fe99209..9b3caeb5d60 100644 --- a/2010/4xxx/CVE-2010-4552.json +++ b/2010/4xxx/CVE-2010-4552.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4552", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in IBM Lotus Notes Traveler before 8.5.1.1 allows remote attackers to cause a denial of service (memory consumption and daemon outage) by sending many embedded objects in e-mail messages for iPhone clients." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4552", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Lotus_Notes_Traveler_851_FP3_Release_Notes", - "refsource" : "CONFIRM", - "url" : "http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Lotus_Notes_Traveler_851_FP3_Release_Notes" - }, - { - "name" : "http://www-10.lotus.com/ldd/dominowiki.nsf/page.xsp?documentId=A6604E906E0DF2DF8525778B005D4466&action=openDocument", - "refsource" : "CONFIRM", - "url" : "http://www-10.lotus.com/ldd/dominowiki.nsf/page.xsp?documentId=A6604E906E0DF2DF8525778B005D4466&action=openDocument" - }, - { - "name" : "LO46561", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1LO46561" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in IBM Lotus Notes Traveler before 8.5.1.1 allows remote attackers to cause a denial of service (memory consumption and daemon outage) by sending many embedded objects in e-mail messages for iPhone clients." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-10.lotus.com/ldd/dominowiki.nsf/page.xsp?documentId=A6604E906E0DF2DF8525778B005D4466&action=openDocument", + "refsource": "CONFIRM", + "url": "http://www-10.lotus.com/ldd/dominowiki.nsf/page.xsp?documentId=A6604E906E0DF2DF8525778B005D4466&action=openDocument" + }, + { + "name": "http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Lotus_Notes_Traveler_851_FP3_Release_Notes", + "refsource": "CONFIRM", + "url": "http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Lotus_Notes_Traveler_851_FP3_Release_Notes" + }, + { + "name": "LO46561", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO46561" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3154.json b/2014/3xxx/CVE-2014-3154.json index 53944f3fc27..bd75201ddc7 100644 --- a/2014/3xxx/CVE-2014-3154.json +++ b/2014/3xxx/CVE-2014-3154.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3154", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the ChildThread::Shutdown function in content/child/child_thread.cc in the filesystem API in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to a Blink shutdown." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-3154", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2014/06/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2014/06/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=369525", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=369525" - }, - { - "name" : "https://src.chromium.org/viewvc/blink?revision=173620&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/blink?revision=173620&view=revision" - }, - { - "name" : "https://src.chromium.org/viewvc/chrome?revision=269345&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/chrome?revision=269345&view=revision" - }, - { - "name" : "DSA-2959", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2959" - }, - { - "name" : "GLSA-201408-16", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201408-16.xml" - }, - { - "name" : "67977", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67977" - }, - { - "name" : "58585", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58585" - }, - { - "name" : "59090", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59090" - }, - { - "name" : "60372", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60372" - }, - { - "name" : "60061", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60061" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the ChildThread::Shutdown function in content/child/child_thread.cc in the filesystem API in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to a Blink shutdown." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "59090", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59090" + }, + { + "name": "http://googlechromereleases.blogspot.com/2014/06/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2014/06/stable-channel-update.html" + }, + { + "name": "https://src.chromium.org/viewvc/chrome?revision=269345&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/chrome?revision=269345&view=revision" + }, + { + "name": "GLSA-201408-16", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201408-16.xml" + }, + { + "name": "60372", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60372" + }, + { + "name": "67977", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67977" + }, + { + "name": "60061", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60061" + }, + { + "name": "https://src.chromium.org/viewvc/blink?revision=173620&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/blink?revision=173620&view=revision" + }, + { + "name": "58585", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58585" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=369525", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=369525" + }, + { + "name": "DSA-2959", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2959" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3430.json b/2014/3xxx/CVE-2014-3430.json index e4ca3a309f9..83b50be6c7b 100644 --- a/2014/3xxx/CVE-2014-3430.json +++ b/2014/3xxx/CVE-2014-3430.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3430", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service (resource consumption) via an incomplete SSL/TLS handshake for an IMAP/POP3 connection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3430", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Dovecot-news] 20140511 v2.2.13 released", - "refsource" : "MLIST", - "url" : "http://dovecot.org/pipermail/dovecot-news/2014-May/000273.html" - }, - { - "name" : "[dovecot] 20140508 Denial of Service attacks against Dovecot v1.1+", - "refsource" : "MLIST", - "url" : "http://permalink.gmane.org/gmane.mail.imap.dovecot/77499" - }, - { - "name" : "[oss-security] 20140509 CVE request: Denial of Service attacks against Dovecot v1.1+", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/05/09/4" - }, - { - "name" : "[oss-security] 20140509 Re: CVE request: Denial of Service attacks against Dovecot v1.1+", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/05/09/8" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0223.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0223.html" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-0790.