From e4bdbce384bc2767bd4e426d381ef747dca85bea Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 00:10:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0241.json | 150 +++++++------- 2006/0xxx/CVE-2006-0505.json | 130 ++++++------ 2006/0xxx/CVE-2006-0671.json | 180 ++++++++--------- 2006/0xxx/CVE-2006-0784.json | 170 ++++++++-------- 2006/1xxx/CVE-2006-1234.json | 200 +++++++++---------- 2006/1xxx/CVE-2006-1530.json | 370 +++++++++++++++++------------------ 2006/1xxx/CVE-2006-1568.json | 190 +++++++++--------- 2006/3xxx/CVE-2006-3250.json | 170 ++++++++-------- 2006/3xxx/CVE-2006-3637.json | 190 +++++++++--------- 2006/4xxx/CVE-2006-4453.json | 150 +++++++------- 2006/4xxx/CVE-2006-4805.json | 340 ++++++++++++++++---------------- 2010/2xxx/CVE-2010-2669.json | 160 +++++++-------- 2010/2xxx/CVE-2010-2693.json | 160 +++++++-------- 2010/2xxx/CVE-2010-2698.json | 150 +++++++------- 2010/2xxx/CVE-2010-2835.json | 130 ++++++------ 2010/3xxx/CVE-2010-3035.json | 180 ++++++++--------- 2010/3xxx/CVE-2010-3105.json | 140 ++++++------- 2010/3xxx/CVE-2010-3173.json | 290 +++++++++++++-------------- 2010/3xxx/CVE-2010-3540.json | 130 ++++++------ 2010/3xxx/CVE-2010-3584.json | 140 ++++++------- 2010/3xxx/CVE-2010-3657.json | 200 +++++++++---------- 2010/4xxx/CVE-2010-4195.json | 160 +++++++-------- 2010/4xxx/CVE-2010-4885.json | 150 +++++++------- 2011/1xxx/CVE-2011-1163.json | 250 +++++++++++------------ 2011/1xxx/CVE-2011-1457.json | 170 ++++++++-------- 2011/1xxx/CVE-2011-1864.json | 180 ++++++++--------- 2011/5xxx/CVE-2011-5023.json | 140 ++++++------- 2011/5xxx/CVE-2011-5308.json | 140 ++++++------- 2014/3xxx/CVE-2014-3237.json | 34 ++-- 2014/3xxx/CVE-2014-3375.json | 170 ++++++++-------- 2014/3xxx/CVE-2014-3607.json | 160 +++++++-------- 2014/3xxx/CVE-2014-3862.json | 140 ++++++------- 2014/7xxx/CVE-2014-7265.json | 130 ++++++------ 2014/8xxx/CVE-2014-8031.json | 160 +++++++-------- 2014/9xxx/CVE-2014-9494.json | 150 +++++++------- 2014/9xxx/CVE-2014-9723.json | 34 ++-- 2014/9xxx/CVE-2014-9909.json | 130 ++++++------ 2016/2xxx/CVE-2016-2218.json | 34 ++-- 2016/2xxx/CVE-2016-2333.json | 120 ++++++------ 2016/2xxx/CVE-2016-2656.json | 34 ++-- 2016/2xxx/CVE-2016-2822.json | 220 ++++++++++----------- 2016/2xxx/CVE-2016-2925.json | 150 +++++++------- 2016/6xxx/CVE-2016-6173.json | 190 +++++++++--------- 2016/6xxx/CVE-2016-6288.json | 200 +++++++++---------- 2016/6xxx/CVE-2016-6361.json | 140 ++++++------- 2016/6xxx/CVE-2016-6419.json | 130 ++++++------ 2016/6xxx/CVE-2016-6887.json | 130 ++++++------ 2016/7xxx/CVE-2016-7075.json | 172 ++++++++-------- 2016/7xxx/CVE-2016-7785.json | 140 ++++++------- 2017/5xxx/CVE-2017-5180.json | 150 +++++++------- 2017/5xxx/CVE-2017-5588.json | 34 ++-- 2017/5xxx/CVE-2017-5689.json | 210 ++++++++++---------- 2017/5xxx/CVE-2017-5978.json | 140 ++++++------- 53 files changed, 4206 insertions(+), 4206 deletions(-) diff --git a/2006/0xxx/CVE-2006-0241.json b/2006/0xxx/CVE-2006-0241.json index 8b914711029..9391f4a1d28 100644 --- a/2006/0xxx/CVE-2006-0241.json +++ b/2006/0xxx/CVE-2006-0241.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0241", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in WBNews 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the Name field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0241", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060117 XSS in WBNews < = v1.1.0", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/422133/100/0/threaded" - }, - { - "name" : "16277", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16277" - }, - { - "name" : "ADV-2006-0237", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0237" - }, - { - "name" : "18499", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18499" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in WBNews 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the Name field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060117 XSS in WBNews < = v1.1.0", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/422133/100/0/threaded" + }, + { + "name": "16277", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16277" + }, + { + "name": "18499", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18499" + }, + { + "name": "ADV-2006-0237", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0237" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0505.json b/2006/0xxx/CVE-2006-0505.json index dfb9e5c185d..7b57bcd8a3f 100644 --- a/2006/0xxx/CVE-2006-0505.json +++ b/2006/0xxx/CVE-2006-0505.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0505", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "zbattle.net Zbattle client 1.09 SR-1 beta allows remote attackers to cause an unspecified denial of service by rapidly creating and closing a game." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0505", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060128 zbattle.net", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/423431/100/0/threaded" - }, - { - "name" : "zbattle-command-dos(24369)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24369" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "zbattle.net Zbattle client 1.09 SR-1 beta allows remote attackers to cause an unspecified denial of service by rapidly creating and closing a game." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060128 zbattle.net", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/423431/100/0/threaded" + }, + { + "name": "zbattle-command-dos(24369)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24369" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0671.json b/2006/0xxx/CVE-2006-0671.json index d89d1fbfb44..18cd9eae217 100644 --- a/2006/0xxx/CVE-2006-0671.json +++ b/2006/0xxx/CVE-2006-0671.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0671", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Sony Ericsson K600i, V600i, W800i, and T68i cell phone allows remote attackers to cause a denial of service (reboot or shutdown) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet whose length field is less than the actual length of the packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0671", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060206 [ Secuobs - Advisory ] Bluetooth : DoS on Sony/Ericsson cell phones", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113926179907655&w=2" - }, - { - "name" : "20060206 [Full-disclosure] [ Secuobs - Advisory ] Bluetooth : DoS on", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=113924661724270&w=2" - }, - { - "name" : "http://www.secuobs.com/news/05022006-bluetooth7.shtml#english", - "refsource" : "MISC", - "url" : "http://www.secuobs.com/news/05022006-bluetooth7.shtml#english" - }, - { - "name" : "16512", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16512" - }, - { - "name" : "ADV-2006-0478", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0478" - }, - { - "name" : "18747", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18747" - }, - { - "name" : "sony-bluetooth-dos(24534)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24534" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Sony Ericsson K600i, V600i, W800i, and T68i cell phone allows remote attackers to cause a denial of service (reboot or shutdown) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet whose length field is less than the actual length of the packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16512", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16512" + }, + { + "name": "18747", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18747" + }, + { + "name": "ADV-2006-0478", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0478" + }, + { + "name": "20060206 [Full-disclosure] [ Secuobs - Advisory ] Bluetooth : DoS on", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=113924661724270&w=2" + }, + { + "name": "20060206 [ Secuobs - Advisory ] Bluetooth : DoS on Sony/Ericsson cell phones", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113926179907655&w=2" + }, + { + "name": "sony-bluetooth-dos(24534)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24534" + }, + { + "name": "http://www.secuobs.com/news/05022006-bluetooth7.shtml#english", + "refsource": "MISC", + "url": "http://www.secuobs.com/news/05022006-bluetooth7.shtml#english" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0784.json b/2006/0xxx/CVE-2006-0784.json index 42a73e8281f..4ece1fa50ac 100644 --- a/2006/0xxx/CVE-2006-0784.json +++ b/2006/0xxx/CVE-2006-0784.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0784", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "D-Link DWL-G700AP with firmware 2.00 and 2.01 allows remote attackers to cause a denial of service (CAMEO HTTP service crash) via a request composed of \"GET\" followed by a space and two newlines, possibly triggering the crash due to missing arguments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0784", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060216 D-Link DWL-G700AP httpd DoS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/425169/100/0/threaded" - }, - { - "name" : "16690", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16690" - }, - { - "name" : "ADV-2006-0637", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0637" - }, - { - "name" : "18932", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18932" - }, - { - "name" : "441", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/441" - }, - { - "name" : "dlink-admin-interface-dos(24762)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24762" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "D-Link DWL-G700AP with firmware 2.00 and 2.01 allows remote attackers to cause a denial of service (CAMEO HTTP service crash) via a request composed of \"GET\" followed by a space and two newlines, possibly triggering the crash due to missing arguments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "441", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/441" + }, + { + "name": "dlink-admin-interface-dos(24762)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24762" + }, + { + "name": "ADV-2006-0637", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0637" + }, + { + "name": "18932", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18932" + }, + { + "name": "16690", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16690" + }, + { + "name": "20060216 D-Link DWL-G700AP httpd DoS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/425169/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1234.json b/2006/1xxx/CVE-2006-1234.json index 9718e25af1d..0c8f064a8fc 100644 --- a/2006/1xxx/CVE-2006-1234.json +++ b/2006/1xxx/CVE-2006-1234.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1234", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in DSCounter 1.2, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1234", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060325 [eVuln] DSCounter 'X-Forwarded-For' SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/428807/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/98/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/98/summary.html" - }, - { - "name" : "17112", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17112" - }, - { - "name" : "ADV-2006-0933", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0933" - }, - { - "name" : "23882", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23882" - }, - { - "name" : "1015756", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015756" - }, - { - "name" : "19206", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19206" - }, - { - "name" : "627", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/627" - }, - { - "name" : "dscounter-index-sql-injection(25190)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25190" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in DSCounter 1.2, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23882", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23882" + }, + { + "name": "20060325 [eVuln] DSCounter 'X-Forwarded-For' SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/428807/100/0/threaded" + }, + { + "name": "1015756", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015756" + }, + { + "name": "19206", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19206" + }, + { + "name": "627", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/627" + }, + { + "name": "dscounter-index-sql-injection(25190)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25190" + }, + { + "name": "ADV-2006-0933", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0933" + }, + { + "name": "http://evuln.com/vulns/98/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/98/summary.html" + }, + { + "name": "17112", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17112" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1530.json b/2006/1xxx/CVE-2006-1530.json index cc34425d237..5ae1d6efb3a 100644 --- a/2006/1xxx/CVE-2006-1530.json +++ b/2006/1xxx/CVE-2006-1530.