From ee74876aa5b9227e972b4c7186ce6c3f3f7f2fae Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 05:00:03 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0055.json | 170 +-- 2006/0xxx/CVE-2006-0085.json | 150 +-- 2006/0xxx/CVE-2006-0209.json | 210 ++-- 2006/0xxx/CVE-2006-0711.json | 170 +-- 2006/3xxx/CVE-2006-3273.json | 170 +-- 2006/3xxx/CVE-2006-3525.json | 130 +-- 2006/3xxx/CVE-2006-3751.json | 170 +-- 2006/3xxx/CVE-2006-3762.json | 120 +-- 2006/3xxx/CVE-2006-3816.json | 150 +-- 2006/4xxx/CVE-2006-4033.json | 210 ++-- 2006/4xxx/CVE-2006-4149.json | 34 +- 2006/4xxx/CVE-2006-4625.json | 340 +++--- 2006/4xxx/CVE-2006-4679.json | 170 +-- 2006/6xxx/CVE-2006-6858.json | 140 +-- 2006/7xxx/CVE-2006-7230.json | 390 +++---- 2010/2xxx/CVE-2010-2028.json | 150 +-- 2010/2xxx/CVE-2010-2298.json | 150 +-- 2010/2xxx/CVE-2010-2537.json | 210 ++-- 2010/2xxx/CVE-2010-2766.json | 250 ++--- 2010/2xxx/CVE-2010-2769.json | 240 ++--- 2010/2xxx/CVE-2010-2886.json | 150 +-- 2010/3xxx/CVE-2010-3606.json | 160 +-- 2010/3xxx/CVE-2010-3820.json | 210 ++-- 2010/3xxx/CVE-2010-3971.json | 270 ++--- 2011/0xxx/CVE-2011-0039.json | 170 +-- 2011/0xxx/CVE-2011-0848.json | 130 +-- 2011/1xxx/CVE-2011-1229.json | 220 ++-- 2011/1xxx/CVE-2011-1822.json | 130 +-- 2011/1xxx/CVE-2011-1958.json | 290 +++--- 2011/5xxx/CVE-2011-5047.json | 160 +-- 2014/3xxx/CVE-2014-3142.json | 34 +- 2014/3xxx/CVE-2014-3182.json | 190 ++-- 2014/3xxx/CVE-2014-3490.json | 250 ++--- 2014/3xxx/CVE-2014-3604.json | 160 +-- 2014/6xxx/CVE-2014-6020.json | 140 +-- 2014/6xxx/CVE-2014-6943.json | 140 +-- 2014/7xxx/CVE-2014-7169.json | 1760 ++++++++++++++++---------------- 2014/7xxx/CVE-2014-7207.json | 170 +-- 2014/7xxx/CVE-2014-7311.json | 34 +- 2014/7xxx/CVE-2014-7843.json | 180 ++-- 2014/7xxx/CVE-2014-7920.json | 130 +-- 2014/8xxx/CVE-2014-8000.json | 170 +-- 2016/2xxx/CVE-2016-2282.json | 120 +-- 2016/2xxx/CVE-2016-2311.json | 120 +-- 2016/2xxx/CVE-2016-2342.json | 220 ++-- 2016/2xxx/CVE-2016-2498.json | 120 +-- 2016/2xxx/CVE-2016-2615.json | 34 +- 2016/6xxx/CVE-2016-6697.json | 34 +- 2017/18xxx/CVE-2017-18177.json | 130 +-- 2017/1xxx/CVE-2017-1463.json | 34 +- 2017/1xxx/CVE-2017-1776.json | 34 +- 2017/5xxx/CVE-2017-5282.json | 34 +- 2017/5xxx/CVE-2017-5366.json | 34 +- 2017/5xxx/CVE-2017-5707.json | 182 ++-- 2017/5xxx/CVE-2017-5958.json | 34 +- 55 files changed, 5051 insertions(+), 5051 deletions(-) diff --git a/2006/0xxx/CVE-2006-0055.json b/2006/0xxx/CVE-2006-0055.json index 1dd8adfa43e..9d3298746c0 100644 --- a/2006/0xxx/CVE-2006-0055.json +++ b/2006/0xxx/CVE-2006-0055.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0055", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable filenames and does not confirm which file is being written, which allows local users to overwrite arbitrary files via a symlink attack when ee invokes ispell." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secteam@freebsd.org", + "ID": "CVE-2006-0055", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FreeBSD-SA-06:02", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:02.ee.asc" - }, - { - "name" : "16207", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16207" - }, - { - "name" : "22320", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22320" - }, - { - "name" : "1015469", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015469" - }, - { - "name" : "18404", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18404" - }, - { - "name" : "ee-ispell-op-symlink(24074)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24074" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable filenames and does not confirm which file is being written, which allows local users to overwrite arbitrary files via a symlink attack when ee invokes ispell." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16207", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16207" + }, + { + "name": "FreeBSD-SA-06:02", + "refsource": "FREEBSD", + "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:02.ee.asc" + }, + { + "name": "ee-ispell-op-symlink(24074)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24074" + }, + { + "name": "1015469", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015469" + }, + { + "name": "22320", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22320" + }, + { + "name": "18404", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18404" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0085.json b/2006/0xxx/CVE-2006-0085.json index 882d8f04130..88bc8c66ac5 100644 --- a/2006/0xxx/CVE-2006-0085.json +++ b/2006/0xxx/CVE-2006-0085.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0085", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Nkads 1.0 alfa 3 allows remote attackers to execute arbitrary SQL commands via the (1) usuario_nkads_admin or (2) password_nkads_admin parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0085", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.soulblack.com.ar/repo/papers/advisory/nkads_advisory.txt", - "refsource" : "MISC", - "url" : "http://www.soulblack.com.ar/repo/papers/advisory/nkads_advisory.txt" - }, - { - "name" : "ADV-2006-0040", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0040" - }, - { - "name" : "22206", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22206" - }, - { - "name" : "18302", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18302" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Nkads 1.0 alfa 3 allows remote attackers to execute arbitrary SQL commands via the (1) usuario_nkads_admin or (2) password_nkads_admin parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0040", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0040" + }, + { + "name": "http://www.soulblack.com.ar/repo/papers/advisory/nkads_advisory.txt", + "refsource": "MISC", + "url": "http://www.soulblack.com.ar/repo/papers/advisory/nkads_advisory.txt" + }, + { + "name": "22206", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22206" + }, + { + "name": "18302", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18302" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0209.json b/2006/0xxx/CVE-2006-0209.json index ef04bf40038..d7242babea1 100644 --- a/2006/0xxx/CVE-2006-0209.json +++ b/2006/0xxx/CVE-2006-0209.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0209", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in general_functions.php in TankLogger 2.4 allows remote attackers to execute arbitrary SQL commands via the (1) livestock_id parameter to showInfo.php and (2) tank_id parameter, possibly to livestock.