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-0790.html" - }, - { - "name" : "DSA-2954", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2954" - }, - { - "name" : "MDVSA-2015:113", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:113" - }, - { - "name" : "RHSA-2014:0790", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0790.html" - }, - { - "name" : "USN-2213-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2213-1" - }, - { - "name" : "67306", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67306" - }, - { - "name" : "59051", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59051" - }, - { - "name" : "59537", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59537" - }, - { - "name" : "59552", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service (resource consumption) via an incomplete SSL/TLS handshake for an IMAP/POP3 connection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140509 CVE request: Denial of Service attacks against Dovecot v1.1+", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/05/09/4" + }, + { + "name": "59051", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59051" + }, + { + "name": "[oss-security] 20140509 Re: CVE request: Denial of Service attacks against Dovecot v1.1+", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/05/09/8" + }, + { + "name": "59537", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59537" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0223.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0223.html" + }, + { + "name": "[dovecot] 20140508 Denial of Service attacks against Dovecot v1.1+", + "refsource": "MLIST", + "url": "http://permalink.gmane.org/gmane.mail.imap.dovecot/77499" + }, + { + "name": "DSA-2954", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2954" + }, + { + "name": "59552", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59552" + }, + { + "name": "USN-2213-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2213-1" + }, + { + "name": "67306", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67306" + }, + { + "name": "MDVSA-2015:113", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:113" + }, + { + "name": "RHSA-2014:0790", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0790.html" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-0790.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-0790.html" + }, + { + "name": "[Dovecot-news] 20140511 v2.2.13 released", + "refsource": "MLIST", + "url": "http://dovecot.org/pipermail/dovecot-news/2014-May/000273.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3493.json b/2014/3xxx/CVE-2014-3493.json index 9b094847e9f..a19c6338e4a 100644 --- a/2014/3xxx/CVE-2014-3493.json +++ b/2014/3xxx/CVE-2014-3493.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3493", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a character-set conversion failure that triggers an invalid pointer dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3493", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140711 [ MDVSA-2014:136 ] samba", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/532757/100/0/threaded" - }, - { - "name" : "http://www.samba.org/samba/security/CVE-2014-3493", - "refsource" : "CONFIRM", - "url" : "http://www.samba.org/samba/security/CVE-2014-3493" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1108748", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1108748" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-0866.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-0866.html" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0279.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0279.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993" - }, - { - "name" : "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_samba1", - "refsource" : "CONFIRM", - "url" : "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_samba1" - }, - { - "name" : "FEDORA-2014-9132", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html" - }, - { - "name" : "FEDORA-2014-7672", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html" - }, - { - "name" : "GLSA-201502-15", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-15.xml" - }, - { - "name" : "MDVSA-2014:136", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:136" - }, - { - "name" : "MDVSA-2015:082", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:082" - }, - { - "name" : "RHSA-2014:0866", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0866.html" - }, - { - "name" : "68150", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68150" - }, - { - "name" : "1030455", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030455" - }, - { - "name" : "59378", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59378" - }, - { - "name" : "59579", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59579" - }, - { - "name" : "59834", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59834" - }, - { - "name" : "59848", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59848" - }, - { - "name" : "59919", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59919" - }, - { - "name" : "61218", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61218" - }, - { - "name" : "59433", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59433" - }, - { - "name" : "59407", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59407" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a character-set conversion failure that triggers an invalid pointer dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_samba1", + "refsource": "CONFIRM", + "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_samba1" + }, + { + "name": "MDVSA-2014:136", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:136" + }, + { + "name": "RHSA-2014:0866", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0866.html" + }, + { + "name": "FEDORA-2014-9132", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html" + }, + { + "name": "61218", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61218" + }, + { + "name": "59834", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59834" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-0866.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-0866.html" + }, + { + "name": "59848", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59848" + }, + { + "name": "20140711 [ MDVSA-2014:136 ] samba", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/532757/100/0/threaded" + }, + { + "name": "GLSA-201502-15", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-15.xml" + }, + { + "name": "68150", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68150" + }, + { + "name": "59407", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59407" + }, + { + "name": "FEDORA-2014-7672", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html" + }, + { + "name": "59433", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59433" + }, + { + "name": "59919", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59919" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1108748", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1108748" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0279.