diff --git a/2006/0xxx/CVE-2006-0252.json b/2006/0xxx/CVE-2006-0252.json index 8e1e843c162..8f4e63f7ef8 100644 --- a/2006/0xxx/CVE-2006-0252.json +++ b/2006/0xxx/CVE-2006-0252.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0252", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Benders Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via multiple parameters, as demonstrated by the (1) year, (2) month, and (3) day parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0252", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060115 [eVuln] Benders Calendar SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/422052/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/30/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/30/summary.html" - }, - { - "name" : "16242", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16242" - }, - { - "name" : "ADV-2006-0190", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0190" - }, - { - "name" : "22449", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22449" - }, - { - "name" : "1015491", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015491" - }, - { - "name" : "18462", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18462" - }, - { - "name" : "benderscalendar-sql-injection(24120)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24120" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Benders Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via multiple parameters, as demonstrated by the (1) year, (2) month, and (3) day parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18462", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18462" + }, + { + "name": "20060115 [eVuln] Benders Calendar SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/422052/100/0/threaded" + }, + { + "name": "22449", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22449" + }, + { + "name": "1015491", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015491" + }, + { + "name": "ADV-2006-0190", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0190" + }, + { + "name": "16242", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16242" + }, + { + "name": "benderscalendar-sql-injection(24120)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24120" + }, + { + "name": "http://evuln.com/vulns/30/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/30/summary.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0433.json b/2006/0xxx/CVE-2006-0433.json index 7d99f5f277b..936bc5b9e47 100644 --- a/2006/0xxx/CVE-2006-0433.json +++ b/2006/0xxx/CVE-2006-0433.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0433", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Selective Acknowledgement (SACK) in FreeBSD 5.3 and 5.4 does not properly handle an incoming selective acknowledgement when there is insufficient memory, which might allow remote attackers to cause a denial of service (infinite loop)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secteam@freebsd.org", + "ID": "CVE-2006-0433", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FreeBSD-SA-06:08", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:08.sack.asc" - }, - { - "name" : "16466", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16466" - }, - { - "name" : "ADV-2006-0409", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0409" - }, - { - "name" : "22861", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22861" - }, - { - "name" : "1015566", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015566" - }, - { - "name" : "18696", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18696" - }, - { - "name" : "399", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/399" - }, - { - "name" : "bsd-sack-handling-dos(24453)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24453" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Selective Acknowledgement (SACK) in FreeBSD 5.3 and 5.4 does not properly handle an incoming selective acknowledgement when there is insufficient memory, which might allow remote attackers to cause a denial of service (infinite loop)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0409", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0409" + }, + { + "name": "FreeBSD-SA-06:08", + "refsource": "FREEBSD", + "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:08.sack.asc" + }, + { + "name": "22861", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22861" + }, + { + "name": "16466", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16466" + }, + { + "name": "1015566", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015566" + }, + { + "name": "399", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/399" + }, + { + "name": "bsd-sack-handling-dos(24453)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24453" + }, + { + "name": "18696", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18696" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0775.json b/2006/0xxx/CVE-2006-0775.json index 0f9eed33477..20c0e391fbb 100644 --- a/2006/0xxx/CVE-2006-0775.json +++ b/2006/0xxx/CVE-2006-0775.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0775", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in show.php in BirthSys 3.1 allow remote attackers to execute arbitrary SQL commands via the $month variable. NOTE: a vector regarding the $date parameter and data.php (date.php) was originally reported, but this appears to be in error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0775", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.evuln.com/vulns/74/summary.html", - "refsource" : "MISC", - "url" : "http://www.evuln.com/vulns/74/summary.html" - }, - { - "name" : "20060215 EV0074 BirthSys 3.1 SQL injection (fwd)", - "refsource" : "VIM", - "url" : "http://attrition.org/pipermail/vim/2006-February/000549.html" - }, - { - "name" : "16684", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16684" - }, - { - "name" : "ADV-2006-0621", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0621" - }, - { - "name" : "23185", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23185" - }, - { - "name" : "18893", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18893" - }, - { - "name" : "467", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/467" - }, - { - "name" : "birthsys-show-date-sql-injection(24617)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24617" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in show.php in BirthSys 3.1 allow remote attackers to execute arbitrary SQL commands via the $month variable. NOTE: a vector regarding the $date parameter and data.php (date.php) was originally reported, but this appears to be in error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23185", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23185" + }, + { + "name": "ADV-2006-0621", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0621" + }, + { + "name": "birthsys-show-date-sql-injection(24617)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24617" + }, + { + "name": "467", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/467" + }, + { + "name": "20060215 EV0074 BirthSys 3.1 SQL injection (fwd)", + "refsource": "VIM", + "url": "http://attrition.org/pipermail/vim/2006-February/000549.html" + }, + { + "name": "http://www.evuln.com/vulns/74/summary.html", + "refsource": "MISC", + "url": "http://www.evuln.com/vulns/74/summary.html" + }, + { + "name": "18893", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18893" + }, + { + "name": "16684", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16684" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0952.json b/2006/0xxx/CVE-2006-0952.json index d50c0408a81..ed6c1dce21c 100644 --- a/2006/0xxx/CVE-2006-0952.json +++ b/2006/0xxx/CVE-2006-0952.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0952", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0952", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1490.json b/2006/1xxx/CVE-2006-1490.json index 14858596889..8c6bc481ed6 100644 --- a/2006/1xxx/CVE-2006-1490.json +++ b/2006/1xxx/CVE-2006-1490.json @@ -1,217 +1,217 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1490", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a \"binary safety\" issue. NOTE: this issue has been referred to as a \"memory leak,\" but it is an information leak that discloses memory contents." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-1490", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060328 Critical PHP bug - act ASAP if you are running web with sensitive data", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/429164/100/0/threaded" - }, - { - "name" : "20060328 Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/429162/100/0/threaded" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=127939", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=127939" - }, - { - "name" : "http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?r1=1.112&r2=1.113", - "refsource" : "MISC", - "url" : "http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?r1=1.112&r2=1.113" - }, - { - "name" : "http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?view=log", - "refsource" : "MISC", - "url" : "http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?view=log" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=304829", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=304829" - }, - { - "name" : "APPLE-SA-2006-11-28", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html" - }, - { - "name" : "GLSA-200605-08", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200605-08.xml" - }, - { - "name" : "MDKSA-2006:063", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:063" - }, - { - "name" : "RHSA-2006:0276", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2006-0276.html" - }, - { - "name" : "20060501-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc" - }, - { - "name" : "SUSE-SA:2006:024", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/05-05-2006.html" - }, - { - "name" : "2006-0020", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2006/0020" - }, - { - "name" : "USN-320-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-320-1" - }, - { - "name" : "TA06-333A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-333A.html" - }, - { - "name" : "17296", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17296" - }, - { - "name" : "oval:org.mitre.oval:def:11084", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11084" - }, - { - "name" : "ADV-2006-1149", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1149" - }, - { - "name" : "ADV-2006-2685", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2685" - }, - { - "name" : "ADV-2006-4750", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4750" - }, - { - "name" : "19383", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19383" - }, - { - "name" : "19499", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19499" - }, - { - "name" : "19570", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19570" - }, - { - "name" : "19832", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19832" - }, - { - "name" : "20951", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20951" - }, - { - "name" : "23155", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23155" - }, - { - "name" : "19979", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19979" - }, - { - "name" : "20052", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20052" - }, - { - "name" : "20210", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20210" - }, - { - "name" : "21125", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21125" - }, - { - "name" : "php-htmlentitydecode-information-disclosure(25508)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25508" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a \"binary safety\" issue. NOTE: this issue has been referred to as a \"memory leak,\" but it is an information leak that discloses memory contents." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDKSA-2006:063", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:063" + }, + { + "name": "oval:org.mitre.oval:def:11084", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11084" + }, + { + "name": "ADV-2006-4750", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4750" + }, + { + "name": "20060328 Critical PHP bug - act ASAP if you are running web with sensitive data", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/429164/100/0/threaded" + }, + { + "name": "19499", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19499" + }, + { + "name": "17296", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17296" + }, + { + "name": "20210", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20210" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=304829", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=304829" + }, + { + "name": "http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?r1=1.112&r2=1.113", + "refsource": "MISC", + "url": "http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?r1=1.112&r2=1.113" + }, + { + "name": "RHSA-2006:0276", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2006-0276.html" + }, + { + "name": "GLSA-200605-08", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200605-08.xml" + }, + { + "name": "19570", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19570" + }, + { + "name": "http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?view=log", + "refsource": "MISC", + "url": "http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?view=log" + }, + { + "name": "php-htmlentitydecode-information-disclosure(25508)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25508" + }, + { + "name": "19383", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19383" + }, + { + "name": "USN-320-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-320-1" + }, + { + "name": "23155", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23155" + }, + { + "name": "19979", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19979" + }, + { + "name": "20951", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20951" + }, + { + "name": "21125", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21125" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm" + }, + { + "name": "20060328 Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/429162/100/0/threaded" + }, + { + "name": "19832", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19832" + }, + { + "name": "20060501-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc" + }, + { + "name": "APPLE-SA-2006-11-28", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html" + }, + { + "name": "TA06-333A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=127939", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=127939" + }, + { + "name": "20052", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20052" + }, + { + "name": "2006-0020", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2006/0020" + }, + { + "name": "ADV-2006-2685", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2685" + }, + { + "name": "SUSE-SA:2006:024", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/05-05-2006.html" + }, + { + "name": "ADV-2006-1149", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1149" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1895.json b/2006/1xxx/CVE-2006-1895.json index 8c5009e1da0..89ba813504d 100644 --- a/2006/1xxx/CVE-2006-1895.json +++ b/2006/1xxx/CVE-2006-1895.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1895", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that (1) bypasses a loose \".*\" regular expression to match BEGIN and END statements in overall_header.tpl, or (2) is used in an eval statement by includes/bbcode.php for bbcode.tpl." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1895", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060414 phpBB template file code execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431017/100/0/threaded" - }, - { - "name" : "17573", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17573" - }, - { - "name" : "769", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/769" - }, - { - "name" : "phpbb-template-code-execution(25888)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25888" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that (1) bypasses a loose \".*\" regular expression to match BEGIN and END statements in overall_header.tpl, or (2) is used in an eval statement by includes/bbcode.php for bbcode.tpl." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060414 phpBB template file code execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431017/100/0/threaded" + }, + { + "name": "17573", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17573" + }, + { + "name": "769", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/769" + }, + { + "name": "phpbb-template-code-execution(25888)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25888" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1988.json b/2006/1xxx/CVE-2006-1988.json index d7cc39fdb6e..192b60e0a1d 100644 --- a/2006/1xxx/CVE-2006-1988.json +++ b/2006/1xxx/CVE-2006-1988.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1988", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry: function in Apple Safari 2.0.3 allows remote attackers to cause a denial of service (application crash) via an HTML LI tag with a large VALUE attribute (list item number), which triggers a null dereference in QPainter::drawText, probably due to a failed memory allocation that uses the VALUE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1988", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.security-protocols.com/sp-x26-advisory.php", - "refsource" : "MISC", - "url" : "http://www.security-protocols.com/sp-x26-advisory.php" - }, - { - "name" : "http://security-protocols.com/poc/sp-x26-2.html", - "refsource" : "MISC", - "url" : "http://security-protocols.com/poc/sp-x26-2.html" - }, - { - "name" : "17634", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17634" - }, - { - "name" : "ADV-2006-1452", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1452" - }, - { - "name" : "24823", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24823" - }, - { - "name" : "19686", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19686" - }, - { - "name" : "macosx-safari-dos(25946)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25946" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry: function in Apple Safari 2.0.3 allows remote attackers to cause a denial of service (application crash) via an HTML LI tag with a large VALUE attribute (list item number), which triggers a null dereference in QPainter::drawText, probably due to a failed memory allocation that uses the VALUE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.security-protocols.com/sp-x26-advisory.php", + "refsource": "MISC", + "url": "http://www.security-protocols.com/sp-x26-advisory.php" + }, + { + "name": "macosx-safari-dos(25946)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25946" + }, + { + "name": "ADV-2006-1452", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1452" + }, + { + "name": "http://security-protocols.com/poc/sp-x26-2.html", + "refsource": "MISC", + "url": "http://security-protocols.com/poc/sp-x26-2.html" + }, + { + "name": "17634", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17634" + }, + { + "name": "24823", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24823" + }, + { + "name": "19686", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19686" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3498.json b/2006/3xxx/CVE-2006-3498.json index d2aea6bd125..85aede72328 100644 --- a/2006/3xxx/CVE-2006-3498.json +++ b/2006/3xxx/CVE-2006-3498.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3498", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in bootpd in the DHCP component for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to execute arbitrary code via a crafted BOOTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3498", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2006-08-01", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html" - }, - { - "name" : "TA06-214A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-214A.html" - }, - { - "name" : "VU#776628", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/776628" - }, - { - "name" : "19289", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19289" - }, - { - "name" : "ADV-2006-3101", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3101" - }, - { - "name" : "27736", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27736" - }, - { - "name" : "21253", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21253" - }, - { - "name" : "macosx-bootp-bo(28139)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28139" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in bootpd in the DHCP component for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to execute arbitrary code via a crafted BOOTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2006-08-01", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html" + }, + { + "name": "macosx-bootp-bo(28139)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28139" + }, + { + "name": "27736", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27736" + }, + { + "name": "ADV-2006-3101", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3101" + }, + { + "name": "21253", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21253" + }, + { + "name": "19289", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19289" + }, + { + "name": "TA06-214A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html" + }, + { + "name": "VU#776628", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/776628" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3704.json b/2006/3xxx/CVE-2006-3704.json index a84fe6ee2aa..8b853d752f2 100644 --- a/2006/3xxx/CVE-2006-3704.json +++ b/2006/3xxx/CVE-2006-3704.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3704", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle ODBC Driver for Oracle Database 10.1.0.4 has unknown impact and attack vectors, aka Oracle Vuln# 10.1.0.4." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3704", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html" - }, - { - "name" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded" - }, - { - "name" : "TA06-200A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-200A.html" - }, - { - "name" : "19054", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19054" - }, - { - "name" : "ADV-2006-2863", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2863" - }, - { - "name" : "ADV-2006-2947", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2947" - }, - { - "name" : "1016529", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016529" - }, - { - "name" : "21111", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21111" - }, - { - "name" : "21165", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21165" - }, - { - "name" : "oracle-cpu-july-2006(27897)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle ODBC Driver for Oracle Database 10.1.0.4 has unknown impact and attack vectors, aka Oracle Vuln# 10.1.0.4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016529", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016529" + }, + { + "name": "19054", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19054" + }, + { + "name": "oracle-cpu-july-2006(27897)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897" + }, + { + "name": "21165", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21165" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded" + }, + { + "name": "ADV-2006-2947", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2947" + }, + { + "name": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded" + }, + { + "name": "TA06-200A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-200A.html" + }, + { + "name": "21111", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21111" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html" + }, + { + "name": "ADV-2006-2863", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2863" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3866.json b/2006/3xxx/CVE-2006-3866.json index d7bd6788c66..74bef2d870f 100644 --- a/2006/3xxx/CVE-2006-3866.json +++ b/2006/3xxx/CVE-2006-3866.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3866", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-4868. Reason: This candidate is a duplicate of CVE-2006-4868. Notes: All CVE users should reference CVE-2006-4868 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-3866", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-4868. Reason: This candidate is a duplicate of CVE-2006-4868. Notes: All CVE users should reference CVE-2006-4868 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4418.json b/2006/4xxx/CVE-2006-4418.json index f530c45816a..b2dba6aa218 100644 --- a/2006/4xxx/CVE-2006-4418.json +++ b/2006/4xxx/CVE-2006-4418.