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0209", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060112 [eVuln] TankLogger SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/421743/100/0/threaded" - }, - { - "name" : "20060113 Verified TankLogger SQl inject by source inspection", - "refsource" : "VIM", - "url" : "http://attrition.org/pipermail/vim/2006-January/000480.html" - }, - { - "name" : "http://evuln.com/vulns/26/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/26/summary.html" - }, - { - "name" : "16228", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16228" - }, - { - "name" : "ADV-2006-0153", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0153" - }, - { - "name" : "22368", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22368" - }, - { - "name" : "22369", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22369" - }, - { - "name" : "18441", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18441" - }, - { - "name" : "341", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/341" - }, - { - "name" : "tanklogger-generalfunctions-sql-injection(24080)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24080" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in general_functions.php in TankLogger 2.4 allows remote attackers to execute arbitrary SQL commands via the (1) livestock_id parameter to showInfo.php and (2) tank_id parameter, possibly to livestock.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "tanklogger-generalfunctions-sql-injection(24080)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24080" + }, + { + "name": "22368", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22368" + }, + { + "name": "18441", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18441" + }, + { + "name": "16228", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16228" + }, + { + "name": "22369", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22369" + }, + { + "name": "20060113 Verified TankLogger SQl inject by source inspection", + "refsource": "VIM", + "url": "http://attrition.org/pipermail/vim/2006-January/000480.html" + }, + { + "name": "341", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/341" + }, + { + "name": "20060112 [eVuln] TankLogger SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/421743/100/0/threaded" + }, + { + "name": "http://evuln.com/vulns/26/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/26/summary.html" + }, + { + "name": "ADV-2006-0153", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0153" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0711.json b/2006/0xxx/CVE-2006-0711.json index e5ebae3c0ad..55d47ae4be0 100644 --- a/2006/0xxx/CVE-2006-0711.json +++ b/2006/0xxx/CVE-2006-0711.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0711", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) addfolder and (2) deletefolder functions in neomail-prefs.pl in NeoMail 1.28 do not validate the Session ID, which allows remote attackers to add and delete arbitrary files, when configured with homedirfolders and homedirspools disabled." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0711", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2006-3/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2006-3/advisory/" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=392562&group_id=2874", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=392562&group_id=2874" - }, - { - "name" : "16651", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16651" - }, - { - "name" : "ADV-2006-0564", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0564" - }, - { - "name" : "18785", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18785" - }, - { - "name" : "neomail-neomailprefs-bypass-security(24737)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24737" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) addfolder and (2) deletefolder functions in neomail-prefs.pl in NeoMail 1.28 do not validate the Session ID, which allows remote attackers to add and delete arbitrary files, when configured with homedirfolders and homedirspools disabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0564", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0564" + }, + { + "name": "http://secunia.com/secunia_research/2006-3/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2006-3/advisory/" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=392562&group_id=2874", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=392562&group_id=2874" + }, + { + "name": "16651", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16651" + }, + { + "name": "neomail-neomailprefs-bypass-security(24737)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24737" + }, + { + "name": "18785", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18785" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3273.json b/2006/3xxx/CVE-2006-3273.json index ab0ab9eebf9..f217242c650 100644 --- a/2006/3xxx/CVE-2006-3273.json +++ b/2006/3xxx/CVE-2006-3273.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3273", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in menu.php in Some Chess 1.5 rc1 allows remote attackers to inject arbitrary web script or HTML via the user parameter (\"New Name\" field)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3273", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060620 Somechess v1.5 rc1 - XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438009/100/0/threaded" - }, - { - "name" : "18557", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18557" - }, - { - "name" : "1016360", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016360" - }, - { - "name" : "20770", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20770" - }, - { - "name" : "1162", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1162" - }, - { - "name" : "somechess-menu-xss(27307)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in menu.php in Some Chess 1.5 rc1 allows remote attackers to inject arbitrary web script or HTML via the user parameter (\"New Name\" field)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016360", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016360" + }, + { + "name": "1162", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1162" + }, + { + "name": "18557", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18557" + }, + { + "name": "20060620 Somechess v1.5 rc1 - XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438009/100/0/threaded" + }, + { + "name": "20770", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20770" + }, + { + "name": "somechess-menu-xss(27307)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27307" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3525.json b/2006/3xxx/CVE-2006-3525.json index 0c44d5d6a17..005fa79b586 100644 --- a/2006/3xxx/CVE-2006-3525.json +++ b/2006/3xxx/CVE-2006-3525.