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1530", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-1530", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-20.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-20.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=326615", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=326615" - }, - { - "name" : "DSA-1046", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1046" - }, - { - "name" : "DSA-1051", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1051" - }, - { - "name" : "HPSBUX02153", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" - }, - { - "name" : "SSRT061181", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" - }, - { - "name" : "HPSBUX02156", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" - }, - { - "name" : "SSRT061236", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" - }, - { - "name" : "SCOSA-2006.26", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt" - }, - { - "name" : "VU#350262", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/350262" - }, - { - "name" : "17516", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17516" - }, - { - "name" : "ADV-2006-1356", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1356" - }, - { - "name" : "ADV-2006-3748", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3748" - }, - { - "name" : "ADV-2006-3749", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3749" - }, - { - "name" : "ADV-2008-0083", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0083" - }, - { - "name" : "oval:org.mitre.oval:def:1903", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1903" - }, - { - "name" : "1015919", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015919" - }, - { - "name" : "1015921", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015921" - }, - { - "name" : "1015920", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015920" - }, - { - "name" : "19631", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19631" - }, - { - "name" : "19649", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19649" - }, - { - "name" : "19863", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19863" - }, - { - "name" : "19941", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19941" - }, - { - "name" : "21033", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21033" - }, - { - "name" : "22065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22065" - }, - { - "name" : "22066", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22066" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:1903", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1903" + }, + { + "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-20.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-20.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=326615", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=326615" + }, + { + "name": "ADV-2006-3748", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3748" + }, + { + "name": "19941", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19941" + }, + { + "name": "DSA-1051", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1051" + }, + { + "name": "ADV-2006-3749", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3749" + }, + { + "name": "21033", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21033" + }, + { + "name": "VU#350262", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/350262" + }, + { + "name": "ADV-2008-0083", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0083" + }, + { + "name": "SSRT061181", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" + }, + { + "name": "ADV-2006-1356", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1356" + }, + { + "name": "SSRT061236", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded" + }, + { + "name": "1015921", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015921" + }, + { + "name": "HPSBUX02153", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" + }, + { + "name": "19649", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19649" + }, + { + "name": "19863", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19863" + }, + { + "name": "HPSBUX02156", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded" + }, + { + "name": "SCOSA-2006.26", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt" + }, + { + "name": "17516", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17516" + }, + { + "name": "1015919", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015919" + }, + { + "name": "22066", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22066" + }, + { + "name": "1015920", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015920" + }, + { + "name": "22065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22065" + }, + { + "name": "19631", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19631" + }, + { + "name": "DSA-1046", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1046" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1568.json b/2006/1xxx/CVE-2006-1568.json index 7df5a93f9f6..bf8699cfeb8 100644 --- a/2006/1xxx/CVE-2006-1568.json +++ b/2006/1xxx/CVE-2006-1568.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1568", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in register.php in RedCMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) email, (2) location, or (3) website parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1568", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060413 [eVuln] RedCMS Multiple XSS and SQL Injection Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431001/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/115/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/115/summary.html" - }, - { - "name" : "17336", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17336" - }, - { - "name" : "ADV-2006-1186", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1186" - }, - { - "name" : "24296", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24296" - }, - { - "name" : "19475", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19475" - }, - { - "name" : "708", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/708" - }, - { - "name" : "redcms-register-xss(25577)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25577" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in register.php in RedCMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) email, (2) location, or (3) website parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060413 [eVuln] RedCMS Multiple XSS and SQL Injection Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431001/100/0/threaded" + }, + { + "name": "redcms-register-xss(25577)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25577" + }, + { + "name": "17336", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17336" + }, + { + "name": "ADV-2006-1186", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1186" + }, + { + "name": "http://evuln.com/vulns/115/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/115/summary.html" + }, + { + "name": "708", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/708" + }, + { + "name": "19475", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19475" + }, + { + "name": "24296", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24296" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3250.json b/2006/3xxx/CVE-2006-3250.json index 08bab08032d..fd37aa981ba 100644 --- a/2006/3xxx/CVE-2006-3250.json +++ b/2006/3xxx/CVE-2006-3250.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3250", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Windows Live Messenger 8.0 allows user-assisted attackers to execute arbitrary code via a crafted Contact List (.ctt) file, which triggers the overflow when it is imported by the user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3250", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060625 Windows Live Messenger 8.0 ( Contact List *.ctt ) Heap Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438442/100/0/threaded" - }, - { - "name" : "http://www.jaascois.com/exploits/18602016/", - "refsource" : "MISC", - "url" : "http://www.jaascois.com/exploits/18602016/" - }, - { - "name" : "http://securitydot.net/xpl/exploits/vulnerabilities/articles/1108/exploit.html", - "refsource" : "MISC", - "url" : "http://securitydot.net/xpl/exploits/vulnerabilities/articles/1108/exploit.html" - }, - { - "name" : "18639", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18639" - }, - { - "name" : "1016373", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016373" - }, - { - "name" : "live-messenger-contact-list-dos(27417)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27417" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Windows Live Messenger 8.0 allows user-assisted attackers to execute arbitrary code via a crafted Contact List (.ctt) file, which triggers the overflow when it is imported by the user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.jaascois.com/exploits/18602016/", + "refsource": "MISC", + "url": "http://www.jaascois.com/exploits/18602016/" + }, + { + "name": "20060625 Windows Live Messenger 8.0 ( Contact List *.ctt ) Heap Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438442/100/0/threaded" + }, + { + "name": "http://securitydot.net/xpl/exploits/vulnerabilities/articles/1108/exploit.html", + "refsource": "MISC", + "url": "http://securitydot.net/xpl/exploits/vulnerabilities/articles/1108/exploit.html" + }, + { + "name": "1016373", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016373" + }, + { + "name": "live-messenger-contact-list-dos(27417)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27417" + }, + { + "name": "18639", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18639" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3637.json b/2006/3xxx/CVE-2006-3637.json index f4cb19dfefb..4f877801251 100644 --- a/2006/3xxx/CVE-2006-3637.json +++ b/2006/3xxx/CVE-2006-3637.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3637", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka \"HTML Rendering Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2006-3637", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS06-042", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" - }, - { - "name" : "TA06-220A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" - }, - { - "name" : "VU#340060", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/340060" - }, - { - "name" : "ADV-2006-3212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3212" - }, - { - "name" : "27853", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27853" - }, - { - "name" : "oval:org.mitre.oval:def:502", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A502" - }, - { - "name" : "1016663", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016663" - }, - { - "name" : "21396", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21396" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka \"HTML Rendering Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27853", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27853" + }, + { + "name": "1016663", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016663" + }, + { + "name": "MS06-042", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" + }, + { + "name": "21396", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21396" + }, + { + "name": "ADV-2006-3212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3212" + }, + { + "name": "TA06-220A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" + }, + { + "name": "VU#340060", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/340060" + }, + { + "name": "oval:org.mitre.oval:def:502", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A502" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4453.json b/2006/4xxx/CVE-2006-4453.json index 4cc6992625f..b445c7ae41e 100644 --- a/2006/4xxx/CVE-2006-4453.json +++ b/2006/4xxx/CVE-2006-4453.