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4418", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php for Wikepage 2006.2a Opus 10 allows remote attackers to include arbitrary local files via the lng parameter, as demonstrated by inserting PHP code into a log file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4418", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2252", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2252" - }, - { - "name" : "19694", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19694" - }, - { - "name" : "ADV-2006-3386", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3386" - }, - { - "name" : "28177", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28177" - }, - { - "name" : "21542", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21542" - }, - { - "name" : "wikepage-index-file-include(28555)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28555" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php for Wikepage 2006.2a Opus 10 allows remote attackers to include arbitrary local files via the lng parameter, as demonstrated by inserting PHP code into a log file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "wikepage-index-file-include(28555)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28555" + }, + { + "name": "2252", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2252" + }, + { + "name": "28177", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28177" + }, + { + "name": "21542", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21542" + }, + { + "name": "ADV-2006-3386", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3386" + }, + { + "name": "19694", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19694" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4460.json b/2006/4xxx/CVE-2006-4460.json index dd8ae742c7b..48f0f43e598 100644 --- a/2006/4xxx/CVE-2006-4460.json +++ b/2006/4xxx/CVE-2006-4460.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4460", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in PHP iAddressBook before 0.96 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4460", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://wacha.ch/wiki/addressbook:changelog", - "refsource" : "CONFIRM", - "url" : "http://wacha.ch/wiki/addressbook:changelog" - }, - { - "name" : "19845", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19845" - }, - { - "name" : "21730", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21730" - }, - { - "name" : "phpiaddressbook-unspecified-xss(28723)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28723" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in PHP iAddressBook before 0.96 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://wacha.ch/wiki/addressbook:changelog", + "refsource": "CONFIRM", + "url": "http://wacha.ch/wiki/addressbook:changelog" + }, + { + "name": "21730", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21730" + }, + { + "name": "phpiaddressbook-unspecified-xss(28723)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28723" + }, + { + "name": "19845", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19845" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4668.json b/2006/4xxx/CVE-2006-4668.json index 1b204a41d59..aa8ac57bc52 100644 --- a/2006/4xxx/CVE-2006-4668.json +++ b/2006/4xxx/CVE-2006-4668.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4668", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Rob Hensley AckerTodo 4.0 allows remote attackers to inject arbitrary web script or HTML via the task_id parameter in an edit_task command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4668", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060907 XSS in AckerTodo v4.0", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445465/100/0/threaded" - }, - { - "name" : "20060926 Re: XSS in AckerTodo v4.0", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447071/100/100/threaded" - }, - { - "name" : "19894", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19894" - }, - { - "name" : "ADV-2006-3517", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3517" - }, - { - "name" : "28611", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28611" - }, - { - "name" : "21810", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21810" - }, - { - "name" : "1531", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1531" - }, - { - "name" : "ackertodo-index-xss(28810)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28810" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Rob Hensley AckerTodo 4.0 allows remote attackers to inject arbitrary web script or HTML via the task_id parameter in an edit_task command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1531", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1531" + }, + { + "name": "ADV-2006-3517", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3517" + }, + { + "name": "21810", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21810" + }, + { + "name": "20060907 XSS in AckerTodo v4.0", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445465/100/0/threaded" + }, + { + "name": "ackertodo-index-xss(28810)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28810" + }, + { + "name": "20060926 Re: XSS in AckerTodo v4.0", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447071/100/100/threaded" + }, + { + "name": "28611", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28611" + }, + { + "name": "19894", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19894" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4912.json b/2006/4xxx/CVE-2006-4912.json index e4abfec69fd..8e7365df714 100644 --- a/2006/4xxx/CVE-2006-4912.json +++ b/2006/4xxx/CVE-2006-4912.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4912", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in PHP DocWriter 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4912", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2373", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2373" - }, - { - "name" : "20041", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20041" - }, - { - "name" : "ADV-2006-3641", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3641" - }, - { - "name" : "phpdocwriter-index-file-include(28989)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28989" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in PHP DocWriter 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3641", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3641" + }, + { + "name": "20041", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20041" + }, + { + "name": "phpdocwriter-index-file-include(28989)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28989" + }, + { + "name": "2373", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2373" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2387.json b/2010/2xxx/CVE-2010-2387.json index ecb777022a5..f4aee8ddaaa 100644 --- a/2010/2xxx/CVE-2010-2387.json +++ b/2010/2xxx/CVE-2010-2387.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2387", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-2387", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes", - "refsource" : "CONFIRM", - "url" : "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes" - }, - { - "name" : "https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure", - "refsource" : "CONFIRM", - "url" : "https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure" - }, - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=571846", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=571846" - }, - { - "name" : "ASB-2010.0184", - "refsource" : "AUSCERT", - "url" : "http://www.auscert.org.au/13123" - }, - { - "name" : "66643", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/66643" - }, - { - "name" : "40690", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40690" - }, - { - "name" : "40780", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40780" - }, - { - "name" : "solaris-gdm-information-disclosure(60642)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60642" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=571846", + "refsource": "CONFIRM", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=571846" + }, + { + "name": "ASB-2010.0184", + "refsource": "AUSCERT", + "url": "http://www.auscert.org.au/13123" + }, + { + "name": "https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure", + "refsource": "CONFIRM", + "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure" + }, + { + "name": "40690", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40690" + }, + { + "name": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes", + "refsource": "CONFIRM", + "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes" + }, + { + "name": "solaris-gdm-information-disclosure(60642)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60642" + }, + { + "name": "40780", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40780" + }, + { + "name": "66643", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/66643" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2452.json b/2010/2xxx/CVE-2010-2452.json index f490881361e..dcb90d3d020 100644 --- a/2010/2xxx/CVE-2010-2452.json +++ b/2010/2xxx/CVE-2010-2452.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2452", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the DCC functionality in KVIrc 3.4 and 4.0 allows remote attackers to overwrite arbitrary files via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2452", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[KVIrc] 20100517 Proposal for a stable release of kvirc4", - "refsource" : "MLIST", - "url" : "http://lists.omnikron.net/pipermail/kvirc/2010-May/000867.html" - }, - { - "name" : "DSA-2065", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2065" - }, - { - "name" : "FEDORA-2010-10522", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043601.html" - }, - { - "name" : "FEDORA-2010-10529", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043629.html" - }, - { - "name" : "SUSE-SR:2010:014", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" - }, - { - "name" : "40746", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40746" - }, - { - "name" : "40349", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40349" - }, - { - "name" : "32410", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32410" - }, - { - "name" : "ADV-2010-1602", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1602" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the DCC functionality in KVIrc 3.4 and 4.0 allows remote attackers to overwrite arbitrary files via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2010-10522", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043601.html" + }, + { + "name": "[KVIrc] 20100517 Proposal for a stable release of kvirc4", + "refsource": "MLIST", + "url": "http://lists.omnikron.net/pipermail/kvirc/2010-May/000867.html" + }, + { + "name": "40746", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40746" + }, + { + "name": "ADV-2010-1602", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1602" + }, + { + "name": "FEDORA-2010-10529", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043629.html" + }, + { + "name": "DSA-2065", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2065" + }, + { + "name": "40349", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40349" + }, + { + "name": "SUSE-SR:2010:014", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" + }, + { + "name": "32410", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32410" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2598.json b/2010/2xxx/CVE-2010-2598.json index 7276c3e0e52..fa95e704f7c 100644 --- a/2010/2xxx/CVE-2010-2598.json +++ b/2010/2xxx/CVE-2010-2598.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2598", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to \"downsampled OJPEG input.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2598", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=583081", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=583081" - }, - { - "name" : "RHSA-2010:0520", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0520.html" - }, - { - "name" : "40536", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40536" - }, - { - "name" : "ADV-2010-1761", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1761" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to \"downsampled OJPEG input.