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0279.html" + }, + { + "name": "59378", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59378" + }, + { + "name": "MDVSA-2015:082", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:082" + }, + { + "name": "59579", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59579" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993" + }, + { + "name": "http://www.samba.org/samba/security/CVE-2014-3493", + "refsource": "CONFIRM", + "url": "http://www.samba.org/samba/security/CVE-2014-3493" + }, + { + "name": "1030455", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030455" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3652.json b/2014/3xxx/CVE-2014-3652.json index 2a87f7d0903..b083126947b 100644 --- a/2014/3xxx/CVE-2014-3652.json +++ b/2014/3xxx/CVE-2014-3652.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3652", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3652", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4007.json b/2014/4xxx/CVE-2014-4007.json index fac9008e719..14ef12ed7f7 100644 --- a/2014/4xxx/CVE-2014-4007.json +++ b/2014/4xxx/CVE-2014-4007.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4007", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SAP Upgrade tools for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4007", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140606 [Onapsis Security Advisories] Multiple Hard-coded Usernames in SAP Components", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Jun/36" - }, - { - "name" : "http://scn.sap.com/docs/DOC-8218", - "refsource" : "CONFIRM", - "url" : "http://scn.sap.com/docs/DOC-8218" - }, - { - "name" : "https://service.sap.com/sap/support/notes/1915873", - "refsource" : "CONFIRM", - "url" : "https://service.sap.com/sap/support/notes/1915873" - }, - { - "name" : "67920", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67920" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SAP Upgrade tools for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "67920", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67920" + }, + { + "name": "https://service.sap.com/sap/support/notes/1915873", + "refsource": "CONFIRM", + "url": "https://service.sap.com/sap/support/notes/1915873" + }, + { + "name": "20140606 [Onapsis Security Advisories] Multiple Hard-coded Usernames in SAP Components", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Jun/36" + }, + { + "name": "http://scn.sap.com/docs/DOC-8218", + "refsource": "CONFIRM", + "url": "http://scn.sap.com/docs/DOC-8218" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4298.json b/2014/4xxx/CVE-2014-4298.json index 9ed23711802..f5fb2c043c7 100644 --- a/2014/4xxx/CVE-2014-4298.json +++ b/2014/4xxx/CVE-2014-4298.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4298", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4299, CVE-2014-4300, CVE-2014-6452, CVE-2014-6454, and CVE-2014-6542." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-4298", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "70524", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70524" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4299, CVE-2014-4300, CVE-2014-6452, CVE-2014-6454, and CVE-2014-6542." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70524", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70524" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4822.json b/2014/4xxx/CVE-2014-4822.json index 13bbde41bb1..b8809413386 100644 --- a/2014/4xxx/CVE-2014-4822.json +++ b/2014/4xxx/CVE-2014-4822.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4822", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere MQ classes for Java libraries 8.0 before 8.0.0.1 and Websphere MQ Explorer 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allow local users to discover preconfigured cleartext passwords via an unspecified trace operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-4822", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686339", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686339" - }, - { - "name" : "IT04023", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04023" - }, - { - "name" : "59921", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59921" - }, - { - "name" : "ibm-webspheremq-cve20144822-java(95467)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95467" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere MQ classes for Java libraries 8.0 before 8.0.0.1 and Websphere MQ Explorer 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allow local users to discover preconfigured cleartext passwords via an unspecified trace operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-webspheremq-cve20144822-java(95467)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95467" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686339", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686339" + }, + { + "name": "IT04023", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04023" + }, + { + "name": "59921", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59921" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4939.json b/2014/4xxx/CVE-2014-4939.json index d323836b384..4f1487e7e0b 100644 --- a/2014/4xxx/CVE-2014-4939.json +++ b/2014/4xxx/CVE-2014-4939.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4939", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the ENL Newsletter (enl-newsletter) plugin 1.0.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the enl-add-new page to wp-admin/admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4939", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://codevigilant.com/disclosure/wp-plugin-enl-newsletter-a1-injection/", - "refsource" : "MISC", - "url" : "http://codevigilant.com/disclosure/wp-plugin-enl-newsletter-a1-injection/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the ENL Newsletter (enl-newsletter) plugin 1.0.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the enl-add-new page to wp-admin/admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://codevigilant.com/disclosure/wp-plugin-enl-newsletter-a1-injection/", + "refsource": "MISC", + "url": "http://codevigilant.com/disclosure/wp-plugin-enl-newsletter-a1-injection/" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8254.json b/2014/8xxx/CVE-2014-8254.json index 01b34d720db..e396804db98 100644 --- a/2014/8xxx/CVE-2014-8254.json +++ b/2014/8xxx/CVE-2014-8254.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8254", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8254", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8407.json b/2014/8xxx/CVE-2014-8407.json index ce5814b87ca..6722a0badfe 100644 --- a/2014/8xxx/CVE-2014-8407.json +++ b/2014/8xxx/CVE-2014-8407.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8407", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8407", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8593.json b/2014/8xxx/CVE-2014-8593.json index 86d171e2a44..59a39a18491 100644 --- a/2014/8xxx/CVE-2014-8593.json +++ b/2014/8xxx/CVE-2014-8593.