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4453", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving \"table markups\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4453", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.pmichaud.com/wiki/PmWiki/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://www.pmichaud.com/wiki/PmWiki/ChangeLog" - }, - { - "name" : "19747", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19747" - }, - { - "name" : "28268", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28268" - }, - { - "name" : "21667", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21667" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving \"table markups\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.pmichaud.com/wiki/PmWiki/ChangeLog", + "refsource": "CONFIRM", + "url": "http://www.pmichaud.com/wiki/PmWiki/ChangeLog" + }, + { + "name": "28268", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28268" + }, + { + "name": "21667", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21667" + }, + { + "name": "19747", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19747" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4805.json b/2006/4xxx/CVE-2006-4805.json index a0e6f1cdb18..44ea4050fbd 100644 --- a/2006/4xxx/CVE-2006-4805.json +++ b/2006/4xxx/CVE-2006-4805.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4805", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "epan/dissectors/packet-xot.c in the XOT dissector (dissect_xot_pdu) in Wireshark (formerly Ethereal) 0.9.8 through 0.99.3 allows remote attackers to cause a denial of service (memory consumption and crash) via an encoded XOT packet that produces a zero length value when it is decoded." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-4805", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061101 rPSA-2006-0202-1 tshark wireshark", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/450307/100/0/threaded" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2006-03.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2006-03.html" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-746", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-746" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-255.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-255.htm" - }, - { - "name" : "DSA-1201", - "refsource" : "DEBIAN", - "url" : "http://www.us.debian.org/security/2006/dsa-1201" - }, - { - "name" : "MDKSA-2006:195", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:195" - }, - { - "name" : "RHSA-2006:0726", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0726.html" - }, - { - "name" : "20061101-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P" - }, - { - "name" : "SUSE-SA:2006:065", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_65_ethereal.html" - }, - { - "name" : "VU#723736", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/723736" - }, - { - "name" : "20762", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20762" - }, - { - "name" : "oval:org.mitre.oval:def:10199", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10199" - }, - { - "name" : "ADV-2006-4220", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4220" - }, - { - "name" : "1017129", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017129" - }, - { - "name" : "22590", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22590" - }, - { - "name" : "22692", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22692" - }, - { - "name" : "22659", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22659" - }, - { - "name" : "22672", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22672" - }, - { - "name" : "22797", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22797" - }, - { - "name" : "22841", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22841" - }, - { - "name" : "22929", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22929" - }, - { - "name" : "23096", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23096" - }, - { - "name" : "wireshark-xot-dos(29843)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29843" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "epan/dissectors/packet-xot.c in the XOT dissector (dissect_xot_pdu) in Wireshark (formerly Ethereal) 0.9.8 through 0.99.3 allows remote attackers to cause a denial of service (memory consumption and crash) via an encoded XOT packet that produces a zero length value when it is decoded." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-255.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-255.htm" + }, + { + "name": "23096", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23096" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2006-03.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2006-03.html" + }, + { + "name": "DSA-1201", + "refsource": "DEBIAN", + "url": "http://www.us.debian.org/security/2006/dsa-1201" + }, + { + "name": "https://issues.rpath.com/browse/RPL-746", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-746" + }, + { + "name": "22590", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22590" + }, + { + "name": "20061101-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P" + }, + { + "name": "ADV-2006-4220", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4220" + }, + { + "name": "wireshark-xot-dos(29843)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29843" + }, + { + "name": "22841", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22841" + }, + { + "name": "VU#723736", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/723736" + }, + { + "name": "20762", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20762" + }, + { + "name": "oval:org.mitre.oval:def:10199", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10199" + }, + { + "name": "SUSE-SA:2006:065", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_65_ethereal.html" + }, + { + "name": "RHSA-2006:0726", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0726.html" + }, + { + "name": "22929", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22929" + }, + { + "name": "20061101 rPSA-2006-0202-1 tshark wireshark", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/450307/100/0/threaded" + }, + { + "name": "22659", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22659" + }, + { + "name": "22692", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22692" + }, + { + "name": "MDKSA-2006:195", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:195" + }, + { + "name": "1017129", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017129" + }, + { + "name": "22672", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22672" + }, + { + "name": "22797", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22797" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2669.json b/2010/2xxx/CVE-2010-2669.json index b6d1d2f87bd..b6701b4c841 100644 --- a/2010/2xxx/CVE-2010-2669.json +++ b/2010/2xxx/CVE-2010-2669.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2669", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in admin/editors/text/editor-body.php in Orbis CMS 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2669", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cross-site-scripting.blogspot.com/2010/07/orbis-102-reflected-xss.html", - "refsource" : "MISC", - "url" : "http://cross-site-scripting.blogspot.com/2010/07/orbis-102-reflected-xss.html" - }, - { - "name" : "41390", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41390" - }, - { - "name" : "66021", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/66021" - }, - { - "name" : "40474", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40474" - }, - { - "name" : "orbis-editbody-xss(60087)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60087" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in admin/editors/text/editor-body.php in Orbis CMS 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "66021", + "refsource": "OSVDB", + "url": "http://osvdb.org/66021" + }, + { + "name": "http://cross-site-scripting.blogspot.com/2010/07/orbis-102-reflected-xss.html", + "refsource": "MISC", + "url": "http://cross-site-scripting.blogspot.com/2010/07/orbis-102-reflected-xss.html" + }, + { + "name": "orbis-editbody-xss(60087)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60087" + }, + { + "name": "40474", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40474" + }, + { + "name": "41390", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41390" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2693.json b/2010/2xxx/CVE-2010-2693.json index fe983d5c4ad..7a27dd7b0c9 100644 --- a/2010/2xxx/CVE-2010-2693.json +++ b/2010/2xxx/CVE-2010-2693.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2693", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FreeBSD 7.1 through 8.1-PRERELEASE does not copy the read-only flag when creating a duplicate mbuf buffer reference, which allows local users to cause a denial of service (system file corruption) and gain privileges via the sendfile system call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secteam@freebsd.org", + "ID": "CVE-2010-2693", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FreeBSD-SA-10:07", - "refsource" : "FREEBSD", - "url" : "http://security.freebsd.org/advisories/FreeBSD-SA-10:07.mbuf.asc" - }, - { - "name" : "41577", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41577" - }, - { - "name" : "1024182", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024182" - }, - { - "name" : "40567", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40567" - }, - { - "name" : "ADV-2010-1787", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1787" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FreeBSD 7.1 through 8.1-PRERELEASE does not copy the read-only flag when creating a duplicate mbuf buffer reference, which allows local users to cause a denial of service (system file corruption) and gain privileges via the sendfile system call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-1787", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1787" + }, + { + "name": "FreeBSD-SA-10:07", + "refsource": "FREEBSD", + "url": "http://security.freebsd.org/advisories/FreeBSD-SA-10:07.mbuf.asc" + }, + { + "name": "1024182", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024182" + }, + { + "name": "40567", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40567" + }, + { + "name": "41577", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41577" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2698.json b/2010/2xxx/CVE-2010-2698.json index 4e3152c1fcd..c6d3a452ace 100644 --- a/2010/2xxx/CVE-2010-2698.json +++ b/2010/2xxx/CVE-2010-2698.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2698", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Sijio Community Software allow remote authenticated users to inject arbitrary web script or HTML via the title parameter when (1) editing a new blog, (2) adding an album, or (3) editing an album. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2698", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14260", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14260" - }, - { - "name" : "66154", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/66154" - }, - { - "name" : "40492", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40492" - }, - { - "name" : "sijio-title-xss(60176)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60176" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Sijio Community Software allow remote authenticated users to inject arbitrary web script or HTML via the title parameter when (1) editing a new blog, (2) adding an album, or (3) editing an album. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14260", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14260" + }, + { + "name": "sijio-title-xss(60176)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60176" + }, + { + "name": "66154", + "refsource": "OSVDB", + "url": "http://osvdb.org/66154" + }, + { + "name": "40492", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40492" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2835.json b/2010/2xxx/CVE-2010-2835.json index 953cea731d5..baf255170be 100644 --- a/2010/2xxx/CVE-2010-2835.json +++ b/2010/2xxx/CVE-2010-2835.