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3525", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in category.php in PHCDownload 1.0.0 Final and 1.0.0 Release Candidate 6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3525", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/06/phcdownload-sql-injection-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/06/phcdownload-sql-injection-vuln.html" - }, - { - "name" : "phcdownload-category-sql-injection(27238)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27238" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in category.php in PHCDownload 1.0.0 Final and 1.0.0 Release Candidate 6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pridels0.blogspot.com/2006/06/phcdownload-sql-injection-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/06/phcdownload-sql-injection-vuln.html" + }, + { + "name": "phcdownload-category-sql-injection(27238)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27238" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3751.json b/2006/3xxx/CVE-2006-3751.json index b4c94815e3f..e08333dc15e 100644 --- a/2006/3xxx/CVE-2006-3751.json +++ b/2006/3xxx/CVE-2006-3751.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3751", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in popups/ImageManager/config.inc.php in the HTMLArea3 Addon Component (com_htmlarea3_xtd-c) for ImageManager 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3751", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060712 [ECHO_ADV_38$2006] Multiple Mambo/Joomla Component Remote File Include Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-07/0180.html" - }, - { - "name" : "http://advisories.echo.or.id/adv/adv38-matdhule-2006.txt", - "refsource" : "MISC", - "url" : "http://advisories.echo.or.id/adv/adv38-matdhule-2006.txt" - }, - { - "name" : "2027", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2027" - }, - { - "name" : "19047", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19047" - }, - { - "name" : "1249", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1249" - }, - { - "name" : "imagemanager-configinc-file-include(27721)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27721" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in popups/ImageManager/config.inc.php in the HTMLArea3 Addon Component (com_htmlarea3_xtd-c) for ImageManager 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060712 [ECHO_ADV_38$2006] Multiple Mambo/Joomla Component Remote File Include Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0180.html" + }, + { + "name": "1249", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1249" + }, + { + "name": "http://advisories.echo.or.id/adv/adv38-matdhule-2006.txt", + "refsource": "MISC", + "url": "http://advisories.echo.or.id/adv/adv38-matdhule-2006.txt" + }, + { + "name": "2027", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2027" + }, + { + "name": "19047", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19047" + }, + { + "name": "imagemanager-configinc-file-include(27721)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27721" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3762.json b/2006/3xxx/CVE-2006-3762.json index fda64e38eab..a4050e449b3 100644 --- a/2006/3xxx/CVE-2006-3762.json +++ b/2006/3xxx/CVE-2006-3762.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3762", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Touch Control ActiveX control 2.0.0.55 allows remote attackers to read and possibly execute arbitrary files via a \"file///\" URI in the sPath parameter to the Execute function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3762", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060705 Touch arbitrary file execute vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/439154/100/100/threaded" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Touch Control ActiveX control 2.0.0.55 allows remote attackers to read and possibly execute arbitrary files via a \"file///\" URI in the sPath parameter to the Execute function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060705 Touch arbitrary file execute vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/439154/100/100/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3816.json b/2006/3xxx/CVE-2006-3816.json index 9ab9072ddc5..5b75c4c2f44 100644 --- a/2006/3xxx/CVE-2006-3816.json +++ b/2006/3xxx/CVE-2006-3816.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3816", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Krusader 1.50-beta1 up to 1.70.0 stores passwords for remote connections in cleartext in the bookmark file (krbookmarks.xml), which allows attackers to steal passwords by obtaining the file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3816", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://krusader.sourceforge.net/phpBB/viewtopic.php?p=7965", - "refsource" : "CONFIRM", - "url" : "http://krusader.sourceforge.net/phpBB/viewtopic.php?p=7965" - }, - { - "name" : "http://groups.google.com/group/krusader-news/browse_thread/thread/ec719041ed4a1a14", - "refsource" : "CONFIRM", - "url" : "http://groups.google.com/group/krusader-news/browse_thread/thread/ec719041ed4a1a14" - }, - { - "name" : "19194", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19194" - }, - { - "name" : "ADV-2006-2992", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2992" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Krusader 1.50-beta1 up to 1.70.0 stores passwords for remote connections in cleartext in the bookmark file (krbookmarks.xml), which allows attackers to steal passwords by obtaining the file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19194", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19194" + }, + { + "name": "http://groups.google.com/group/krusader-news/browse_thread/thread/ec719041ed4a1a14", + "refsource": "CONFIRM", + "url": "http://groups.google.com/group/krusader-news/browse_thread/thread/ec719041ed4a1a14" + }, + { + "name": "ADV-2006-2992", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2992" + }, + { + "name": "http://krusader.sourceforge.net/phpBB/viewtopic.php?p=7965", + "refsource": "CONFIRM", + "url": "http://krusader.sourceforge.net/phpBB/viewtopic.php?p=7965" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4033.json b/2006/4xxx/CVE-2006-4033.json index 0425bc79415..f3547c8e258 100644 --- a/2006/4xxx/CVE-2006-4033.json +++ b/2006/4xxx/CVE-2006-4033.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4033", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Lhaplus.exe in Lhaplus 1.52, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LZH archive with a long header, as specified by the extendedHeaderSize." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4033", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060801 [vuln.sg] Lhaplus LHA Extended Header Handling Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441822/100/0/threaded" - }, - { - "name" : "http://vuln.sg/lhaplus152-en.html", - "refsource" : "MISC", - "url" : "http://vuln.sg/lhaplus152-en.html" - }, - { - "name" : "http://www7a.biglobe.ne.jp/~schezo/", - "refsource" : "CONFIRM", - "url" : "http://www7a.biglobe.ne.jp/~schezo/" - }, - { - "name" : "19263", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19263" - }, - { - "name" : "ADV-2006-3076", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3076" - }, - { - "name" : "27667", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27667" - }, - { - "name" : "1016615", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016615" - }, - { - "name" : "21256", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21256" - }, - { - "name" : "1351", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1351" - }, - { - "name" : "lhaplus-lzh-header-bo(28102)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28102" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Lhaplus.exe in Lhaplus 1.52, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LZH archive with a long header, as specified by the extendedHeaderSize." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "lhaplus-lzh-header-bo(28102)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28102" + }, + { + "name": "21256", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21256" + }, + { + "name": "20060801 [vuln.sg] Lhaplus LHA Extended Header Handling Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441822/100/0/threaded" + }, + { + "name": "19263", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19263" + }, + { + "name": "27667", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27667" + }, + { + "name": "http://www7a.biglobe.ne.jp/~schezo/", + "refsource": "CONFIRM", + "url": "http://www7a.biglobe.ne.jp/~schezo/" + }, + { + "name": "1016615", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016615" + }, + { + "name": "http://vuln.sg/lhaplus152-en.html", + "refsource": "MISC", + "url": "http://vuln.sg/lhaplus152-en.html" + }, + { + "name": "1351", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1351" + }, + { + "name": "ADV-2006-3076", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3076" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4149.json b/2006/4xxx/CVE-2006-4149.json index b1d220e3f2c..9689c1848a2 100644 --- a/2006/4xxx/CVE-2006-4149.json +++ b/2006/4xxx/CVE-2006-4149.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4149", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4149", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4625.json b/2006/4xxx/CVE-2006-4625.json index bd4074b12f7..d1ea2831125 100644 --- a/2006/4xxx/CVE-2006-4625.json +++ b/2006/4xxx/CVE-2006-4625.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4625", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4625", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060909 PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore()", - "refsource" : "SREASONRES", - "url" : "http://securityreason.com/achievement_securityalert/42" - }, - { - "name" : "20060909 Re: PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore()", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445712/100/0/threaded" - }, - { - "name" : "20060913 Re: PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore()", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445882/100/0/threaded" - }, - { - "name" : "HPSBMA02215", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506" - }, - { - "name" : "SSRT071423", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506" - }, - { - "name" : "HPSBTU02232", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137" - }, - { - "name" : "SSRT071429", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137" - }, - { - "name" : "MDKSA-2006:185", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:185" - }, - { - "name" : "OpenPKG-SA-2006.023", - "refsource" : "OPENPKG", - "url" : "http://www.securityfocus.com/archive/1/448953/100/0/threaded" - }, - { - "name" : "SUSE-SA:2006:059", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2006-Oct/0002.html" - }, - { - "name" : "TLSA-2006-38", - "refsource" : "TURBO", - "url" : "http://www.turbolinux.com/security/2006/TLSA-2006-38.txt" - }, - { - "name" : "USN-362-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-362-1" - }, - { - "name" : "19933", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19933" - }, - { - "name" : "ADV-2007-1991", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1991" - }, - { - "name" : "ADV-2007-2374", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2374" - }, - { - "name" : "22282", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22282" - }, - { - "name" : "22338", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22338" - }, - { - "name" : "22424", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22424" - }, - { - "name" : "22331", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22331" - }, - { - "name" : "25423", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25423" - }, - { - "name" : "25850", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25850" - }, - { - "name" : "1519", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1519" - }, - { - "name" : "php-inirestore-security-bypass(28853)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28853" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-1991", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1991" + }, + { + "name": "22338", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22338" + }, + { + "name": "SSRT071423", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506" + }, + { + "name": "20060909 Re: PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore()", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445712/100/0/threaded" + }, + { + "name": "OpenPKG-SA-2006.023", + "refsource": "OPENPKG", + "url": "http://www.securityfocus.com/archive/1/448953/100/0/threaded" + }, + { + "name": "1519", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1519" + }, + { + "name": "TLSA-2006-38", + "refsource": "TURBO", + "url": "http://www.turbolinux.com/security/2006/TLSA-2006-38.txt" + }, + { + "name": "USN-362-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-362-1" + }, + { + "name": "20060913 Re: PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore()", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445882/100/0/threaded" + }, + { + "name": "HPSBTU02232", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137" + }, + { + "name": "SSRT071429", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137" + }, + { + "name": "ADV-2007-2374", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2374" + }, + { + "name": "25423", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25423" + }, + { + "name": "22282", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22282" + }, + { + "name": "19933", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19933" + }, + { + "name": "php-inirestore-security-bypass(28853)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28853" + }, + { + "name": "HPSBMA02215", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506" + }, + { + "name": "SUSE-SA:2006:059", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2006-Oct/0002.html" + }, + { + "name": "MDKSA-2006:185", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:185" + }, + { + "name": "22331", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22331" + }, + { + "name": "25850", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25850" + }, + { + "name": "20060909 PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore()", + "refsource": "SREASONRES", + "url": "http://securityreason.com/achievement_securityalert/42" + }, + { + "name": "22424", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22424" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4679.json b/2006/4xxx/CVE-2006-4679.json index f48cd1e3ec8..cf7b045016e 100644 --- a/2006/4xxx/CVE-2006-4679.json +++ b/2006/4xxx/CVE-2006-4679.