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8593", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Allomani Weblinks 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) default URI to admin.php or the (2) id parameter to admin.php or (3) go.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8593", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/128565/Allomani-Weblinks-1.0-Cross-Site-Scripting-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128565/Allomani-Weblinks-1.0-Cross-Site-Scripting-SQL-Injection.html" - }, - { - "name" : "70255", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70255" - }, - { - "name" : "weblinks-multiple-xss(96841)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96841" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Allomani Weblinks 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) default URI to admin.php or the (2) id parameter to admin.php or (3) go.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/128565/Allomani-Weblinks-1.0-Cross-Site-Scripting-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128565/Allomani-Weblinks-1.0-Cross-Site-Scripting-SQL-Injection.html" + }, + { + "name": "70255", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70255" + }, + { + "name": "weblinks-multiple-xss(96841)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96841" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8744.json b/2014/8xxx/CVE-2014-8744.json index e5461212217..06e8238eb50 100644 --- a/2014/8xxx/CVE-2014-8744.json +++ b/2014/8xxx/CVE-2014-8744.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8744", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Nivo Slider module 7.x-2.x before 7.x-1.11 for Drupal allows remote authenticated users with the \"administer nivo slider\" permission to inject arbitrary web script or HTML via an image title." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8744", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.drupal.org/node/2221481", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2221481" - }, - { - "name" : "https://www.drupal.org/node/2220545", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2220545" - }, - { - "name" : "66327", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66327" - }, - { - "name" : "57459", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57459" - }, - { - "name" : "nivo-slider-drupal-xss(92009)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92009" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Nivo Slider module 7.x-2.x before 7.x-1.11 for Drupal allows remote authenticated users with the \"administer nivo slider\" permission to inject arbitrary web script or HTML via an image title." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "57459", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57459" + }, + { + "name": "nivo-slider-drupal-xss(92009)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92009" + }, + { + "name": "https://www.drupal.org/node/2221481", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2221481" + }, + { + "name": "https://www.drupal.org/node/2220545", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2220545" + }, + { + "name": "66327", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66327" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8971.json b/2014/8xxx/CVE-2014-8971.json index aedb0620fe2..471e3d48946 100644 --- a/2014/8xxx/CVE-2014-8971.json +++ b/2014/8xxx/CVE-2014-8971.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8971", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8971", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9055.json b/2014/9xxx/CVE-2014-9055.json index 33b27e803ad..b710f270660 100644 --- a/2014/9xxx/CVE-2014-9055.json +++ b/2014/9xxx/CVE-2014-9055.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9055", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9055", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9368.json b/2014/9xxx/CVE-2014-9368.json index 80918591a29..0e2afbfea8d 100644 --- a/2014/9xxx/CVE-2014-9368.json +++ b/2014/9xxx/CVE-2014-9368.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9368", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the twitterDash plugin 2.1 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the username_twitterDash parameter in the twitterDash.php page to wp-admin/options-general.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9368", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/129579/WordPress-twitterDash-2.1-CSRF-XSS.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129579/WordPress-twitterDash-2.1-CSRF-XSS.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the twitterDash plugin 2.1 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the username_twitterDash parameter in the twitterDash.php page to wp-admin/options-general.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/129579/WordPress-twitterDash-2.1-CSRF-XSS.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129579/WordPress-twitterDash-2.1-CSRF-XSS.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9408.json b/2014/9xxx/CVE-2014-9408.json index e07b04880c7..6e509000944 100644 --- a/2014/9xxx/CVE-2014-9408.json +++ b/2014/9xxx/CVE-2014-9408.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9408", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 uses part of the MAC address as part of the RC4 setup key, which makes it easier for remote attackers to guess the key via a brute-force attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9408", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141215 Vulnerabilities in Ekahau Real-Time Location Tracking System [MZ-14-01]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534241/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/129585/Ekahau-Real-Time-Location-System-RC4-Cipher-Stream-Reuse-Weak-Key-Derivation.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129585/Ekahau-Real-Time-Location-System-RC4-Cipher-Stream-Reuse-Weak-Key-Derivation.html" - }, - { - "name" : "http://www.modzero.ch/advisories/MZ-14-01-Ekahau-RTLS.txt", - "refsource" : "MISC", - "url" : "http://www.modzero.ch/advisories/MZ-14-01-Ekahau-RTLS.txt" - }, - { - "name" : "71674", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71674" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 uses part of the MAC address as part of the RC4 setup key, which makes it easier for remote attackers to guess the key via a brute-force attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/129585/Ekahau-Real-Time-Location-System-RC4-Cipher-Stream-Reuse-Weak-Key-Derivation.