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-1761", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1761" + }, + { + "name": "RHSA-2010:0520", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0520.html" + }, + { + "name": "40536", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40536" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=583081", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=583081" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2986.json b/2010/2xxx/CVE-2010-2986.json index bc540a29e85..a51eb16f9b2 100644 --- a/2010/2xxx/CVE-2010-2986.json +++ b/2010/2xxx/CVE-2010-2986.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2986", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in webacs/QuickSearchAction.do in the search feature in the web interface in Cisco Wireless Control System (WCS) before 6.0(194.0) and 7.x before 7.0.164 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, aka Bug ID CSCtf14288." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2986", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100804 Cisco Wireless Control System XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/512878/100/0/threaded" - }, - { - "name" : "http://www.tomneaves.com/Cisco_Wireless_Control_System_XSS.txt", - "refsource" : "MISC", - "url" : "http://www.tomneaves.com/Cisco_Wireless_Control_System_XSS.txt" - }, - { - "name" : "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html" - }, - { - "name" : "42216", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42216" - }, - { - "name" : "40827", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40827" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in webacs/QuickSearchAction.do in the search feature in the web interface in Cisco Wireless Control System (WCS) before 6.0(194.0) and 7.x before 7.0.164 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, aka Bug ID CSCtf14288." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42216", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42216" + }, + { + "name": "http://www.tomneaves.com/Cisco_Wireless_Control_System_XSS.txt", + "refsource": "MISC", + "url": "http://www.tomneaves.com/Cisco_Wireless_Control_System_XSS.txt" + }, + { + "name": "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html" + }, + { + "name": "20100804 Cisco Wireless Control System XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/512878/100/0/threaded" + }, + { + "name": "40827", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40827" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3014.json b/2010/3xxx/CVE-2010-3014.json index 7a294b0cb55..87c31369ee6 100644 --- a/2010/3xxx/CVE-2010-3014.json +++ b/2010/3xxx/CVE-2010-3014.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3014", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Coda filesystem kernel module, as used in NetBSD and FreeBSD, when Coda is loaded and Venus is running with /coda mounted, allows local users to read sensitive heap memory via a large out_size value in a ViceIoctl struct to a Coda ioctl, which triggers a buffer over-read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3014", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100816 CVE-2010-3014: Coda Filesystem Kernel Memory Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/513151/100/0/threaded" - }, - { - "name" : "http://www.vsecurity.com/resources/advisory/20100816-1/", - "refsource" : "MISC", - "url" : "http://www.vsecurity.com/resources/advisory/20100816-1/" - }, - { - "name" : "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/coda/coda.h.diff?r1=1.15&r2=1.16&only_with_tag=MAIN", - "refsource" : "CONFIRM", - "url" : "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/coda/coda.h.diff?r1=1.15&r2=1.16&only_with_tag=MAIN" - }, - { - "name" : "http://svn.freebsd.org/viewvc/base?view=revision&revision=210997", - "refsource" : "CONFIRM", - "url" : "http://svn.freebsd.org/viewvc/base?view=revision&revision=210997" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Coda filesystem kernel module, as used in NetBSD and FreeBSD, when Coda is loaded and Venus is running with /coda mounted, allows local users to read sensitive heap memory via a large out_size value in a ViceIoctl struct to a Coda ioctl, which triggers a buffer over-read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/coda/coda.h.diff?r1=1.15&r2=1.16&only_with_tag=MAIN", + "refsource": "CONFIRM", + "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/coda/coda.h.diff?r1=1.15&r2=1.16&only_with_tag=MAIN" + }, + { + "name": "http://www.vsecurity.com/resources/advisory/20100816-1/", + "refsource": "MISC", + "url": "http://www.vsecurity.com/resources/advisory/20100816-1/" + }, + { + "name": "http://svn.freebsd.org/viewvc/base?view=revision&revision=210997", + "refsource": "CONFIRM", + "url": "http://svn.freebsd.org/viewvc/base?view=revision&revision=210997" + }, + { + "name": "20100816 CVE-2010-3014: Coda Filesystem Kernel Memory Disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/513151/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3915.json b/2010/3xxx/CVE-2010-3915.json index 1d99b038196..64d2aaeb790 100644 --- a/2010/3xxx/CVE-2010-3915.json +++ b/2010/3xxx/CVE-2010-3915.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3915", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Government allows remote attackers to execute arbitrary code via a crafted document, a different vulnerability than CVE-2010-3916." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2010-3915", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ipa.go.jp/about/press/20101104_2.html", - "refsource" : "MISC", - "url" : "http://www.ipa.go.jp/about/press/20101104_2.html" - }, - { - "name" : "http://www.symantec.com/connect/blogs/new-ichitaro-vulnerability-confirmed", - "refsource" : "MISC", - "url" : "http://www.symantec.com/connect/blogs/new-ichitaro-vulnerability-confirmed" - }, - { - "name" : "http://www.justsystems.com/jp/info/js10003.html", - "refsource" : "CONFIRM", - "url" : "http://www.justsystems.com/jp/info/js10003.html" - }, - { - "name" : "JVN#19173793", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN19173793/index.html" - }, - { - "name" : "JVNDB-2010-000052", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000052.html" - }, - { - "name" : "44637", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44637" - }, - { - "name" : "69020", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/69020" - }, - { - "name" : "42099", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42099" - }, - { - "name" : "ADV-2010-2885", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2885" - }, - { - "name" : "ichitaro-unspecified-code-exec(62997)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62997" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Government allows remote attackers to execute arbitrary code via a crafted document, a different vulnerability than CVE-2010-3916." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2010-000052", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000052.html" + }, + { + "name": "42099", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42099" + }, + { + "name": "http://www.ipa.go.jp/about/press/20101104_2.html", + "refsource": "MISC", + "url": "http://www.ipa.go.jp/about/press/20101104_2.html" + }, + { + "name": "JVN#19173793", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN19173793/index.html" + }, + { + "name": "44637", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44637" + }, + { + "name": "ichitaro-unspecified-code-exec(62997)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62997" + }, + { + "name": "http://www.symantec.com/connect/blogs/new-ichitaro-vulnerability-confirmed", + "refsource": "MISC", + "url": "http://www.symantec.com/connect/blogs/new-ichitaro-vulnerability-confirmed" + }, + { + "name": "69020", + "refsource": "OSVDB", + "url": "http://osvdb.org/69020" + }, + { + "name": "http://www.justsystems.com/jp/info/js10003.html", + "refsource": "CONFIRM", + "url": "http://www.justsystems.com/jp/info/js10003.html" + }, + { + "name": "ADV-2010-2885", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2885" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3948.json b/2010/3xxx/CVE-2010-3948.json index c007a78a148..22711bce44a 100644 --- a/2010/3xxx/CVE-2010-3948.json +++ b/2010/3xxx/CVE-2010-3948.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3948", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-3948", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4341.json b/2010/4xxx/CVE-2010-4341.json index 0286fe54647..65ffe28d321 100644 --- a/2010/4xxx/CVE-2010-4341.json +++ b/2010/4xxx/CVE-2010-4341.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4341", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service (infinite loop, crash, and login prevention) via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-4341", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=661163", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=661163" - }, - { - "name" : "FEDORA-2011-0337", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053319.html" - }, - { - "name" : "FEDORA-2011-0364", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053337.html" - }, - { - "name" : "RHSA-2011:0560", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0560.html" - }, - { - "name" : "RHSA-2011:0975", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0975.html" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "45961", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45961" - }, - { - "name" : "43053", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43053" - }, - { - "name" : "43055", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43055" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2011-0197", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0197" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - }, - { - "name" : "sssd-pamparseindatav2-dos(64881)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64881" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service (infinite loop, crash, and login prevention) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "45961", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45961" + }, + { + "name": "43055", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43055" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=661163", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=661163" + }, + { + "name": "FEDORA-2011-0364", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053337.html" + }, + { + "name": "sssd-pamparseindatav2-dos(64881)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64881" + }, + { + "name": "RHSA-2011:0560", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0560.html" + }, + { + "name": "FEDORA-2011-0337", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053319.html" + }, + { + "name": "ADV-2011-0197", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0197" + }, + { + "name": "RHSA-2011:0975", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0975.html" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "43053", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43053" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4675.json b/2010/4xxx/CVE-2010-4675.json index 0b5f91274a7..12ac6393cf8 100644 --- a/2010/4xxx/CVE-2010-4675.json +++ b/2010/4xxx/CVE-2010-4675.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4675", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly determine the interfaces for which TELNET connections should be permitted, which allows remote authenticated users to bypass intended access restrictions via vectors involving the \"lowest security level interface,\" aka Bug ID CSCsv40504." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4675", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf" - }, - { - "name" : "45767", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45767" - }, - { - "name" : "1024963", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024963" - }, - { - "name" : "42931", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42931" - }, - { - "name" : "asa-telnet-security-bypass(64601)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64601" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly determine the interfaces for which TELNET connections should be permitted, which allows remote authenticated users to bypass intended access restrictions via vectors involving the \"lowest security level interface,\" aka Bug ID CSCsv40504." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024963", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024963" + }, + { + "name": "http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf" + }, + { + "name": "asa-telnet-security-bypass(64601)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64601" + }, + { + "name": "45767", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45767" + }, + { + "name": "42931", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42931" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4686.json b/2010/4xxx/CVE-2010-4686.json index e6adf1e39c8..7531acbeea0 100644 --- a/2010/4xxx/CVE-2010-4686.json +++ b/2010/4xxx/CVE-2010-4686.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4686", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not properly handle SIP TRUNK traffic that contains rate bursts and a \"peculiar\" request size, which allows remote attackers to cause a denial of service (memory consumption) by sending this traffic over a long duration, aka Bug ID CSCtb47950." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4686", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf" - }, - { - "name" : "45769", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45769" - }, - { - "name" : "ciscoios-siptrunk-dos(64585)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64585" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not properly handle SIP TRUNK traffic that contains rate bursts and a \"peculiar\" request size, which allows remote attackers to cause a denial of service (memory consumption) by sending this traffic over a long duration, aka Bug ID CSCtb47950." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ciscoios-siptrunk-dos(64585)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64585" + }, + { + "name": "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf" + }, + { + "name": "45769", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45769" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1103.json b/2011/1xxx/CVE-2011-1103.json index af8d160bdcb..245c982e555 100644 --- a/2011/1xxx/CVE-2011-1103.json +++ b/2011/1xxx/CVE-2011-1103.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1103", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The WebReporting module in F-Secure Policy Manager 7.x, 8.00 before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux, allows remote attackers to obtain sensitive information via a request to an invalid report, which reveals the installation path in an error message, as demonstrated with requests to (1) report/infection-table.html or (2) report/productsummary-table.html." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1103", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2011-2.html", - "refsource" : "CONFIRM", - "url" : "http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2011-2.html" - }, - { - "name" : "1025124", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025124" - }, - { - "name" : "43049", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43049" - }, - { - "name" : "ADV-2011-0509", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0509" - }, - { - "name" : "fsecure-webreporting-path-disclosure(65664)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65664" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WebReporting module in F-Secure Policy Manager 7.x, 8.00 before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux, allows remote attackers to obtain sensitive information via a request to an invalid report, which reveals the installation path in an error message, as demonstrated with requests to (1) report/infection-table.html or (2) report/productsummary-table.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43049", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43049" + }, + { + "name": "ADV-2011-0509", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0509" + }, + { + "name": "fsecure-webreporting-path-disclosure(65664)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65664" + }, + { + "name": "http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2011-2.html", + "refsource": "CONFIRM", + "url": "http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2011-2.html" + }, + { + "name": "1025124", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025124" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1687.json b/2011/1xxx/CVE-2011-1687.json index a13fc046f7d..a660386616b 100644 --- a/2011/1xxx/CVE-2011-1687.json +++ b/2011/1xxx/CVE-2011-1687.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1687", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Best Practical Solutions RT 3.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote authenticated users to obtain sensitive information by using the search interface, as demonstrated by retrieving encrypted passwords." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1687", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[rt-announce] 20110414 RT 3.6.11 Released - Security Release", - "refsource" : "MLIST", - "url" : "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html" - }, - { - "name" : "[rt-announce] 20110414 RT 3.8.10 Released - Security Release", - "refsource" : "MLIST", - "url" : "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html" - }, - { - "name" : "[rt-announce] 20110414 Security vulnerabilities in RT", - "refsource" : "MLIST", - "url" : "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html" - }, - { - "name" : "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html", - "refsource" : "CONFIRM", - "url" : "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=696795", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=696795" - }, - { - "name" : "DSA-2220", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2220" - }, - { - "name" : "47383", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47383" - }, - { - "name" : "44189", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44189" - }, - { - "name" : "ADV-2011-1071", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/1071" - }, - { - "name" : "rt-search-interface-info-disclosure(66793)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Best Practical Solutions RT 3.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote authenticated users to obtain sensitive information by using the search interface, as demonstrated by retrieving encrypted passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-1071", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/1071" + }, + { + "name": "[rt-announce] 20110414 RT 3.8.10 Released - Security Release", + "refsource": "MLIST", + "url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=696795", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=696795" + }, + { + "name": "rt-search-interface-info-disclosure(66793)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66793" + }, + { + "name": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html", + "refsource": "CONFIRM", + "url": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html" + }, + { + "name": "47383", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47383" + }, + { + "name": "[rt-announce] 20110414 Security vulnerabilities in RT", + "refsource": "MLIST", + "url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html" + }, + { + "name": "[rt-announce] 20110414 RT 3.6.11 Released - Security Release", + "refsource": "MLIST", + "url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html" + }, + { + "name": "DSA-2220", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2220" + }, + { + "name": "44189", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44189" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1821.json b/2011/1xxx/CVE-2011-1821.json index 98e397906d5..1ea167a0181 100644 --- a/2011/1xxx/CVE-2011-1821.json +++ b/2011/1xxx/CVE-2011-1821.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1821", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010 on Windows allows remote authenticated users to cause a denial of service (daemon hang) via a cn=changelog search." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1821", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg24029663", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg24029663" - }, - { - "name" : "IO13000", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg1IO13000" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010 on Windows allows remote authenticated users to cause a denial of service (daemon hang) via a cn=changelog search." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IO13000", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=swg1IO13000" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg24029663", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg24029663" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5263.json b/2011/5xxx/CVE-2011-5263.json index abae3020ce5..167ebccd0a4 100644 --- a/2011/5xxx/CVE-2011-5263.json +++ b/2011/5xxx/CVE-2011-5263.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5263", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5263", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111117 [DSECRG-11-030] SAP NetWeaver JavaMailExamples - XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/520551/100/0/threaded" - }, - { - "name" : "http://dsecrg.com/pages/vul/show.php?id=330", - "refsource" : "MISC", - "url" : "http://dsecrg.com/pages/vul/show.php?id=330" - }, - { - "name" : "http://www.sdn.sap.com/irj/scn/index?rid=/webcontent/uuid/50316177-762d-2f10-0993-a2206cc349b4", - "refsource" : "CONFIRM", - "url" : "http://www.sdn.sap.com/irj/scn/index?rid=/webcontent/uuid/50316177-762d-2f10-0993-a2206cc349b4" - }, - { - "name" : "49266", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49266/info" - }, - { - "name" : "45708", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45708" - }, - { - "name" : "20110819netweaver-server-xss(69331)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69331" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45708", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45708" + }, + { + "name": "49266", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49266/info" + }, + { + "name": "20110819netweaver-server-xss(69331)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69331" + }, + { + "name": "http://dsecrg.com/pages/vul/show.php?id=330", + "refsource": "MISC", + "url": "http://dsecrg.com/pages/vul/show.php?id=330" + }, + { + "name": "20111117 [DSECRG-11-030] SAP NetWeaver JavaMailExamples - XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/520551/100/0/threaded" + }, + { + "name": "http://www.sdn.sap.com/irj/scn/index?rid=/webcontent/uuid/50316177-762d-2f10-0993-a2206cc349b4", + "refsource": "CONFIRM", + "url": "http://www.sdn.sap.com/irj/scn/index?rid=/webcontent/uuid/50316177-762d-2f10-0993-a2206cc349b4" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5267.json b/2011/5xxx/CVE-2011-5267.json index 64c793285ca..62f3e26bd3a 100644 --- a/2011/5xxx/CVE-2011-5267.json +++ b/2011/5xxx/CVE-2011-5267.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5267", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in spell-check-savedicts.php in the SpellChecker module in Xinha, as used in WikiWig 5.01 and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) to_p_dict or (2) to_r_list parameter. NOTE: this issue might be related to the htmlarea plugin and CVE-2013-5670." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5267", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "16988", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/16988" - }, - { - "name" : "[oss-security] 20130901 CVE request: serendipity before 1.7.3 XSS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/09/01/1" - }, - { - "name" : "[oss-security] 20130901 Re: CVE request: serendipity before 1.7.3 XSS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/09/01/3" - }, - { - "name" : "http://www.autosectools.com/Advisories/WikiWig.5.01_Persistent-Reflected.Cross-site.Scripting_139.html", - "refsource" : "MISC", - "url" : "http://www.autosectools.com/Advisories/WikiWig.5.01_Persistent-Reflected.Cross-site.Scripting_139.html" - }, - { - "name" : "71070", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/71070" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in spell-check-savedicts.php in the SpellChecker module in Xinha, as used in WikiWig 5.01 and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) to_p_dict or (2) to_r_list parameter. NOTE: this issue might be related to the htmlarea plugin and CVE-2013-5670." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20130901 Re: CVE request: serendipity before 1.7.3 XSS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/09/01/3" + }, + { + "name": "http://www.autosectools.com/Advisories/WikiWig.5.01_Persistent-Reflected.Cross-site.Scripting_139.html", + "refsource": "MISC", + "url": "http://www.autosectools.com/Advisories/WikiWig.5.01_Persistent-Reflected.Cross-site.Scripting_139.html" + }, + { + "name": "[oss-security] 20130901 CVE request: serendipity before 1.7.3 XSS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/09/01/1" + }, + { + "name": "16988", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/16988" + }, + { + "name": "71070", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/71070" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3337.json b/2014/3xxx/CVE-2014-3337.json index e0bb8d24664..4c5b5f69329 100644 --- a/2014/3xxx/CVE-2014-3337.json +++ b/2014/3xxx/CVE-2014-3337.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3337", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SIP implementation in Cisco Unified Communications Manager (CM) 8.6(.2) and earlier allows remote authenticated users to cause a denial of service (process crash) via a crafted SIP message that is not properly handled during processing of an XML document, aka Bug ID CSCtq76428." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3337", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35257", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35257" - }, - { - "name" : "20140811 Cisco Unified Communications Manager SIP Subsystem Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3337" - }, - { - "name" : "69177", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69177" - }, - { - "name" : "1030709", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030709" - }, - { - "name" : "60088", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60088" - }, - { - "name" : "cucm-cve20143337-dos(95245)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95245" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SIP implementation in Cisco Unified Communications Manager (CM) 8.6(.2) and earlier allows remote authenticated users to cause a denial of service (process crash) via a crafted SIP message that is not properly handled during processing of an XML document, aka Bug ID CSCtq76428." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69177", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69177" + }, + { + "name": "1030709", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030709" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35257", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35257" + }, + { + "name": "60088", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60088" + }, + { + "name": "cucm-cve20143337-dos(95245)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95245" + }, + { + "name": "20140811 Cisco Unified Communications Manager SIP Subsystem Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3337" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3483.json b/2014/3xxx/CVE-2014-3483.json index 6d93d7ae0b5..239f7e7a375 100644 --- a/2014/3xxx/CVE-2014-3483.json +++ b/2014/3xxx/CVE-2014-3483.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3483", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3483", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140702 [CVE-2014-3482] [CVE-2014-3483] Ruby on Rails: Two Active Record SQL Injection Vulnerabilities Affecting PostgreSQL", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/07/02/5" - }, - { - "name" : "[rubyonrails-security] 20140702 [CVE-2014-3482] [CVE-2014-3483] Two Active Record SQL Injection Vulnerabilities Affecting PostgreSQL", - "refsource" : "MLIST", - "url" : "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J" - }, - { - "name" : "DSA-2982", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2982" - }, - { - "name" : "RHSA-2014:0877", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0877.html" - }, - { - "name" : "68341", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68341" - }, - { - "name" : "59971", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59971" - }, - { - "name" : "60214", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60214" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:0877", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0877.html" + }, + { + "name": "59971", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59971" + }, + { + "name": "[oss-security] 20140702 [CVE-2014-3482] [CVE-2014-3483] Ruby on Rails: Two Active Record SQL Injection Vulnerabilities Affecting PostgreSQL", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/07/02/5" + }, + { + "name": "[rubyonrails-security] 20140702 [CVE-2014-3482] [CVE-2014-3483] Two Active Record SQL Injection Vulnerabilities Affecting PostgreSQL", + "refsource": "MLIST", + "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J" + }, + { + "name": "60214", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60214" + }, + { + "name": "DSA-2982", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2982" + }, + { + "name": "68341", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68341" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3676.json b/2014/3xxx/CVE-2014-3676.json index 6daf1b2c4b0..b05f94e6111 100644 --- a/2014/3xxx/CVE-2014-3676.json +++ b/2014/3xxx/CVE-2014-3676.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3676", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the \"tftp:// DHCPv6 boot option.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3676", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141013 shim RCE", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/10/13/4" - }, - { - "name" : "RHSA-2014:1801", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1801.html" - }, - { - "name" : "70409", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70409" - }, - { - "name" : "shim-cve20143676-bo(96988)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96988" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the \"tftp:// DHCPv6 boot option.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20141013 shim RCE", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/10/13/4" + }, + { + "name": "70409", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70409" + }, + { + "name": "RHSA-2014:1801", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1801.html" + }, + { + "name": "shim-cve20143676-bo(96988)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96988" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7029.json b/2014/7xxx/CVE-2014-7029.json index ce76773c9e2..f80584d00ee 100644 --- a/2014/7xxx/CVE-2014-7029.json +++ b/2014/7xxx/CVE-2014-7029.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7029", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Bultmonster Registret (aka com.bultmonster.registret) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7029", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#623065", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/623065" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Bultmonster Registret (aka com.bultmonster.registret) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#623065", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/623065" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7289.json b/2014/7xxx/CVE-2014-7289.json index 2a1e2a90464..8f2c8e0968d 100644 --- a/2014/7xxx/CVE-2014-7289.json +++ b/2014/7xxx/CVE-2014-7289.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7289", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "ID": "CVE-2014-7289", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534527/100/0/threaded" - }, - { - "name" : "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jan/91" - }, - { - "name" : "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html" - }, - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00" - }, - { - "name" : "72092", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72092" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00" + }, + { + "name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534527/100/0/threaded" + }, + { + "name": "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html" + }, + { + "name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jan/91" + }, + { + "name": "72092", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72092" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7866.json b/2014/7xxx/CVE-2014-7866.json index e6d94dbb252..60eeb94e464 100644 --- a/2014/7xxx/CVE-2014-7866.json +++ b/2014/7xxx/CVE-2014-7866.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7866", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in ZOHO ManageEngine OpManager 8 (build 88xx) through 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to write and execute arbitrary files via a .. (dot dot) in the (1) fileName parameter to the MigrateLEEData servlet or (2) zipFileName parameter in a downloadFileFromProbe operation to the MigrateCentralData servlet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7866", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141109 [The ManageOwnage series, part VIII]: Remote code execution and blind SQLi in OpManager, Social IT and IT360", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/533946/100/0/threaded" - }, - { - "name" : "20141109 [The ManageOwnage series, part VIII]: Remote code execution and blind SQLi in OpManager, Social IT and IT360", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Nov/21" - }, - { - "name" : "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_opmanager_socialit_it360.txt", - "refsource" : "MISC", - "url" : "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_opmanager_socialit_it360.txt" - }, - { - "name" : "http://packetstormsecurity.com/files/129037/ManageEngine-OpManager-Social-IT-Plus-IT360-File-Upload-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129037/ManageEngine-OpManager-Social-IT-Plus-IT360-File-Upload-SQL-Injection.html" - }, - { - "name" : "https://support.zoho.com/portal/manageengine/helpcenter/articles/fix-for-remote-code-execution-via-file-upload-vulnerability", - "refsource" : "CONFIRM", - "url" : "https://support.zoho.com/portal/manageengine/helpcenter/articles/fix-for-remote-code-execution-via-file-upload-vulnerability" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in ZOHO ManageEngine OpManager 8 (build 88xx) through 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to write and execute arbitrary files via a .. (dot dot) in the (1) fileName parameter to the MigrateLEEData servlet or (2) zipFileName parameter in a downloadFileFromProbe operation to the MigrateCentralData servlet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141109 [The ManageOwnage series, part VIII]: Remote code execution and blind SQLi in OpManager, Social IT and IT360", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Nov/21" + }, + { + "name": "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_opmanager_socialit_it360.txt", + "refsource": "MISC", + "url": "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_opmanager_socialit_it360.txt" + }, + { + "name": "20141109 [The ManageOwnage series, part VIII]: Remote code execution and blind SQLi in OpManager, Social IT and IT360", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/533946/100/0/threaded" + }, + { + "name": "https://support.zoho.com/portal/manageengine/helpcenter/articles/fix-for-remote-code-execution-via-file-upload-vulnerability", + "refsource": "CONFIRM", + "url": "https://support.zoho.com/portal/manageengine/helpcenter/articles/fix-for-remote-code-execution-via-file-upload-vulnerability" + }, + { + "name": "http://packetstormsecurity.com/files/129037/ManageEngine-OpManager-Social-IT-Plus-IT360-File-Upload-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129037/ManageEngine-OpManager-Social-IT-Plus-IT360-File-Upload-SQL-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8462.json b/2014/8xxx/CVE-2014-8462.json index 1a0a662d51f..3da2b96c52f 100644 --- a/2014/8xxx/CVE-2014-8462.json +++ b/2014/8xxx/CVE-2014-8462.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8462", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8462", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8496.json b/2014/8xxx/CVE-2014-8496.json index 374f5af22b5..c4462707ab2 100644 --- a/2014/8xxx/CVE-2014-8496.json +++ b/2014/8xxx/CVE-2014-8496.