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4679", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DokuWiki before 2006-03-09c enables the debug feature by default, which allows remote attackers to obtain sensitive information by calling doku.php with the X-DOKUWIKI-DO HTTP header set to \"debug\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4679", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060907 DokuWiki <= 2006-03-09brel /bin/dwpage.php remote commands execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445516/100/0/threaded" - }, - { - "name" : "http://retrogod.altervista.org/dokuwiki_2006-03-09b_cmd.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/dokuwiki_2006-03-09b_cmd.html" - }, - { - "name" : "GLSA-200609-10", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200609-10.xml" - }, - { - "name" : "21936", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21936" - }, - { - "name" : "1537", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1537" - }, - { - "name" : "dokuwiki-doku-information-disclosure(28819)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28819" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DokuWiki before 2006-03-09c enables the debug feature by default, which allows remote attackers to obtain sensitive information by calling doku.php with the X-DOKUWIKI-DO HTTP header set to \"debug\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://retrogod.altervista.org/dokuwiki_2006-03-09b_cmd.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/dokuwiki_2006-03-09b_cmd.html" + }, + { + "name": "1537", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1537" + }, + { + "name": "dokuwiki-doku-information-disclosure(28819)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28819" + }, + { + "name": "GLSA-200609-10", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200609-10.xml" + }, + { + "name": "21936", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21936" + }, + { + "name": "20060907 DokuWiki <= 2006-03-09brel /bin/dwpage.php remote commands execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445516/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6858.json b/2006/6xxx/CVE-2006-6858.json index fcdaf89757a..0e6247b85b2 100644 --- a/2006/6xxx/CVE-2006-6858.json +++ b/2006/6xxx/CVE-2006-6858.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6858", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Miredo 0.9.8 through 1.0.5 does not properly authenticate a Teredo bubble during UDP hole punching with HMAC-MD5-64 hashing, which allows remote attackers to impersonate an arbitrary Teredo client." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6858", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.simphalempin.com/dev/miredo/mtfl-sa-0604.shtml.en", - "refsource" : "CONFIRM", - "url" : "http://www.simphalempin.com/dev/miredo/mtfl-sa-0604.shtml.en" - }, - { - "name" : "ADV-2007-0029", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0029" - }, - { - "name" : "23596", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23596" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Miredo 0.9.8 through 1.0.5 does not properly authenticate a Teredo bubble during UDP hole punching with HMAC-MD5-64 hashing, which allows remote attackers to impersonate an arbitrary Teredo client." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.simphalempin.com/dev/miredo/mtfl-sa-0604.shtml.en", + "refsource": "CONFIRM", + "url": "http://www.simphalempin.com/dev/miredo/mtfl-sa-0604.shtml.en" + }, + { + "name": "ADV-2007-0029", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0029" + }, + { + "name": "23596", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23596" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7230.json b/2006/7xxx/CVE-2006-7230.json index e3de816e1f6..d5577c4eeed 100644 --- a/2006/7xxx/CVE-2006-7230.json +++ b/2006/7xxx/CVE-2006-7230.json @@ -1,197 +1,197 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7230", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service (PCRE or glibc crash) via crafted regular expressions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-7230", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=384801", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=384801" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=198976", - "refsource" : "MISC", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=198976" - }, - { - "name" : "http://www.pcre.org/changelog.txt", - "refsource" : "CONFIRM", - "url" : "http://www.pcre.org/changelog.txt" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm" - }, - { - "name" : "DSA-1570", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1570" - }, - { - "name" : "GLSA-200711-30", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200711-30.xml" - }, - { - "name" : "GLSA-200801-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200801-02.xml" - }, - { - "name" : "GLSA-200801-18", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200801-18.xml" - }, - { - "name" : "GLSA-200801-19", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200801-19.xml" - }, - { - "name" : "GLSA-200805-11", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200805-11.xml" - }, - { - "name" : "MDVSA-2008:030", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:030" - }, - { - "name" : "RHSA-2007:1059", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-1059.html" - }, - { - "name" : "RHSA-2007:1068", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-1068.html" - }, - { - "name" : "SUSE-SA:2007:062", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_62_pcre.html" - }, - { - "name" : "SUSE-SA:2008:004", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html" - }, - { - "name" : "26550", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26550" - }, - { - "name" : "oval:org.mitre.oval:def:10911", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10911" - }, - { - "name" : "27741", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27741" - }, - { - "name" : "27773", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27773" - }, - { - "name" : "28041", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28041" - }, - { - "name" : "28406", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28406" - }, - { - "name" : "28414", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28414" - }, - { - "name" : "28658", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28658" - }, - { - "name" : "28714", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28714" - }, - { - "name" : "28720", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28720" - }, - { - "name" : "30155", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30155" - }, - { - "name" : "30219", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30219" - }, - { - "name" : "30106", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30106" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service (PCRE or glibc crash) via crafted regular expressions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30219", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30219" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=384801", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=384801" + }, + { + "name": "GLSA-200711-30", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200711-30.xml" + }, + { + "name": "MDVSA-2008:030", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:030" + }, + { + "name": "DSA-1570", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1570" + }, + { + "name": "SUSE-SA:2008:004", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html" + }, + { + "name": "28658", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28658" + }, + { + "name": "27773", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27773" + }, + { + "name": "28406", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28406" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm" + }, + { + "name": "RHSA-2007:1068", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-1068.html" + }, + { + "name": "GLSA-200805-11", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200805-11.xml" + }, + { + "name": "oval:org.mitre.oval:def:10911", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10911" + }, + { + "name": "RHSA-2007:1059", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-1059.html" + }, + { + "name": "26550", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26550" + }, + { + "name": "28041", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28041" + }, + { + "name": "27741", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27741" + }, + { + "name": "SUSE-SA:2007:062", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html" + }, + { + "name": "http://www.pcre.org/changelog.txt", + "refsource": "CONFIRM", + "url": "http://www.pcre.org/changelog.txt" + }, + { + "name": "30155", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30155" + }, + { + "name": "28720", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28720" + }, + { + "name": "GLSA-200801-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200801-02.xml" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=198976", + "refsource": "MISC", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=198976" + }, + { + "name": "GLSA-200801-19", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200801-19.xml" + }, + { + "name": "GLSA-200801-18", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200801-18.xml" + }, + { + "name": "28414", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28414" + }, + { + "name": "30106", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30106" + }, + { + "name": "28714", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28714" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2028.json b/2010/2xxx/CVE-2010-2028.json index f8ac63fa5cc..c4fce77b679 100644 --- a/2010/2xxx/CVE-2010-2028.json +++ b/2010/2xxx/CVE-2010-2028.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2028", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in k23productions TFTPUtil GUI (aka TFTPGUI) 1.4.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long transport mode." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2028", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "12482", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12482" - }, - { - "name" : "12530", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12530" - }, - { - "name" : "39872", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39872" - }, - { - "name" : "tftpgui-mode-bo(58283)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58283" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in k23productions TFTPUtil GUI (aka TFTPGUI) 1.4.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long transport mode." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39872", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39872" + }, + { + "name": "12482", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12482" + }, + { + "name": "tftpgui-mode-bo(58283)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58283" + }, + { + "name": "12530", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12530" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2298.json b/2010/2xxx/CVE-2010-2298.json index 434c975dbb2..5800694fd42 100644 --- a/2010/2xxx/CVE-2010-2298.json +++ b/2010/2xxx/CVE-2010-2298.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2298", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "browser/renderer_host/database_dispatcher_host.cc in Google Chrome before 5.0.375.70 on Linux does not properly handle ViewHostMsg_DatabaseOpenFile messages in chroot-based sandboxing, which allows remote attackers to bypass intended sandbox restrictions via vectors involving fchdir and chdir calls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2298", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=43304", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=43304" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html" - }, - { - "name" : "oval:org.mitre.oval:def:14154", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14154" - }, - { - "name" : "40072", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40072" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "browser/renderer_host/database_dispatcher_host.cc in Google Chrome before 5.0.375.70 on Linux does not properly handle ViewHostMsg_DatabaseOpenFile messages in chroot-based sandboxing, which allows remote attackers to bypass intended sandbox restrictions via vectors involving fchdir and chdir calls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40072", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40072" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=43304", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=43304" + }, + { + "name": "oval:org.mitre.oval:def:14154", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14154" + }, + { + "name": "http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2537.json b/2010/2xxx/CVE-2010-2537.json index 3efc48eb44b..2c101cf3b86 100644 --- a/2010/2xxx/CVE-2010-2537.json +++ b/2010/2xxx/CVE-2010-2537.