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129585/Ekahau-Real-Time-Location-System-RC4-Cipher-Stream-Reuse-Weak-Key-Derivation.html" + }, + { + "name": "71674", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71674" + }, + { + "name": "http://www.modzero.ch/advisories/MZ-14-01-Ekahau-RTLS.txt", + "refsource": "MISC", + "url": "http://www.modzero.ch/advisories/MZ-14-01-Ekahau-RTLS.txt" + }, + { + "name": "20141215 Vulnerabilities in Ekahau Real-Time Location Tracking System [MZ-14-01]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534241/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9810.json b/2014/9xxx/CVE-2014-9810.json index 552c8751356..0f9a7faaa5e 100644 --- a/2014/9xxx/CVE-2014-9810.json +++ b/2014/9xxx/CVE-2014-9810.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9810", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dpx file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed dpx file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9810", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141224 Imagemagick fuzzing bug", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/12/24/1" - }, - { - "name" : "[oss-security] 20160602 Re: ImageMagick CVEs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/02/13" - }, - { - "name" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=68db5f601d4120170b91f5397e596c0b8f9d3a8e", - "refsource" : "CONFIRM", - "url" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=68db5f601d4120170b91f5397e596c0b8f9d3a8e" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343466", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343466" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dpx file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed dpx file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343466", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343466" + }, + { + "name": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=68db5f601d4120170b91f5397e596c0b8f9d3a8e", + "refsource": "CONFIRM", + "url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=68db5f601d4120170b91f5397e596c0b8f9d3a8e" + }, + { + "name": "[oss-security] 20160602 Re: ImageMagick CVEs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" + }, + { + "name": "[oss-security] 20141224 Imagemagick fuzzing bug", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/12/24/1" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2068.json b/2016/2xxx/CVE-2016-2068.json index ded29d33f30..5eca189b3b2 100644 --- a/2016/2xxx/CVE-2016-2068.json +++ b/2016/2xxx/CVE-2016-2068.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2068", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MSM QDSP6 audio driver (aka sound driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (integer overflow, and buffer overflow or buffer over-read) via a crafted application that performs a (1) AUDIO_EFFECTS_WRITE or (2) AUDIO_EFFECTS_READ operation, aka Qualcomm internal bug CR1006609." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2068", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-07-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-07-01.html" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=01ee86da5a0cd788f134e360e2be517ef52b6b00", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=01ee86da5a0cd788f134e360e2be517ef52b6b00" - }, - { - "name" : "https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=9900650540c889f761d102202bc80306ae80ab83", - "refsource" : "CONFIRM", - "url" : "https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=9900650540c889f761d102202bc80306ae80ab83" - }, - { - "name" : "https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=2c04c0dab66013b7dfbe4d5a523c2c1d6b5b11d6", - "refsource" : "CONFIRM", - "url" : "https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=2c04c0dab66013b7dfbe4d5a523c2c1d6b5b11d6" - }, - { - "name" : "https://www.codeaurora.org/multiple-vulnerabilities-msm-qdsp6-audio-driver-allow-kernel-memory-corruption-cve-2016-2068-0", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/multiple-vulnerabilities-msm-qdsp6-audio-driver-allow-kernel-memory-corruption-cve-2016-2068-0" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MSM QDSP6 audio driver (aka sound driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (integer overflow, and buffer overflow or buffer over-read) via a crafted application that performs a (1) AUDIO_EFFECTS_WRITE or (2) AUDIO_EFFECTS_READ operation, aka Qualcomm internal bug CR1006609." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=2c04c0dab66013b7dfbe4d5a523c2c1d6b5b11d6", + "refsource": "CONFIRM", + "url": "https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=2c04c0dab66013b7dfbe4d5a523c2c1d6b5b11d6" + }, + { + "name": "http://source.android.com/security/bulletin/2016-07-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-07-01.html" + }, + { + "name": "https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=9900650540c889f761d102202bc80306ae80ab83", + "refsource": "CONFIRM", + "url": "https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=9900650540c889f761d102202bc80306ae80ab83" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=01ee86da5a0cd788f134e360e2be517ef52b6b00", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=01ee86da5a0cd788f134e360e2be517ef52b6b00" + }, + { + "name": "https://www.codeaurora.org/multiple-vulnerabilities-msm-qdsp6-audio-driver-allow-kernel-memory-corruption-cve-2016-2068-0", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/multiple-vulnerabilities-msm-qdsp6-audio-driver-allow-kernel-memory-corruption-cve-2016-2068-0" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2458.json b/2016/2xxx/CVE-2016-2458.json index 8e2cbd7eb30..959d86cae16 100644 --- a/2016/2xxx/CVE-2016-2458.json +++ b/2016/2xxx/CVE-2016-2458.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2458", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The compose functionality in AOSP Mail in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly restrict attachments, which allows attackers to obtain sensitive information via a crafted application, related to ComposeActivity.java and ComposeActivityEmail.java, aka internal bug 27335139." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-2458", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-05-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-05-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/packages/apps/Email/+/2791f0b33b610247ef87278862e66c6045f89693", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/packages/apps/Email/+/2791f0b33b610247ef87278862e66c6045f89693" - }, - { - "name" : "https://android.googlesource.com/platform/packages/apps/UnifiedEmail/+/a55168330d9326ff2120285763c818733590266a", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/packages/apps/UnifiedEmail/+/a55168330d9326ff2120285763c818733590266a" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The compose functionality in AOSP Mail in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly restrict attachments, which allows attackers to obtain sensitive information via a crafted application, related to ComposeActivity.java and ComposeActivityEmail.java, aka internal bug 27335139." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-05-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-05-01.html" + }, + { + "name": "https://android.googlesource.com/platform/packages/apps/Email/+/2791f0b33b610247ef87278862e66c6045f89693", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/packages/apps/Email/+/2791f0b33b610247ef87278862e66c6045f89693" + }, + { + "name": "https://android.googlesource.com/platform/packages/apps/UnifiedEmail/+/a55168330d9326ff2120285763c818733590266a", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/packages/apps/UnifiedEmail/+/a55168330d9326ff2120285763c818733590266a" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2491.json b/2016/2xxx/CVE-2016-2491.json index 1cb4d0e2fd0..d37bfcf3473 100644 --- a/2016/2xxx/CVE-2016-2491.json +++ b/2016/2xxx/CVE-2016-2491.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2491", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NVIDIA camera driver in Android before 2016-06-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27556408." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-2491", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-06-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-06-01.html" - }, - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NVIDIA camera driver in Android before 2016-06-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27556408." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" + }, + { + "name": "http://source.android.com/security/bulletin/2016-06-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-06-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2786.json b/2016/2xxx/CVE-2016-2786.json index dd0c49a0455..bf97190ad2f 100644 --- a/2016/2xxx/CVE-2016-2786.json +++ b/2016/2xxx/CVE-2016-2786.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2786", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x before 1.3.6 does not properly validate server certificates, which might allow remote attackers to spoof brokers and execute arbitrary commands via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2786", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://puppet.com/security/cve/CVE-2016-2786", - "refsource" : "CONFIRM", - "url" : "https://puppet.com/security/cve/CVE-2016-2786" - }, - { - "name" : "GLSA-201606-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201606-02" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x before 1.3.6 does not properly validate server certificates, which might allow remote attackers to spoof brokers and execute arbitrary commands via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://puppet.com/security/cve/CVE-2016-2786", + "refsource": "CONFIRM", + "url": "https://puppet.com/security/cve/CVE-2016-2786" + }, + { + "name": "GLSA-201606-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201606-02" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2810.json b/2016/2xxx/CVE-2016-2810.json index cee7a9c6e24..69fd52bc880 100644 --- a/2016/2xxx/CVE-2016-2810.json +++ b/2016/2xxx/CVE-2016-2810.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2810", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to bypass intended Signature access requirements via a crafted application that leverages content-provider permissions, as demonstrated by reading the browser history or a saved password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2016-2810", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2016/mfsa2016-41.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2016/mfsa2016-41.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1229681", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1229681" - }, - { - "name" : "GLSA-201701-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-15" - }, - { - "name" : "openSUSE-SU-2016:1251", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html" - }, - { - "name" : "1035692", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035692" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to bypass intended Signature access requirements via a crafted application that leverages content-provider permissions, as demonstrated by reading the browser history or a saved password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-41.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-41.html" + }, + { + "name": "1035692", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035692" + }, + { + "name": "openSUSE-SU-2016:1251", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1229681", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1229681" + }, + { + "name": "GLSA-201701-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-15" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2915.json b/2016/2xxx/CVE-2016-2915.json index 109b9e10dc1..2960c11b7cf 100644 --- a/2016/2xxx/CVE-2016-2915.json +++ b/2016/2xxx/CVE-2016-2915.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2915", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2915", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2916.json b/2016/2xxx/CVE-2016-2916.json index f29009aef35..98620399b56 100644 --- a/2016/2xxx/CVE-2016-2916.json +++ b/2016/2xxx/CVE-2016-2916.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2916", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2916", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3020.json b/2016/3xxx/CVE-2016-3020.json index 7fee7cd8111..21f9f6474fd 100644 --- a/2016/3xxx/CVE-2016-3020.json +++ b/2016/3xxx/CVE-2016-3020.json @@ -1,110 +1,110 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-3020", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Access Manager", - "version" : { - "version_data" : [ - { - "version_value" : "9.0" - }, - { - "version_value" : "9.0.0.1" - }, - { - "version_value" : "9.0.1" - }, - { - "version_value" : "7.0.0" - }, - { - "version_value" : "8.0.0" - }, - { - "version_value" : "8.0.0.1" - }, - { - "version_value" : "8.0.0.2" - }, - { - "version_value" : "8.0.0.3" - }, - { - "version_value" : "8.0.0.4" - }, - { - "version_value" : "8.0.0.5" - }, - { - "version_value" : "8.0.1" - }, - { - "version_value" : "8.0.1.2" - }, - { - "version_value" : "8.0.1.3" - }, - { - "version_value" : "8.0.1.4" - }, - { - "version_value" : "9.0.0" - }, - { - "version_value" : "9.0.1.0" - }, - { - "version_value" : "9.0.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass validation and load a page with malicious content." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Bypass Security" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-3020", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Access Manager", + "version": { + "version_data": [ + { + "version_value": "9.0" + }, + { + "version_value": "9.0.0.1" + }, + { + "version_value": "9.0.1" + }, + { + "version_value": "7.0.0" + }, + { + "version_value": "8.0.0" + }, + { + "version_value": "8.0.0.1" + }, + { + "version_value": "8.0.0.2" + }, + { + "version_value": "8.0.0.3" + }, + { + "version_value": "8.0.0.4" + }, + { + "version_value": "8.0.0.5" + }, + { + "version_value": "8.0.1" + }, + { + "version_value": "8.0.1.2" + }, + { + "version_value": "8.0.1.3" + }, + { + "version_value": "8.0.1.4" + }, + { + "version_value": "9.0.0" + }, + { + "version_value": "9.0.1.0" + }, + { + "version_value": "9.0.2.