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2835", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.0 before 7.0(2a)su3, 7.1su before 7.1(3b)su2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a SIP REFER request with an invalid Refer-To header, aka Bug IDs CSCta20040 and CSCta31358." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2010-2835", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100922 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.shtml" - }, - { - "name" : "20100922 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a313.shtml" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.0 before 7.0(2a)su3, 7.1su before 7.1(3b)su2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a SIP REFER request with an invalid Refer-To header, aka Bug IDs CSCta20040 and CSCta31358." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100922 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a313.shtml" + }, + { + "name": "20100922 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3035.json b/2010/3xxx/CVE-2010-3035.json index 4f751aec269..b37b186ce2e 100644 --- a/2010/3xxx/CVE-2010-3035.json +++ b/2010/3xxx/CVE-2010-3035.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3035", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, aka Bug ID CSCti62211." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2010-3035", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[nanog] 20100827 Did your BGP crash today?", - "refsource" : "MLIST", - "url" : "http://mailman.nanog.org/pipermail/nanog/2010-August/024837.html" - }, - { - "name" : "20100827 Cisco IOS XR Software Border Gateway Protocol Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4411f.shtml" - }, - { - "name" : "67696", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/67696" - }, - { - "name" : "1024371", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024371" - }, - { - "name" : "41190", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41190" - }, - { - "name" : "ADV-2010-2227", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2227" - }, - { - "name" : "ciscoiosxr-bgp-packet-dos(61443)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61443" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, aka Bug ID CSCti62211." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ciscoiosxr-bgp-packet-dos(61443)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61443" + }, + { + "name": "1024371", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024371" + }, + { + "name": "20100827 Cisco IOS XR Software Border Gateway Protocol Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4411f.shtml" + }, + { + "name": "[nanog] 20100827 Did your BGP crash today?", + "refsource": "MLIST", + "url": "http://mailman.nanog.org/pipermail/nanog/2010-August/024837.html" + }, + { + "name": "41190", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41190" + }, + { + "name": "ADV-2010-2227", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2227" + }, + { + "name": "67696", + "refsource": "OSVDB", + "url": "http://osvdb.org/67696" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3105.json b/2010/3xxx/CVE-2010-3105.json index a1f77491ea7..05d10d5bef2 100644 --- a/2010/3xxx/CVE-2010-3105.json +++ b/2010/3xxx/CVE-2010-3105.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3105", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PluginGetDriverFile function in Novell iPrint Client before 5.44 interprets an uninitialized memory location as a pointer value, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3105", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42576", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42576" - }, - { - "name" : "oval:org.mitre.oval:def:11817", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11817" - }, - { - "name" : "40805", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40805" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PluginGetDriverFile function in Novell iPrint Client before 5.44 interprets an uninitialized memory location as a pointer value, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42576", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42576" + }, + { + "name": "oval:org.mitre.oval:def:11817", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11817" + }, + { + "name": "40805", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40805" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3173.json b/2010/3xxx/CVE-2010-3173.json index fe419369220..439d690de5e 100644 --- a/2010/3xxx/CVE-2010-3173.json +++ b/2010/3xxx/CVE-2010-3173.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3173", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3173", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-72.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-72.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=554354", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=554354" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=583337", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=583337" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=587234", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=587234" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=595300", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=595300" - }, - { - "name" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", - "refsource" : "CONFIRM", - "url" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100114250", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100114250" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100120156", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100120156" - }, - { - "name" : "DSA-2123", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2123" - }, - { - "name" : "MDVSA-2010:210", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:210" - }, - { - "name" : "MDVSA-2010:211", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:211" - }, - { - "name" : "RHSA-2010:0781", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0781.html" - }, - { - "name" : "RHSA-2010:0782", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0782.html" - }, - { - "name" : "USN-1007-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1007-1" - }, - { - "name" : "oval:org.mitre.oval:def:12118", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12118" - }, - { - "name" : "41839", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41839" - }, - { - "name" : "42867", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42867" - }, - { - "name" : "ADV-2011-0061", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0061" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2010:0782", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0782.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=554354", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=554354" + }, + { + "name": "MDVSA-2010:210", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:210" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=583337", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=583337" + }, + { + "name": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", + "refsource": "CONFIRM", + "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=595300", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=595300" + }, + { + "name": "RHSA-2010:0781", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0781.html" + }, + { + "name": "42867", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42867" + }, + { + "name": "MDVSA-2010:211", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:211" + }, + { + "name": "ADV-2011-0061", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0061" + }, + { + "name": "oval:org.mitre.oval:def:12118", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12118" + }, + { + "name": "USN-1007-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1007-1" + }, + { + "name": "DSA-2123", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2123" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100114250", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100114250" + }, + { + "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-72.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-72.html" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100120156", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100120156" + }, + { + "name": "41839", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41839" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=587234", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=587234" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3540.json b/2010/3xxx/CVE-2010-3540.json index ab70d1e6665..9184ab8a2e0 100644 --- a/2010/3xxx/CVE-2010-3540.json +++ b/2010/3xxx/CVE-2010-3540.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3540", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability, related to ZFS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-3540", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - }, - { - "name" : "TA10-287A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability, related to ZFS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + }, + { + "name": "TA10-287A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3584.json b/2010/3xxx/CVE-2010-3584.json index 1f62a077c9c..4f5858939ee 100644 --- a/2010/3xxx/CVE-2010-3584.json +++ b/2010/3xxx/CVE-2010-3584.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3584", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle VM component in Oracle VM 2.2.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a third party researcher that this is related to the storage of passwords and password hashes in cleartext in files with insecure permissions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-3584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101102 [Onapsis Security Advisory 2010-010] Oracle Virtual Server Agent Local Privilege Escalation", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514612/100/0/threaded" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - }, - { - "name" : "TA10-287A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle VM component in Oracle VM 2.2.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a third party researcher that this is related to the storage of passwords and password hashes in cleartext in files with insecure permissions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20101102 [Onapsis Security Advisory 2010-010] Oracle Virtual Server Agent Local Privilege Escalation", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514612/100/0/threaded" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + }, + { + "name": "TA10-287A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3657.json b/2010/3xxx/CVE-2010-3657.json index 2cf5e84205e..90c43813d32 100644 --- a/2010/3xxx/CVE-2010-3657.json +++ b/2010/3xxx/CVE-2010-3657.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3657", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3656." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-3657", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html" - }, - { - "name" : "GLSA-201101-08", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201101-08.xml" - }, - { - "name" : "RHSA-2010:0743", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0743.html" - }, - { - "name" : "SUSE-SA:2010:048", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html" - }, - { - "name" : "SUSE-SR:2010:019", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" - }, - { - "name" : "TA10-279A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-279A.html" - }, - { - "name" : "oval:org.mitre.oval:def:6791", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6791" - }, - { - "name" : "43025", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43025" - }, - { - "name" : "ADV-2011-0191", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0191" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3656." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2010:048", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html" + }, + { + "name": "ADV-2011-0191", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0191" + }, + { + "name": "43025", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43025" + }, + { + "name": "GLSA-201101-08", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201101-08.xml" + }, + { + "name": "oval:org.mitre.oval:def:6791", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6791" + }, + { + "name": "RHSA-2010:0743", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0743.