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2537", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a (1) BTRFS_IOC_CLONE or (2) BTRFS_IOC_CLONE_RANGE ioctl call that specifies this file as a donor." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2537", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100721 CVE request: kernel: btrfs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/07/21/4" - }, - { - "name" : "[oss-security] 20100721 Re: CVE request: kernel: btrfs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/07/21/10" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2ebc3464781ad24474abcbd2274e6254689853b5", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2ebc3464781ad24474abcbd2274e6254689853b5" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=616998", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=616998" - }, - { - "name" : "SUSE-SA:2010:040", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html" - }, - { - "name" : "USN-1041-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1041-1" - }, - { - "name" : "41847", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41847" - }, - { - "name" : "42758", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42758" - }, - { - "name" : "ADV-2011-0070", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0070" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a (1) BTRFS_IOC_CLONE or (2) BTRFS_IOC_CLONE_RANGE ioctl call that specifies this file as a donor." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1041-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1041-1" + }, + { + "name": "[oss-security] 20100721 Re: CVE request: kernel: btrfs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/07/21/10" + }, + { + "name": "SUSE-SA:2010:040", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35" + }, + { + "name": "42758", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42758" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=616998", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=616998" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2ebc3464781ad24474abcbd2274e6254689853b5", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2ebc3464781ad24474abcbd2274e6254689853b5" + }, + { + "name": "ADV-2011-0070", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0070" + }, + { + "name": "[oss-security] 20100721 CVE request: kernel: btrfs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/07/21/4" + }, + { + "name": "41847", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41847" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2766.json b/2010/2xxx/CVE-2010-2766.json index cd5d9ce6db8..c3a6c1e47c1 100644 --- a/2010/2xxx/CVE-2010-2766.json +++ b/2010/2xxx/CVE-2010-2766.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2766", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes during normalization, which might allow remote attackers to execute arbitrary code via vectors involving access to a deleted object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2766", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-176/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-176/" - }, - { - "name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-57.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-57.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=580445", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=580445" - }, - { - "name" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", - "refsource" : "CONFIRM", - "url" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100112690", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100112690" - }, - { - "name" : "DSA-2106", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2106" - }, - { - "name" : "FEDORA-2010-14362", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html" - }, - { - "name" : "MDVSA-2010:173", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:173" - }, - { - "name" : "SUSE-SA:2010:049", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html" - }, - { - "name" : "43100", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43100" - }, - { - "name" : "oval:org.mitre.oval:def:11778", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11778" - }, - { - "name" : "42867", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42867" - }, - { - "name" : "ADV-2010-2323", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2323" - }, - { - "name" : "ADV-2011-0061", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0061" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes during normalization, which might allow remote attackers to execute arbitrary code via vectors involving access to a deleted object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-176/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-176/" + }, + { + "name": "SUSE-SA:2010:049", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=580445", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=580445" + }, + { + "name": "43100", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43100" + }, + { + "name": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", + "refsource": "CONFIRM", + "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox" + }, + { + "name": "FEDORA-2010-14362", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100112690", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100112690" + }, + { + "name": "42867", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42867" + }, + { + "name": "ADV-2011-0061", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0061" + }, + { + "name": "oval:org.mitre.oval:def:11778", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11778" + }, + { + "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-57.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-57.html" + }, + { + "name": "MDVSA-2010:173", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:173" + }, + { + "name": "ADV-2010-2323", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2323" + }, + { + "name": "DSA-2106", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2106" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2769.json b/2010/2xxx/CVE-2010-2769.json index 58d5ee9e087..f7414d35468 100644 --- a/2010/2xxx/CVE-2010-2769.json +++ b/2010/2xxx/CVE-2010-2769.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2769", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allows user-assisted remote attackers to inject arbitrary web script or HTML via a selection that is added to a document in which the designMode property is enabled." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2769", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-62.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-62.