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21996826", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21996826" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass validation and load a page with malicious content." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Bypass Security" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21996826", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21996826" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3179.json b/2016/3xxx/CVE-2016-3179.json index 62ce147c99b..3fb6793ff72 100644 --- a/2016/3xxx/CVE-2016-3179.json +++ b/2016/3xxx/CVE-2016-3179.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3179", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a denial of service (invalid free and daemon crash) via vectors related to error handling." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3179", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160316 Re: CVE Request: The minissdpd (v 1.2.20130907-3) is affected by an improper validation of array index weakness", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/03/16/13" - }, - { - "name" : "http://speirofr.appspot.com/files/advisory/SPADV-2016-02.md", - "refsource" : "MISC", - "url" : "http://speirofr.appspot.com/files/advisory/SPADV-2016-02.md" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816759", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816759" - }, - { - "name" : "https://github.com/miniupnp/miniupnp/commit/140ee8d2204b383279f854802b27bdb41c1d5d1a", - "refsource" : "CONFIRM", - "url" : "https://github.com/miniupnp/miniupnp/commit/140ee8d2204b383279f854802b27bdb41c1d5d1a" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a denial of service (invalid free and daemon crash) via vectors related to error handling." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160316 Re: CVE Request: The minissdpd (v 1.2.20130907-3) is affected by an improper validation of array index weakness", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/03/16/13" + }, + { + "name": "https://github.com/miniupnp/miniupnp/commit/140ee8d2204b383279f854802b27bdb41c1d5d1a", + "refsource": "CONFIRM", + "url": "https://github.com/miniupnp/miniupnp/commit/140ee8d2204b383279f854802b27bdb41c1d5d1a" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816759", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816759" + }, + { + "name": "http://speirofr.appspot.com/files/advisory/SPADV-2016-02.md", + "refsource": "MISC", + "url": "http://speirofr.appspot.com/files/advisory/SPADV-2016-02.md" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3334.json b/2016/3xxx/CVE-2016-3334.json index 700b01e8b67..e62159ae55e 100644 --- a/2016/3xxx/CVE-2016-3334.json +++ b/2016/3xxx/CVE-2016-3334.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3334", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka \"Windows Common Log File System Driver Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3334", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-134", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-134" - }, - { - "name" : "94012", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94012" - }, - { - "name" : "1037252", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037252" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka \"Windows Common Log File System Driver Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037252", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037252" + }, + { + "name": "MS16-134", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-134" + }, + { + "name": "94012", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94012" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6163.json b/2016/6xxx/CVE-2016-6163.json index 6046ed1b3aa..651d3191706 100644 --- a/2016/6xxx/CVE-2016-6163.json +++ b/2016/6xxx/CVE-2016-6163.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6163", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted svg file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6163", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160704 Browsing and attaching images considered harmful in Linux", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/04/3" - }, - { - "name" : "[oss-security] 20160705 Re: Browsing and attaching images considered harmful in Linux", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/05/9" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1353520", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1353520" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted svg file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160705 Re: Browsing and attaching images considered harmful in Linux", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/05/9" + }, + { + "name": "[oss-security] 20160704 Browsing and attaching images considered harmful in Linux", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/04/3" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1353520", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353520" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6310.json b/2016/6xxx/CVE-2016-6310.json index e4d94895438..80fcbcca369 100644 --- a/2016/6xxx/CVE-2016-6310.json +++ b/2016/6xxx/CVE-2016-6310.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-6310", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-6310", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1363738", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1363738" - }, - { - "name" : "92345", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92345" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1363738", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1363738" + }, + { + "name": "92345", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92345" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6578.json b/2016/6xxx/CVE-2016-6578.json index a3f1aadcf5e..f061b764582 100644 --- a/2016/6xxx/CVE-2016-6578.json +++ b/2016/6xxx/CVE-2016-6578.