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8496", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Digicom DG-5514T ADSL router with firmware 3.2 generates predictable session IDs, which allows remote attackers to gain administrator privileges via a brute force session hijacking attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8496", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.youtube.com/watch?v=La9nMeVCtt4", - "refsource" : "MISC", - "url" : "https://www.youtube.com/watch?v=La9nMeVCtt4" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Digicom DG-5514T ADSL router with firmware 3.2 generates predictable session IDs, which allows remote attackers to gain administrator privileges via a brute force session hijacking attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.youtube.com/watch?v=La9nMeVCtt4", + "refsource": "MISC", + "url": "https://www.youtube.com/watch?v=La9nMeVCtt4" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8935.json b/2014/8xxx/CVE-2014-8935.json index 06231a10c26..efb59a21657 100644 --- a/2014/8xxx/CVE-2014-8935.json +++ b/2014/8xxx/CVE-2014-8935.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8935", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8935", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8973.json b/2014/8xxx/CVE-2014-8973.json index f73af6c7fb5..7b85056f2c6 100644 --- a/2014/8xxx/CVE-2014-8973.json +++ b/2014/8xxx/CVE-2014-8973.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8973", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8973", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8976.json b/2014/8xxx/CVE-2014-8976.json index 3c59ad41eab..a3264e65e00 100644 --- a/2014/8xxx/CVE-2014-8976.json +++ b/2014/8xxx/CVE-2014-8976.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8976", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8976", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9007.json b/2014/9xxx/CVE-2014-9007.json index 704ced324f6..47878860073 100644 --- a/2014/9xxx/CVE-2014-9007.json +++ b/2014/9xxx/CVE-2014-9007.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9007", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9007", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9687.json b/2014/9xxx/CVE-2014-9687.json index d1b7dbaa35f..ce3714e1960 100644 --- a/2014/9xxx/CVE-2014-9687.json +++ b/2014/9xxx/CVE-2014-9687.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9687", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "eCryptfs 104 and earlier uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute force attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9687", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150210 Re: eCryptfs key wrapping help to crack user password", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/02/10/16" - }, - { - "name" : "[oss-security] 20150217 CVE request: Linux kernel ecryptfs 1-byte overwrite", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/02/17/7" - }, - { - "name" : "[oss-security] 20150227 Re: eCryptfs key wrapping help to crack user password", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/02/28/3" - }, - { - "name" : "https://bugs.launchpad.net/ecryptfs/+bug/906550", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/ecryptfs/+bug/906550" - }, - { - "name" : "openSUSE-SU-2016:0291", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-01/msg00118.html" - }, - { - "name" : "USN-2524-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2524-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "eCryptfs 104 and earlier uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute force attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2016:0291", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00118.html" + }, + { + "name": "[oss-security] 20150227 Re: eCryptfs key wrapping help to crack user password", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/02/28/3" + }, + { + "name": "[oss-security] 20150217 CVE request: Linux kernel ecryptfs 1-byte overwrite", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/02/17/7" + }, + { + "name": "[oss-security] 20150210 Re: eCryptfs key wrapping help to crack user password", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/02/10/16" + }, + { + "name": "https://bugs.launchpad.net/ecryptfs/+bug/906550", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/ecryptfs/+bug/906550" + }, + { + "name": "USN-2524-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2524-1" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9809.json b/2014/9xxx/CVE-2014-9809.json index ac80eae3a87..f93fda3797a 100644 --- a/2014/9xxx/CVE-2014-9809.json +++ b/2014/9xxx/CVE-2014-9809.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9809", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted xwd image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9809", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141224 Imagemagick fuzzing bug", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/12/24/1" - }, - { - "name" : "[oss-security] 20160602 Re: ImageMagick CVEs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/02/13" - }, - { - "name" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=82f779cbc24045af2eaecb95d0842ca7b97c71f4", - "refsource" : "CONFIRM", - "url" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=82f779cbc24045af2eaecb95d0842ca7b97c71f4" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343465", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343465" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted xwd image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160602 Re: ImageMagick CVEs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" + }, + { + "name": "[oss-security] 20141224 Imagemagick fuzzing bug", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/12/24/1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343465", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343465" + }, + { + "name": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=82f779cbc24045af2eaecb95d0842ca7b97c71f4", + "refsource": "CONFIRM", + "url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=82f779cbc24045af2eaecb95d0842ca7b97c71f4" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2302.json b/2016/2xxx/CVE-2016-2302.json index 8f3cc3e4c7d..1d7896a980a 100644 --- a/2016/2xxx/CVE-2016-2302.json +++ b/2016/2xxx/CVE-2016-2302.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2302", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-2302", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2519.json b/2016/2xxx/CVE-2016-2519.json index 023f8ea54c0..a10f6f47505 100644 --- a/2016/2xxx/CVE-2016-2519.json +++ b/2016/2xxx/CVE-2016-2519.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2519", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2519", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.ntp.org/bin/view/Main/NtpBug3008", - "refsource" : "CONFIRM", - "url" : "http://support.ntp.org/bin/view/Main/NtpBug3008" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20171004-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20171004-0002/" - }, - { - "name" : "FreeBSD-SA-16:16", - "refsource" : "FREEBSD", - "url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc" - }, - { - "name" : "GLSA-201607-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201607-15" - }, - { - "name" : "VU#718152", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/718152" - }, - { - "name" : "88204", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/88204" - }, - { - "name" : "1035705", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035705" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.ntp.org/bin/view/Main/NtpBug3008", + "refsource": "CONFIRM", + "url": "http://support.ntp.org/bin/view/Main/NtpBug3008" + }, + { + "name": "VU#718152", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/718152" + }, + { + "name": "1035705", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035705" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20171004-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20171004-0002/" + }, + { + "name": "FreeBSD-SA-16:16", + "refsource": "FREEBSD", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc" + }, + { + "name": "88204", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/88204" + }, + { + "name": "GLSA-201607-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201607-15" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2609.json b/2016/2xxx/CVE-2016-2609.json index 7dec97287ba..e3e4ed9c14c 100644 --- a/2016/2xxx/CVE-2016-2609.json +++ b/2016/2xxx/CVE-2016-2609.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2609", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2609", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2784.json b/2016/2xxx/CVE-2016-2784.json index 68ed21fc14c..e1fab269ef1 100644 --- a/2016/2xxx/CVE-2016-2784.json +++ b/2016/2xxx/CVE-2016-2784.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2784", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Cache is activated, allow remote attackers to conduct cache poisoning attacks, modify links, and conduct cross-site scripting (XSS) attacks via a crafted HTTP Host header in a request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2784", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160504 CVE-2016-2784: CMS Made Simple < 2.1.3 & < 1.12.2 Web server Cache Poisoning", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/538272/100/0/threaded" - }, - { - "name" : "39760", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/39760/" - }, - { - "name" : "20160506 CVE-2016-2784: CMS Made Simple < 2.1.3 & < 1.12.2 Web server Cache Poisoning", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/May/15" - }, - { - "name" : "http://packetstormsecurity.com/files/136897/CMS-Made-Simple-Cache-Poisoning.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/136897/CMS-Made-Simple-Cache-Poisoning.html" - }, - { - "name" : "http://www.cmsmadesimple.org/2016/03/Announcing-CMSMS-1-12-2-kolonia/", - "refsource" : "CONFIRM", - "url" : "http://www.cmsmadesimple.org/2016/03/Announcing-CMSMS-1-12-2-kolonia/" - }, - { - "name" : "http://www.cmsmadesimple.org/2016/04/Announcing-CMSMS-2-1-3-Black-Point/", - "refsource" : "CONFIRM", - "url" : "http://www.cmsmadesimple.org/2016/04/Announcing-CMSMS-2-1-3-Black-Point/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Cache is activated, allow remote attackers to conduct cache poisoning attacks, modify links, and conduct cross-site scripting (XSS) attacks via a crafted HTTP Host header in a request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/136897/CMS-Made-Simple-Cache-Poisoning.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/136897/CMS-Made-Simple-Cache-Poisoning.html" + }, + { + "name": "20160506 CVE-2016-2784: CMS Made Simple < 2.1.3 & < 1.12.2 Web server Cache Poisoning", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/May/15" + }, + { + "name": "20160504 CVE-2016-2784: CMS Made Simple < 2.1.3 & < 1.12.2 Web server Cache Poisoning", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/538272/100/0/threaded" + }, + { + "name": "http://www.cmsmadesimple.org/2016/03/Announcing-CMSMS-1-12-2-kolonia/", + "refsource": "CONFIRM", + "url": "http://www.cmsmadesimple.org/2016/03/Announcing-CMSMS-1-12-2-kolonia/" + }, + { + "name": "39760", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/39760/" + }, + { + "name": "http://www.cmsmadesimple.org/2016/04/Announcing-CMSMS-2-1-3-Black-Point/", + "refsource": "CONFIRM", + "url": "http://www.cmsmadesimple.org/2016/04/Announcing-CMSMS-2-1-3-Black-Point/" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6340.json b/2016/6xxx/CVE-2016-6340.json index f508b729ee3..bd6331d00a3 100644 --- a/2016/6xxx/CVE-2016-6340.json +++ b/2016/6xxx/CVE-2016-6340.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-6340", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-6340", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1370315", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1370315" - }, - { - "name" : "92655", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92655" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1370315", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1370315" + }, + { + "name": "92655", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92655" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6384.json b/2016/6xxx/CVE-2016-6384.json index 01c98addd86..7250d8728f5 100644 --- a/2016/6xxx/CVE-2016-6384.json +++ b/2016/6xxx/CVE-2016-6384.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6384", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS 12.2 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.17 and 16.2 allow remote attackers to cause a denial of service (device reload) via crafted fields in an H.323 message, aka Bug ID CSCux04257." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6384", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160928 Cisco IOS and IOS XE Software H.323 Message Validation Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-h323" - }, - { - "name" : "93209", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93209" - }, - { - "name" : "1036914", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036914" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS 12.2 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.17 and 16.2 allow remote attackers to cause a denial of service (device reload) via crafted fields in an H.323 message, aka Bug ID CSCux04257." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036914", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036914" + }, + { + "name": "20160928 Cisco IOS and IOS XE Software H.323 Message Validation Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-h323" + }, + { + "name": "93209", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93209" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6568.json b/2016/6xxx/CVE-2016-6568.json index 8a6015251c5..d21fbdc0931 100644 --- a/2016/6xxx/CVE-2016-6568.json +++ b/2016/6xxx/CVE-2016-6568.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6568", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6568", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7366.json b/2016/7xxx/CVE-2016-7366.json index d3e6918c236..bc967005efe 100644 --- a/2016/7xxx/CVE-2016-7366.json +++ b/2016/7xxx/CVE-2016-7366.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7366", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7366", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7802.json b/2016/7xxx/CVE-2016-7802.json index 98737646364..5f847ba8504 100644 --- a/2016/7xxx/CVE-2016-7802.json +++ b/2016/7xxx/CVE-2016-7802.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2016-7802", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2016-7802", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.cybozu.com/ja-jp/article/9561", - "refsource" : "CONFIRM", - "url" : "https://support.cybozu.com/ja-jp/article/9561" - }, - { - "name" : "JVN#16200242", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN16200242/index.html" - }, - { - "name" : "94967", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94967" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.cybozu.com/ja-jp/article/9561", + "refsource": "CONFIRM", + "url": "https://support.cybozu.com/ja-jp/article/9561" + }, + { + "name": "JVN#16200242", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN16200242/index.html" + }, + { + "name": "94967", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94967" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7957.json b/2016/7xxx/CVE-2016-7957.json index 30b9bb73d94..a1f5711bc7f 100644 --- a/2016/7xxx/CVE-2016-7957.json +++ b/2016/7xxx/CVE-2016-7957.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7957", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Wireshark 2.2.0, the Bluetooth L2CAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-btl2cap.c by avoiding use of a seven-byte memcmp for potentially shorter strings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7957", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12825", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12825" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=355b56b1c6c545072ac0c1225730b526c6749f0a", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=355b56b1c6c545072ac0c1225730b526c6749f0a" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2016-56.html", - "refsource" : "CONFIRM", - "url" : "https://www.wireshark.org/security/wnpa-sec-2016-56.html" - }, - { - "name" : "97597", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97597" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 2.2.0, the Bluetooth L2CAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-btl2cap.c by avoiding use of a seven-byte memcmp for potentially shorter strings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=355b56b1c6c545072ac0c1225730b526c6749f0a", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=355b56b1c6c545072ac0c1225730b526c6749f0a" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12825", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12825" + }, + { + "name": "97597", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97597" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2016-56.html", + "refsource": "CONFIRM", + "url": "https://www.wireshark.org/security/wnpa-sec-2016-56.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/1001xxx/CVE-2017-1001003.json b/2017/1001xxx/CVE-2017-1001003.json index 184687b2002..125a07315e8 100644 --- a/2017/1001xxx/CVE-2017-1001003.json +++ b/2017/1001xxx/CVE-2017-1001003.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "ID" : "CVE-2017-1001003", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "math.js", - "version" : { - "version_data" : [ - { - "version_value" : "3.17.0" - } - ] - } - } - ] - }, - "vendor_name" : "math.js" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-88: Argument Injection or Modification" - } + "CVE_data_meta": { + "ASSIGNER": "josh@bress.net", + "ID": "CVE-2017-1001003", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "math.js", + "version": { + "version_data": [ + { + "version_value": "3.17.0" + } + ] + } + } + ] + }, + "vendor_name": "math.js" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/josdejong/mathjs/blob/master/HISTORY.md#2017-11-18-version-3170", - "refsource" : "CONFIRM", - "url" : "https://github.com/josdejong/mathjs/blob/master/HISTORY.md#2017-11-18-version-3170" - }, - { - "name" : "https://github.com/josdejong/mathjs/commit/a60f3c8d9dd714244aed7a5569c3dccaa3a4e761", - "refsource" : "CONFIRM", - "url" : "https://github.com/josdejong/mathjs/commit/a60f3c8d9dd714244aed7a5569c3dccaa3a4e761" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-88: Argument Injection or Modification" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/josdejong/mathjs/blob/master/HISTORY.md#2017-11-18-version-3170", + "refsource": "CONFIRM", + "url": "https://github.com/josdejong/mathjs/blob/master/HISTORY.md#2017-11-18-version-3170" + }, + { + "name": "https://github.com/josdejong/mathjs/commit/a60f3c8d9dd714244aed7a5569c3dccaa3a4e761", + "refsource": "CONFIRM", + "url": "https://github.com/josdejong/mathjs/commit/a60f3c8d9dd714244aed7a5569c3dccaa3a4e761" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5033.json b/2017/5xxx/CVE-2017-5033.json index 6d7df6cad4d..a0f7e7c47fa 100644 --- a/2017/5xxx/CVE-2017-5033.json +++ b/2017/5xxx/CVE-2017-5033.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5033", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page, related to the unsafe-inline keyword." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "insufficient policy enforcement" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5033", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://twitter.com/Ma7h1as/status/907641276434063361", - "refsource" : "MISC", - "url" : "https://twitter.com/Ma7h1as/status/907641276434063361" - }, - { - "name" : "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/669086", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/669086" - }, - { - "name" : "DSA-3810", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3810" - }, - { - "name" : "GLSA-201704-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201704-02" - }, - { - "name" : "RHSA-2017:0499", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0499.html" - }, - { - "name" : "96767", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96767" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page, related to the unsafe-inline keyword." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "insufficient policy enforcement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" + }, + { + "name": "https://twitter.com/Ma7h1as/status/907641276434063361", + "refsource": "MISC", + "url": "https://twitter.com/Ma7h1as/status/907641276434063361" + }, + { + "name": "https://crbug.com/669086", + "refsource": "CONFIRM", + "url": "https://crbug.com/669086" + }, + { + "name": "GLSA-201704-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201704-02" + }, + { + "name": "DSA-3810", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3810" + }, + { + "name": "96767", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96767" + }, + { + "name": "RHSA-2017:0499", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5305.json b/2017/5xxx/CVE-2017-5305.json index 96fac0789fc..80987e4d63d 100644 --- a/2017/5xxx/CVE-2017-5305.json +++ b/2017/5xxx/CVE-2017-5305.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5305", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5305", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5569.json b/2017/5xxx/CVE-2017-5569.json index a7b46c97c2a..8aea32a6d0b 100644 --- a/2017/5xxx/CVE-2017-5569.json +++ b/2017/5xxx/CVE-2017-5569.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5569", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the template.jsp, which can be exploited without the need of authentication and via an HTTP POST request, and which can be used to dump database data out to a malicious server, using an out-of-band technique such as select_loadfile()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5569", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gist.github.com/malerisch/d32d127a002ac1f10bce39333ca9a4dc", - "refsource" : "MISC", - "url" : "https://gist.github.com/malerisch/d32d127a002ac1f10bce39333ca9a4dc" - }, - { - "name" : "95741", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95741" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the template.jsp, which can be exploited without the need of authentication and via an HTTP POST request, and which can be used to dump database data out to a malicious server, using an out-of-band technique such as select_loadfile()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95741", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95741" + }, + { + "name": "https://gist.github.com/malerisch/d32d127a002ac1f10bce39333ca9a4dc", + "refsource": "MISC", + "url": "https://gist.github.com/malerisch/d32d127a002ac1f10bce39333ca9a4dc" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5643.json b/2017/5xxx/CVE-2017-5643.json index 3233c23989d..9b04fed222e 100644 --- a/2017/5xxx/CVE-2017-5643.json +++ b/2017/5xxx/CVE-2017-5643.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "ID" : "CVE-2017-5643", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Camel", - "version" : { - "version_data" : [ - { - "version_value" : "2.17.0 to 2.17.5" - }, - { - "version_value" : "2.18.0 to 2.18.2" - }, - { - "version_value" : "The unsupported Camel 2.x (2.16 and earlier) versions may be also affected." - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "SSRF" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "ID": "CVE-2017-5643", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Camel", + "version": { + "version_data": [ + { + "version_value": "2.17.0 to 2.17.5" + }, + { + "version_value": "2.18.0 to 2.18.2" + }, + { + "version_value": "The unsupported Camel 2.x (2.16 and earlier) versions may be also affected." + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://camel.apache.org/security-advisories.data/CVE-2017-5643.txt.asc?version=1&modificationDate=1489652454000&api=v2", - "refsource" : "CONFIRM", - "url" : "http://camel.apache.org/security-advisories.data/CVE-2017-5643.txt.asc?version=1&modificationDate=1489652454000&api=v2" - }, - { - "name" : "RHSA-2017:1832", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1832" - }, - { - "name" : "97226", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97226" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SSRF" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97226", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97226" + }, + { + "name": "RHSA-2017:1832", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1832" + }, + { + "name": "http://camel.apache.org/security-advisories.data/CVE-2017-5643.txt.asc?version=1&modificationDate=1489652454000&api=v2", + "refsource": "CONFIRM", + "url": "http://camel.apache.org/security-advisories.data/CVE-2017-5643.txt.asc?version=1&modificationDate=1489652454000&api=v2" + } + ] + } +} \ No newline at end of file