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-21.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-21.html" + }, + { + "name": "TA10-279A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-279A.html" + }, + { + "name": "SUSE-SR:2010:019", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4195.json b/2010/4xxx/CVE-2010-4195.json index 170c0ade8b6..218df212c32 100644 --- a/2010/4xxx/CVE-2010-4195.json +++ b/2010/4xxx/CVE-2010-4195.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4195", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TextXtra module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-4195", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-01.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-01.html" - }, - { - "name" : "VU#189929", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/189929" - }, - { - "name" : "46336", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46336" - }, - { - "name" : "1025056", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025056" - }, - { - "name" : "ADV-2011-0335", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0335" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TextXtra module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#189929", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/189929" + }, + { + "name": "ADV-2011-0335", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0335" + }, + { + "name": "46336", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46336" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-01.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-01.html" + }, + { + "name": "1025056", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025056" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4885.json b/2010/4xxx/CVE-2010-4885.json index 73ce5200ed2..bad27763823 100644 --- a/2010/4xxx/CVE-2010-4885.json +++ b/2010/4xxx/CVE-2010-4885.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4885", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the XING Button (xing) extension before 1.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4885", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/extensions/repository/view/xing/1.0.2/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/extensions/repository/view/xing/1.0.2/" - }, - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/" - }, - { - "name" : "42937", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42937" - }, - { - "name" : "41269", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41269" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the XING Button (xing) extension before 1.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42937", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42937" + }, + { + "name": "http://typo3.org/extensions/repository/view/xing/1.0.2/", + "refsource": "CONFIRM", + "url": "http://typo3.org/extensions/repository/view/xing/1.0.2/" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/" + }, + { + "name": "41269", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41269" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1163.json b/2011/1xxx/CVE-2011-1163.json index 320a4761637..05463baf1a9 100644 --- a/2011/1xxx/CVE-2011-1163.json +++ b/2011/1xxx/CVE-2011-1163.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1163", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1163", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110317 [PRE-SA-2011-02] Information disclosure vulnerability in the OSF partition handling code of the Linux kernel", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/517050" - }, - { - "name" : "[mm-commits] 20110314 + fs-partitions-osfc-corrupted-osf-partition-table-can-cause-information-disclosure.patch added to -mm tree", - "refsource" : "MLIST", - "url" : "http://www.spinics.net/lists/mm-commits/msg82737.html" - }, - { - "name" : "[oss-security] 20110315 CVE Request: kernel: fs/partitions: Corrupted OSF partition table can cause information disclosure", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/15/9" - }, - { - "name" : "[oss-security] 20110315 Re: CVE Request: kernel: fs/partitions: Corrupted OSF partition table can cause information disclosure", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/15/14" - }, - { - "name" : "http://www.pre-cert.de/advisories/PRE-SA-2011-02.txt", - "refsource" : "MISC", - "url" : "http://www.pre-cert.de/advisories/PRE-SA-2011-02.txt" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1eafbfeb7bdf59cfe173304c76188f3fd5f1fd05", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1eafbfeb7bdf59cfe173304c76188f3fd5f1fd05" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=688021", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=688021" - }, - { - "name" : "http://downloads.avaya.com/css/P8/documents/100145416", - "refsource" : "CONFIRM", - "url" : "http://downloads.avaya.com/css/P8/documents/100145416" - }, - { - "name" : "RHSA-2011:0833", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2011-0833.html" - }, - { - "name" : "SUSE-SU-2015:0812", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html" - }, - { - "name" : "46878", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46878" - }, - { - "name" : "1025225", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025225" - }, - { - "name" : "8189", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8189" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[mm-commits] 20110314 + fs-partitions-osfc-corrupted-osf-partition-table-can-cause-information-disclosure.patch added to -mm tree", + "refsource": "MLIST", + "url": "http://www.spinics.net/lists/mm-commits/msg82737.html" + }, + { + "name": "46878", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46878" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1eafbfeb7bdf59cfe173304c76188f3fd5f1fd05", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1eafbfeb7bdf59cfe173304c76188f3fd5f1fd05" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=688021", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=688021" + }, + { + "name": "8189", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8189" + }, + { + "name": "1025225", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025225" + }, + { + "name": "[oss-security] 20110315 Re: CVE Request: kernel: fs/partitions: Corrupted OSF partition table can cause information disclosure", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/15/14" + }, + { + "name": "RHSA-2011:0833", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2011-0833.html" + }, + { + "name": "[oss-security] 20110315 CVE Request: kernel: fs/partitions: Corrupted OSF partition table can cause information disclosure", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/15/9" + }, + { + "name": "http://www.pre-cert.de/advisories/PRE-SA-2011-02.txt", + "refsource": "MISC", + "url": "http://www.pre-cert.de/advisories/PRE-SA-2011-02.txt" + }, + { + "name": "http://downloads.avaya.com/css/P8/documents/100145416", + "refsource": "CONFIRM", + "url": "http://downloads.avaya.com/css/P8/documents/100145416" + }, + { + "name": "20110317 [PRE-SA-2011-02] Information disclosure vulnerability in the OSF partition handling code of the Linux kernel", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/517050" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38" + }, + { + "name": "SUSE-SU-2015:0812", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1457.json b/2011/1xxx/CVE-2011-1457.json index a15638b3b97..3d69d402c5c 100644 --- a/2011/1xxx/CVE-2011-1457.json +++ b/2011/1xxx/CVE-2011-1457.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1457", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1457", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4808", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4808" - }, - { - "name" : "http://support.apple.com/kb/HT4981", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4981" - }, - { - "name" : "http://support.apple.com/kb/HT4999", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4999" - }, - { - "name" : "APPLE-SA-2011-07-20-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html" - }, - { - "name" : "APPLE-SA-2011-10-11-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" - }, - { - "name" : "APPLE-SA-2011-10-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4981", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4981" + }, + { + "name": "APPLE-SA-2011-10-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" + }, + { + "name": "APPLE-SA-2011-10-11-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT4999", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4999" + }, + { + "name": "http://support.apple.com/kb/HT4808", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4808" + }, + { + "name": "APPLE-SA-2011-07-20-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1864.json b/2011/1xxx/CVE-2011-1864.json index 36c30fe6da2..17cafa15e81 100644 --- a/2011/1xxx/CVE-2011-1864.json +++ b/2011/1xxx/CVE-2011-1864.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1864", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP OpenView Storage Data Protector 6.0, 6.10, and 6.11 allows remote attackers to execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-1864", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA02631", - "refsource" : "HP", - "url" : "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02712867" - }, - { - "name" : "SSRT100324", - "refsource" : "HP", - "url" : "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02712867" - }, - { - "name" : "48178", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48178" - }, - { - "name" : "72864", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/72864" - }, - { - "name" : "1025620", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025620" - }, - { - "name" : "44884", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44884" - }, - { - "name" : "hp-openview-data-code-execution(67960)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67960" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP OpenView Storage Data Protector 6.0, 6.10, and 6.11 allows remote attackers to execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT100324", + "refsource": "HP", + "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02712867" + }, + { + "name": "72864", + "refsource": "OSVDB", + "url": "http://osvdb.org/72864" + }, + { + "name": "HPSBMA02631", + "refsource": "HP", + "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02712867" + }, + { + "name": "1025620", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025620" + }, + { + "name": "hp-openview-data-code-execution(67960)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67960" + }, + { + "name": "48178", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48178" + }, + { + "name": "44884", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44884" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5023.json b/2011/5xxx/CVE-2011-5023.json index cd67d9f93bc..b3389f9a142 100644 --- a/2011/5xxx/CVE-2011-5023.json +++ b/2011/5xxx/CVE-2011-5023.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5023", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Pligg CMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the search program, a different vulnerability than CVE-2011-3986." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5023", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sitewat.ch/Advisory/View/6", - "refsource" : "MISC", - "url" : "https://sitewat.ch/Advisory/View/6" - }, - { - "name" : "http://pligg.svn.sourceforge.net/viewvc/pligg?view=revision&revision=2257", - "refsource" : "CONFIRM", - "url" : "http://pligg.svn.sourceforge.net/viewvc/pligg?view=revision&revision=2257" - }, - { - "name" : "51274", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51274" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Pligg CMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the search program, a different vulnerability than CVE-2011-3986." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sitewat.ch/Advisory/View/6", + "refsource": "MISC", + "url": "https://sitewat.ch/Advisory/View/6" + }, + { + "name": "http://pligg.svn.sourceforge.net/viewvc/pligg?view=revision&revision=2257", + "refsource": "CONFIRM", + "url": "http://pligg.svn.sourceforge.net/viewvc/pligg?view=revision&revision=2257" + }, + { + "name": "51274", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51274" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5308.json b/2011/5xxx/CVE-2011-5308.json index 3b2003e0778..d4454d777e8 100644 --- a/2011/5xxx/CVE-2011-5308.json +++ b/2011/5xxx/CVE-2011-5308.