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2016-6578", - "STATE" : "PUBLIC", - "TITLE" : "CodeLathe FileCloud, version 13.0.0.32841 and earlier, is vulnerable to cross-site request forgery (CSRF)" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FileCloud", - "version" : { - "version_data" : [ - { - "affected" : "=", - "version_name" : "13.0.0.32841", - "version_value" : "13.0.0.32841" - } - ] - } - } - ] - }, - "vendor_name" : "CodeLathe" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CodeLathe FileCloud, version 13.0.0.32841 and earlier, contains a global cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-352" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-6578", + "STATE": "PUBLIC", + "TITLE": "CodeLathe FileCloud, version 13.0.0.32841 and earlier, is vulnerable to cross-site request forgery (CSRF)" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FileCloud", + "version": { + "version_data": [ + { + "affected": "=", + "version_name": "13.0.0.32841", + "version_value": "13.0.0.32841" + } + ] + } + } + ] + }, + "vendor_name": "CodeLathe" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#865216", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/865216" - }, - { - "name" : "95426", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95426" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CodeLathe FileCloud, version 13.0.0.32841 and earlier, contains a global cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95426", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95426" + }, + { + "name": "VU#865216", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/865216" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6785.json b/2016/6xxx/CVE-2016-6785.json index d176020a0b1..4bf5ffcad4b 100644 --- a/2016/6xxx/CVE-2016-6785.json +++ b/2016/6xxx/CVE-2016-6785.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-6785", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31748056. References: MT-ALPS02961400." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-6785", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2016-12-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2016-12-01.html" - }, - { - "name" : "94683", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94683" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31748056. References: MT-ALPS02961400." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2016-12-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2016-12-01.html" + }, + { + "name": "94683", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94683" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6904.json b/2016/6xxx/CVE-2016-6904.json index bda4f6a7f17..995059535db 100644 --- a/2016/6xxx/CVE-2016-6904.json +++ b/2016/6xxx/CVE-2016-6904.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@netapp.com", - "DATE_PUBLIC" : "2017-12-08T00:00:00", - "ID" : "CVE-2016-6904", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "VASA Provider for Clustered Data ONTAP", - "version" : { - "version_data" : [ - { - "version_value" : "Versions prior to 7.0P1" - } - ] - } - } - ] - }, - "vendor_name" : "NetApp " - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication. This could allow an unauthenticated attacker to obtain authentication credentials." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Plain text authentication" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@netapp.com", + "DATE_PUBLIC": "2017-12-08T00:00:00", + "ID": "CVE-2016-6904", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VASA Provider for Clustered Data ONTAP", + "version": { + "version_data": [ + { + "version_value": "Versions prior to 7.0P1" + } + ] + } + } + ] + }, + "vendor_name": "NetApp " + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security.netapp.com/advisory/ntap-20171208-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20171208-0002/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication. This could allow an unauthenticated attacker to obtain authentication credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Plain text authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.netapp.com/advisory/ntap-20171208-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20171208-0002/" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7637.json b/2016/7xxx/CVE-2016-7637.json index 36f61dd15ef..e54ebf8ecf7 100644 --- a/2016/7xxx/CVE-2016-7637.json +++ b/2016/7xxx/CVE-2016-7637.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-7637", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"Kernel\" component. It allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-7637", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40931", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40931/" - }, - { - "name" : "40957", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40957/" - }, - { - "name" : "https://support.apple.com/HT207422", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207422" - }, - { - "name" : "https://support.apple.com/HT207423", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207423" - }, - { - "name" : "https://support.apple.com/HT207487", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207487" - }, - { - "name" : "94905", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94905" - }, - { - "name" : "1037469", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"Kernel\" component. It allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40957", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40957/" + }, + { + "name": "https://support.apple.com/HT207487", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207487" + }, + { + "name": "40931", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40931/" + }, + { + "name": "https://support.apple.com/HT207422", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207422" + }, + { + "name": "94905", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94905" + }, + { + "name": "1037469", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037469" + }, + { + "name": "https://support.apple.com/HT207423", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207423" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7657.json b/2016/7xxx/CVE-2016-7657.json index 0e321997278..05907494fe9 100644 --- a/2016/7xxx/CVE-2016-7657.json +++ b/2016/7xxx/CVE-2016-7657.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-7657", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"IOKit\" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-7657", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207422", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207422" - }, - { - "name" : "https://support.apple.com/HT207423", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207423" - }, - { - "name" : "https://support.apple.com/HT207487", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207487" - }, - { - "name" : "94905", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94905" - }, - { - "name" : "1037469", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"IOKit\" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT207487", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207487" + }, + { + "name": "https://support.apple.com/HT207422", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207422" + }, + { + "name": "94905", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94905" + }, + { + "name": "1037469", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037469" + }, + { + "name": "https://support.apple.com/HT207423", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207423" + } + ] + } +} \ No newline at end of file