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5308", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in cdnvote-post.php in the cdnvote plugin before 0.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) cdnvote_post_id or (2) cdnvote_point parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5308", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.htbridge.com/advisory/HTB22845", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB22845" - }, - { - "name" : "http://wpsecure.net/2011/02/cdnvote-plugin/", - "refsource" : "CONFIRM", - "url" : "http://wpsecure.net/2011/02/cdnvote-plugin/" - }, - { - "name" : "https://plugins.trac.wordpress.org/changeset/350873/cdnvote/trunk/cdnvote-post.php", - "refsource" : "CONFIRM", - "url" : "https://plugins.trac.wordpress.org/changeset/350873/cdnvote/trunk/cdnvote-post.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in cdnvote-post.php in the cdnvote plugin before 0.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) cdnvote_post_id or (2) cdnvote_point parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://wpsecure.net/2011/02/cdnvote-plugin/", + "refsource": "CONFIRM", + "url": "http://wpsecure.net/2011/02/cdnvote-plugin/" + }, + { + "name": "https://plugins.trac.wordpress.org/changeset/350873/cdnvote/trunk/cdnvote-post.php", + "refsource": "CONFIRM", + "url": "https://plugins.trac.wordpress.org/changeset/350873/cdnvote/trunk/cdnvote-post.php" + }, + { + "name": "https://www.htbridge.com/advisory/HTB22845", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB22845" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3237.json b/2014/3xxx/CVE-2014-3237.json index 3c16969d2f1..c9c555bf24a 100644 --- a/2014/3xxx/CVE-2014-3237.json +++ b/2014/3xxx/CVE-2014-3237.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3237", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3237", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3375.json b/2014/3xxx/CVE-2014-3375.json index 778a7e371c2..fcb6b3967ef 100644 --- a/2014/3xxx/CVE-2014-3375.json +++ b/2014/3xxx/CVE-2014-3375.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3375", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90597." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3375", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36297", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36297" - }, - { - "name" : "20141030 Cisco Unified Communications Manager Service Interface Reflected Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3375" - }, - { - "name" : "70850", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70850" - }, - { - "name" : "1031163", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031163" - }, - { - "name" : "61025", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61025" - }, - { - "name" : "cisco-ucm-cve20143375-xss(98408)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98408" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90597." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36297", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36297" + }, + { + "name": "70850", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70850" + }, + { + "name": "20141030 Cisco Unified Communications Manager Service Interface Reflected Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3375" + }, + { + "name": "cisco-ucm-cve20143375-xss(98408)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98408" + }, + { + "name": "1031163", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031163" + }, + { + "name": "61025", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61025" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3607.json b/2014/3xxx/CVE-2014-3607.json index a95c54ab703..9ea2bd0ddda 100644 --- a/2014/3xxx/CVE-2014-3607.json +++ b/2014/3xxx/CVE-2014-3607.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3607", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DefaultHostnameVerifier in Ldaptive (formerly vt-ldap) does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3607", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://shibboleth.net/community/advisories/secadv_20140919.txt", - "refsource" : "CONFIRM", - "url" : "http://shibboleth.net/community/advisories/secadv_20140919.txt" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1140438", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1140438" - }, - { - "name" : "https://code.google.com/archive/p/vt-middleware/issues/226", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/archive/p/vt-middleware/issues/226" - }, - { - "name" : "https://code.google.com/archive/p/vt-middleware/issues/227", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/archive/p/vt-middleware/issues/227" - }, - { - "name" : "https://code.google.com/archive/p/vt-middleware/issues/228", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/archive/p/vt-middleware/issues/228" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DefaultHostnameVerifier in Ldaptive (formerly vt-ldap) does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://shibboleth.net/community/advisories/secadv_20140919.txt", + "refsource": "CONFIRM", + "url": "http://shibboleth.net/community/advisories/secadv_20140919.txt" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1140438", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1140438" + }, + { + "name": "https://code.google.com/archive/p/vt-middleware/issues/227", + "refsource": "CONFIRM", + "url": "https://code.google.com/archive/p/vt-middleware/issues/227" + }, + { + "name": "https://code.google.com/archive/p/vt-middleware/issues/226", + "refsource": "CONFIRM", + "url": "https://code.google.com/archive/p/vt-middleware/issues/226" + }, + { + "name": "https://code.google.com/archive/p/vt-middleware/issues/228", + "refsource": "CONFIRM", + "url": "https://code.google.com/archive/p/vt-middleware/issues/228" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3862.json b/2014/3xxx/CVE-2014-3862.json index 5014341901f..8643a7846cc 100644 --- a/2014/3xxx/CVE-2014-3862.json +++ b/2014/3xxx/CVE-2014-3862.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in its SRC attribute, leading to information disclosure in a Referer log." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://smartplatforms.org/2014/04/security-vulnerabilities-in-ccda-display/", - "refsource" : "MISC", - "url" : "http://smartplatforms.org/2014/04/security-vulnerabilities-in-ccda-display/" - }, - { - "name" : "http://gforge.hl7.org/gf/project/strucdoc/frs/?action=FrsReleaseView&release_id=1088", - "refsource" : "CONFIRM", - "url" : "http://gforge.hl7.org/gf/project/strucdoc/frs/?action=FrsReleaseView&release_id=1088" - }, - { - "name" : "http://motorcycleguy.blogspot.com/2014/04/hl7-cda-stylesheet-patches.html", - "refsource" : "CONFIRM", - "url" : "http://motorcycleguy.blogspot.com/2014/04/hl7-cda-stylesheet-patches.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in its SRC attribute, leading to information disclosure in a Referer log." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://motorcycleguy.blogspot.com/2014/04/hl7-cda-stylesheet-patches.html", + "refsource": "CONFIRM", + "url": "http://motorcycleguy.blogspot.com/2014/04/hl7-cda-stylesheet-patches.html" + }, + { + "name": "http://gforge.hl7.org/gf/project/strucdoc/frs/?action=FrsReleaseView&release_id=1088", + "refsource": "CONFIRM", + "url": "http://gforge.hl7.org/gf/project/strucdoc/frs/?action=FrsReleaseView&release_id=1088" + }, + { + "name": "http://smartplatforms.org/2014/04/security-vulnerabilities-in-ccda-display/", + "refsource": "MISC", + "url": "http://smartplatforms.org/2014/04/security-vulnerabilities-in-ccda-display/" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7265.json b/2014/7xxx/CVE-2014-7265.json index f2762255a32..9c8b34bed2a 100644 --- a/2014/7xxx/CVE-2014-7265.json +++ b/2014/7xxx/CVE-2014-7265.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7265", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in LinPHA allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-7265", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#61181790", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN61181790/index.html" - }, - { - "name" : "JVNDB-2014-000150", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in LinPHA allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2014-000150", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000150" + }, + { + "name": "JVN#61181790", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN61181790/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8031.json b/2014/8xxx/CVE-2014-8031.json index e956dbdcbfb..bea3862b35d 100644 --- a/2014/8xxx/CVE-2014-8031.json +++ b/2014/8xxx/CVE-2014-8031.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8031", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj40456." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-8031", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150108 Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8031" - }, - { - "name" : "71943", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71943" - }, - { - "name" : "1031517", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031517" - }, - { - "name" : "62173", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62173" - }, - { - "name" : "cisco-webex-cve20148031-csrf(100575)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100575" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj40456." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-webex-cve20148031-csrf(100575)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100575" + }, + { + "name": "1031517", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031517" + }, + { + "name": "20150108 Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8031" + }, + { + "name": "62173", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62173" + }, + { + "name": "71943", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71943" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9494.json b/2014/9xxx/CVE-2014-9494.json index 7a9e28cec99..355902bb1e5 100644 --- a/2014/9xxx/CVE-2014-9494.json +++ b/2014/9xxx/CVE-2014-9494.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9494", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restriction via a crafted X-Forwareded-For header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-9494", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150103 Re: CVE request: insufficient 'X-Forwarded-For' header validation in rabbitmq-server", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2015/q1/30" - }, - { - "name" : "http://www.rabbitmq.com/release-notes/README-3.4.0.txt", - "refsource" : "CONFIRM", - "url" : "http://www.rabbitmq.com/release-notes/README-3.4.0.txt" - }, - { - "name" : "https://groups.google.com/forum/#!topic/rabbitmq-users/DMkypbSvIyM", - "refsource" : "CONFIRM", - "url" : "https://groups.google.com/forum/#!topic/rabbitmq-users/DMkypbSvIyM" - }, - { - "name" : "rabbitmq-cve20149494-sec-bypass(99685)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99685" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restriction via a crafted X-Forwareded-For header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "rabbitmq-cve20149494-sec-bypass(99685)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99685" + }, + { + "name": "https://groups.google.com/forum/#!topic/rabbitmq-users/DMkypbSvIyM", + "refsource": "CONFIRM", + "url": "https://groups.google.com/forum/#!topic/rabbitmq-users/DMkypbSvIyM" + }, + { + "name": "[oss-security] 20150103 Re: CVE request: insufficient 'X-Forwarded-For' header validation in rabbitmq-server", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2015/q1/30" + }, + { + "name": "http://www.rabbitmq.com/release-notes/README-3.4.0.txt", + "refsource": "CONFIRM", + "url": "http://www.rabbitmq.com/release-notes/README-3.4.0.txt" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9723.json b/2014/9xxx/CVE-2014-9723.json index 854a750de40..9f2e9fc4402 100644 --- a/2014/9xxx/CVE-2014-9723.json +++ b/2014/9xxx/CVE-2014-9723.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9723", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9723", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9909.json b/2014/9xxx/CVE-2014-9909.json index a7cc90081b2..a10df9b1939 100644 --- a/2014/9xxx/CVE-2014-9909.json +++ b/2014/9xxx/CVE-2014-9909.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2014-9909", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31676542. References: B-RB#26684." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2014-9909", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2016-12-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2016-12-01.html" - }, - { - "name" : "94685", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94685" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31676542. References: B-RB#26684." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2016-12-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2016-12-01.html" + }, + { + "name": "94685", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94685" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2218.json b/2016/2xxx/CVE-2016-2218.json index a63b652396b..3fe692aa2c4 100644 --- a/2016/2xxx/CVE-2016-2218.json +++ b/2016/2xxx/CVE-2016-2218.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2218", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2218", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2333.json b/2016/2xxx/CVE-2016-2333.json index adba15fcbd8..51a160b5eb3 100644 --- a/2016/2xxx/CVE-2016-2333.json +++ b/2016/2xxx/CVE-2016-2333.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2333", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 use the same hardcoded encryption key across different customers' installations, which allows attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-2333", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#822980", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/822980" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 use the same hardcoded encryption key across different customers' installations, which allows attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#822980", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/822980" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2656.json b/2016/2xxx/CVE-2016-2656.json index 724c65ffeba..e6e5a63c040 100644 --- a/2016/2xxx/CVE-2016-2656.json +++ b/2016/2xxx/CVE-2016-2656.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2656", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2656", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2822.json b/2016/2xxx/CVE-2016-2822.json index dc2753a9b05..9a574abb562 100644 --- a/2016/2xxx/CVE-2016-2822.json +++ b/2016/2xxx/CVE-2016-2822.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2822", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2016-2822", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2016/mfsa2016-52.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2016/mfsa2016-52.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1273129", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1273129" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" - }, - { - "name" : "DSA-3600", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3600" - }, - { - "name" : "RHSA-2016:1217", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1217" - }, - { - "name" : "openSUSE-SU-2016:1552", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html" - }, - { - "name" : "openSUSE-SU-2016:1557", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html" - }, - { - "name" : "SUSE-SU-2016:1691", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html" - }, - { - "name" : "USN-2993-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2993-1" - }, - { - "name" : "91075", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91075" - }, - { - "name" : "1036057", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036057" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036057", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036057" + }, + { + "name": "RHSA-2016:1217", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1217" + }, + { + "name": "openSUSE-SU-2016:1557", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-52.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-52.html" + }, + { + "name": "openSUSE-SU-2016:1552", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html" + }, + { + "name": "USN-2993-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2993-1" + }, + { + "name": "SUSE-SU-2016:1691", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html" + }, + { + "name": "91075", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91075" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1273129", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1273129" + }, + { + "name": "DSA-3600", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3600" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2925.json b/2016/2xxx/CVE-2016-2925.json index 4a79a79da4f..a1ac8ceb35f 100644 --- a/2016/2xxx/CVE-2016-2925.json +++ b/2016/2xxx/CVE-2016-2925.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2925", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF30, 8.0.0.x through 8.0.0.1 CF21, and 8.5.0 before CF10 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-2925", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21986461", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21986461" - }, - { - "name" : "PI62749", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI62749" - }, - { - "name" : "92180", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92180" - }, - { - "name" : "1036454", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036454" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF30, 8.0.0.x through 8.0.0.1 CF21, and 8.5.0 before CF10 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036454", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036454" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21986461", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986461" + }, + { + "name": "PI62749", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI62749" + }, + { + "name": "92180", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92180" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6173.json b/2016/6xxx/CVE-2016-6173.json index 117ad660085..6d0d738ff1e 100644 --- a/2016/6xxx/CVE-2016-6173.json +++ b/2016/6xxx/CVE-2016-6173.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6173", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-6173", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[dns-operations] 20160704 DNS activities in Japan", - "refsource" : "MLIST", - "url" : "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html" - }, - { - "name" : "[nsd-users] 20160809 NSD 4.1.11", - "refsource" : "MLIST", - "url" : "https://open.nlnetlabs.nl/pipermail/nsd-users/2016-August/002342.html" - }, - { - "name" : "[oss-security] 20160706 Malicious primary DNS servers can crash secondaries", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/06/3" - }, - { - "name" : "[oss-security] 20160706 Re: Malicious primary DNS servers can crash secondaries", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/06/4" - }, - { - "name" : "https://github.com/sischkg/xfer-limit/blob/master/README.md", - "refsource" : "MISC", - "url" : "https://github.com/sischkg/xfer-limit/blob/master/README.md" - }, - { - "name" : "http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_1_11_REL/doc/RELNOTES", - "refsource" : "CONFIRM", - "url" : "http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_1_11_REL/doc/RELNOTES" - }, - { - "name" : "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790", - "refsource" : "CONFIRM", - "url" : "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790" - }, - { - "name" : "91678", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91678" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[nsd-users] 20160809 NSD 4.1.11", + "refsource": "MLIST", + "url": "https://open.nlnetlabs.nl/pipermail/nsd-users/2016-August/002342.html" + }, + { + "name": "[oss-security] 20160706 Malicious primary DNS servers can crash secondaries", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/06/3" + }, + { + "name": "91678", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91678" + }, + { + "name": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790", + "refsource": "CONFIRM", + "url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790" + }, + { + "name": "[dns-operations] 20160704 DNS activities in Japan", + "refsource": "MLIST", + "url": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html" + }, + { + "name": "[oss-security] 20160706 Re: Malicious primary DNS servers can crash secondaries", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/06/4" + }, + { + "name": "http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_1_11_REL/doc/RELNOTES", + "refsource": "CONFIRM", + "url": "http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_1_11_REL/doc/RELNOTES" + }, + { + "name": "https://github.com/sischkg/xfer-limit/blob/master/README.md", + "refsource": "MISC", + "url": "https://github.com/sischkg/xfer-limit/blob/master/README.md" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6288.json b/2016/6xxx/CVE-2016-6288.json index 881bc4df6fe..7432dc21763 100644 --- a/2016/6xxx/CVE-2016-6288.json +++ b/2016/6xxx/CVE-2016-6288.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6288", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6288", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160724 Re: Fwd: CVE for PHP 5.5.38 issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2016/07/24/2" - }, - { - "name" : "http://git.php.net/?p=php-src.git;a=commit;h=629e4da7cc8b174acdeab84969cbfc606a019b31", - "refsource" : "CONFIRM", - "url" : "http://git.php.net/?p=php-src.git;a=commit;h=629e4da7cc8b174acdeab84969cbfc606a019b31" - }, - { - "name" : "http://php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://php.net/ChangeLog-5.php" - }, - { - "name" : "https://bugs.php.net/70480", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/70480" - }, - { - "name" : "https://support.apple.com/HT207170", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207170" - }, - { - "name" : "APPLE-SA-2016-09-20", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html" - }, - { - "name" : "RHSA-2016:2750", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2750.html" - }, - { - "name" : "92111", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92111" - }, - { - "name" : "1036430", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036430" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2016-09-20", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html" + }, + { + "name": "92111", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92111" + }, + { + "name": "RHSA-2016:2750", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html" + }, + { + "name": "https://bugs.php.net/70480", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/70480" + }, + { + "name": "http://php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://php.net/ChangeLog-5.php" + }, + { + "name": "1036430", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036430" + }, + { + "name": "[oss-security] 20160724 Re: Fwd: CVE for PHP 5.5.38 issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2016/07/24/2" + }, + { + "name": "https://support.apple.com/HT207170", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207170" + }, + { + "name": "http://git.php.net/?p=php-src.git;a=commit;h=629e4da7cc8b174acdeab84969cbfc606a019b31", + "refsource": "CONFIRM", + "url": "http://git.php.net/?p=php-src.git;a=commit;h=629e4da7cc8b174acdeab84969cbfc606a019b31" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6361.json b/2016/6xxx/CVE-2016-6361.json index 85ab0ecc36f..67056ef85e4 100644 --- a/2016/6xxx/CVE-2016-6361.json +++ b/2016/6xxx/CVE-2016-6361.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6361", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Aggregated MAC Protocol Data Unit (AMPDU) implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device reload) via a crafted AMPDU header, aka Bug ID CSCuz56288." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6361", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160817 Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms AMPDU Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-aap" - }, - { - "name" : "92508", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92508" - }, - { - "name" : "1036648", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036648" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Aggregated MAC Protocol Data Unit (AMPDU) implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device reload) via a crafted AMPDU header, aka Bug ID CSCuz56288." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20160817 Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms AMPDU Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-aap" + }, + { + "name": "92508", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92508" + }, + { + "name": "1036648", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036648" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6419.json b/2016/6xxx/CVE-2016-6419.json index 0fd5ccc90c2..60c7601882f 100644 --- a/2016/6xxx/CVE-2016-6419.json +++ b/2016/6xxx/CVE-2016-6419.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6419", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur25485." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6419", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160928 Cisco Firepower Management Center SQL Injection Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fpmc" - }, - { - "name" : "93206", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93206" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur25485." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93206", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93206" + }, + { + "name": "20160928 Cisco Firepower Management Center SQL Injection Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fpmc" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6887.json b/2016/6xxx/CVE-2016-6887.json index 15830ba33ac..42d7ed2fff2 100644 --- a/2016/6xxx/CVE-2016-6887.json +++ b/2016/6xxx/CVE-2016-6887.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6887", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via a CRT attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6887", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html", - "refsource" : "MISC", - "url" : "https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html" - }, - { - "name" : "http://www.matrixssl.org/blog/releases/matrixssl_3_8_4", - "refsource" : "CONFIRM", - "url" : "http://www.matrixssl.org/blog/releases/matrixssl_3_8_4" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via a CRT attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.matrixssl.org/blog/releases/matrixssl_3_8_4", + "refsource": "CONFIRM", + "url": "http://www.matrixssl.org/blog/releases/matrixssl_3_8_4" + }, + { + "name": "https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html", + "refsource": "MISC", + "url": "https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7075.json b/2016/7xxx/CVE-2016-7075.json index b859bd66d98..f6822fb0434 100644 --- a/2016/7xxx/CVE-2016-7075.json +++ b/2016/7xxx/CVE-2016-7075.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "anemec@redhat.com", - "ID" : "CVE-2016-7075", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "OpenShift", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "version" : "3.0" - } - ], - [ - { - "vectorString" : "7.8/AV:N/AC:L/Au:N/C:N/I:C/A:N", - "version" : "2.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-295" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-7075", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OpenShift", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7075", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7075" - }, - { - "name" : "https://github.com/kubernetes/kubernetes/issues/34517", - "refsource" : "CONFIRM", - "url" : "https://github.com/kubernetes/kubernetes/issues/34517" - }, - { - "name" : "RHSA-2016:2064", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:2064" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "version": "3.0" + } + ], + [ + { + "vectorString": "7.8/AV:N/AC:L/Au:N/C:N/I:C/A:N", + "version": "2.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-295" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/kubernetes/kubernetes/issues/34517", + "refsource": "CONFIRM", + "url": "https://github.com/kubernetes/kubernetes/issues/34517" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7075", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7075" + }, + { + "name": "RHSA-2016:2064", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:2064" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7785.json b/2016/7xxx/CVE-2016-7785.json index 21e8119cccd..2ba71fee991 100644 --- a/2016/7xxx/CVE-2016-7785.json +++ b/2016/7xxx/CVE-2016-7785.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7785", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7785", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161008 ffmpeg before 3.1.4 [CVE-2016-7562] [CVE-2016-7122] [CVE-2016-7450] [CVE-2016-7502] [CVE-2016-7555] [CVE-2016-7785] [CVE-2016-7905]", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/08/1" - }, - { - "name" : "GLSA-201701-71", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-71" - }, - { - "name" : "94833", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94833" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20161008 ffmpeg before 3.1.4 [CVE-2016-7562] [CVE-2016-7122] [CVE-2016-7450] [CVE-2016-7502] [CVE-2016-7555] [CVE-2016-7785] [CVE-2016-7905]", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/08/1" + }, + { + "name": "GLSA-201701-71", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-71" + }, + { + "name": "94833", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94833" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5180.json b/2017/5xxx/CVE-2017-5180.json index 39599b85ca3..22b2b7def10 100644 --- a/2017/5xxx/CVE-2017-5180.json +++ b/2017/5xxx/CVE-2017-5180.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5180", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5180", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://openwall.com/lists/oss-security/2017/01/04/2", - "refsource" : "MISC", - "url" : "http://openwall.com/lists/oss-security/2017/01/04/2" - }, - { - "name" : "https://firejail.wordpress.com/download-2/release-notes/", - "refsource" : "MISC", - "url" : "https://firejail.wordpress.com/download-2/release-notes/" - }, - { - "name" : "GLSA-201701-62", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-62" - }, - { - "name" : "95298", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95298" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95298", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95298" + }, + { + "name": "https://firejail.wordpress.com/download-2/release-notes/", + "refsource": "MISC", + "url": "https://firejail.wordpress.com/download-2/release-notes/" + }, + { + "name": "GLSA-201701-62", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-62" + }, + { + "name": "http://openwall.com/lists/oss-security/2017/01/04/2", + "refsource": "MISC", + "url": "http://openwall.com/lists/oss-security/2017/01/04/2" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5588.json b/2017/5xxx/CVE-2017-5588.json index 7dceea4243c..990f919f40e 100644 --- a/2017/5xxx/CVE-2017-5588.json +++ b/2017/5xxx/CVE-2017-5588.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5588", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5588", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5689.json b/2017/5xxx/CVE-2017-5689.json index ab299bcfc1c..d3b2010c7b3 100644 --- a/2017/5xxx/CVE-2017-5689.json +++ b/2017/5xxx/CVE-2017-5689.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "ID" : "CVE-2017-5689", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intel Active Mangement Technology, Intel Small Business Technology, Intel Standard Manageability", - "version" : { - "version_data" : [ - { - "version_value" : "fixed in versions 6.2.61.3535, 7.1.91.3272, 8.1.71.3608, 9.1.41.3024, 10.0.55.3000, 11.0.25.3001, and 11.6.27.3264 and later" - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Escalation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "ID": "CVE-2017-5689", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intel Active Mangement Technology, Intel Small Business Technology, Intel Standard Manageability", + "version": { + "version_data": [ + { + "version_value": "fixed in versions 6.2.61.3535, 7.1.91.3272, 8.1.71.3608, 9.1.41.3024, 10.0.55.3000, 11.0.25.3001, and 11.6.27.3264 and later" + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf", - "refsource" : "MISC", - "url" : "https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf" - }, - { - "name" : "https://www.embedi.com/news/mythbusters-cve-2017-5689", - "refsource" : "MISC", - "url" : "https://www.embedi.com/news/mythbusters-cve-2017-5689" - }, - { - "name" : "https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability", - "refsource" : "MISC", - "url" : "https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability" - }, - { - "name" : "https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Guide-Rev%201.1.pdf", - "refsource" : "CONFIRM", - "url" : "https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Guide-Rev%201.1.pdf" - }, - { - "name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr", - "refsource" : "CONFIRM", - "url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr" - }, - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03754en_us", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03754en_us" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20170509-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20170509-0001/" - }, - { - "name" : "98269", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98269" - }, - { - "name" : "1038385", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038385" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability", + "refsource": "MISC", + "url": "https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability" + }, + { + "name": "https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Guide-Rev%201.1.pdf", + "refsource": "CONFIRM", + "url": "https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Guide-Rev%201.1.pdf" + }, + { + "name": "98269", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98269" + }, + { + "name": "1038385", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038385" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20170509-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20170509-0001/" + }, + { + "name": "https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf", + "refsource": "MISC", + "url": "https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf" + }, + { + "name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr", + "refsource": "CONFIRM", + "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr" + }, + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03754en_us", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03754en_us" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + }, + { + "name": "https://www.embedi.com/news/mythbusters-cve-2017-5689", + "refsource": "MISC", + "url": "https://www.embedi.com/news/mythbusters-cve-2017-5689" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5978.json b/2017/5xxx/CVE-2017-5978.json index 851a0bd432a..18f7c439db3 100644 --- a/2017/5xxx/CVE-2017-5978.json +++ b/2017/5xxx/CVE-2017-5978.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5978", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ZIP file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5978", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/02/09/zziplib-out-of-bounds-read-in-zzip_mem_entry_new-memdisk-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/02/09/zziplib-out-of-bounds-read-in-zzip_mem_entry_new-memdisk-c/" - }, - { - "name" : "DSA-3878", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3878" - }, - { - "name" : "96268", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96268" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ZIP file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96268", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96268" + }, + { + "name": "https://blogs.gentoo.org/ago/2017/02/09/zziplib-out-of-bounds-read-in-zzip_mem_entry_new-memdisk-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/02/09/zziplib-out-of-bounds-read-in-zzip_mem_entry_new-memdisk-c/" + }, + { + "name": "DSA-3878", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3878" + } + ] + } +} \ No newline at end of file