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=520189", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=520189" - }, - { - "name" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", - "refsource" : "CONFIRM", - "url" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100112690", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100112690" - }, - { - "name" : "DSA-2106", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2106" - }, - { - "name" : "FEDORA-2010-14362", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html" - }, - { - "name" : "MDVSA-2010:173", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:173" - }, - { - "name" : "SUSE-SA:2010:049", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html" - }, - { - "name" : "43106", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43106" - }, - { - "name" : "oval:org.mitre.oval:def:12192", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12192" - }, - { - "name" : "42867", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42867" - }, - { - "name" : "ADV-2010-2323", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2323" - }, - { - "name" : "ADV-2011-0061", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0061" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allows user-assisted remote attackers to inject arbitrary web script or HTML via a selection that is added to a document in which the designMode property is enabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-62.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-62.html" + }, + { + "name": "SUSE-SA:2010:049", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html" + }, + { + "name": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", + "refsource": "CONFIRM", + "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox" + }, + { + "name": "FEDORA-2010-14362", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100112690", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100112690" + }, + { + "name": "43106", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43106" + }, + { + "name": "42867", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42867" + }, + { + "name": "ADV-2011-0061", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0061" + }, + { + "name": "MDVSA-2010:173", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:173" + }, + { + "name": "oval:org.mitre.oval:def:12192", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12192" + }, + { + "name": "ADV-2010-2323", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2323" + }, + { + "name": "DSA-2106", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2106" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=520189", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=520189" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2886.json b/2010/2xxx/CVE-2010-2886.json index 51065be6d92..122bf7e502e 100644 --- a/2010/2xxx/CVE-2010-2886.json +++ b/2010/2xxx/CVE-2010-2886.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2886", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Adobe RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-2886", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-23.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-23.html" - }, - { - "name" : "1024611", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024611" - }, - { - "name" : "41870", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41870" - }, - { - "name" : "ADV-2010-2718", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2718" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Adobe RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-2718", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2718" + }, + { + "name": "41870", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41870" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-23.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-23.html" + }, + { + "name": "1024611", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024611" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3606.json b/2010/3xxx/CVE-2010-3606.json index a6b3f3a77ab..c54c9b1e461 100644 --- a/2010/3xxx/CVE-2010-3606.json +++ b/2010/3xxx/CVE-2010-3606.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3606", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in AGENTS/index.php in NetArt MEDIA Real Estate Portal 2.0 allow remote emote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) folder and (2) action parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3606", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels-team.blogspot.com/2010/09/netartmedia-real-estate-portal-v20-xss.html", - "refsource" : "MISC", - "url" : "http://pridels-team.blogspot.com/2010/09/netartmedia-real-estate-portal-v20-xss.html" - }, - { - "name" : "43266", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43266" - }, - { - "name" : "68062", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/68062" - }, - { - "name" : "41377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41377" - }, - { - "name" : "realestateportal-index-file-include(61867)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61867" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in AGENTS/index.php in NetArt MEDIA Real Estate Portal 2.0 allow remote emote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) folder and (2) action parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "68062", + "refsource": "OSVDB", + "url": "http://osvdb.org/68062" + }, + { + "name": "http://pridels-team.blogspot.com/2010/09/netartmedia-real-estate-portal-v20-xss.html", + "refsource": "MISC", + "url": "http://pridels-team.blogspot.com/2010/09/netartmedia-real-estate-portal-v20-xss.html" + }, + { + "name": "43266", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43266" + }, + { + "name": "41377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41377" + }, + { + "name": "realestateportal-index-file-include(61867)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61867" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3820.json b/2010/3xxx/CVE-2010-3820.json index 3ef2586184f..05a8fefcb27 100644 --- a/2010/3xxx/CVE-2010-3820.json +++ b/2010/3xxx/CVE-2010-3820.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3820", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses uninitialized memory during processing of editable elements, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-3820", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4455", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4455" - }, - { - "name" : "http://support.apple.com/kb/HT4456", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4456" - }, - { - "name" : "APPLE-SA-2010-11-18-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html" - }, - { - "name" : "APPLE-SA-2010-11-22-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "oval:org.mitre.oval:def:11972", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11972" - }, - { - "name" : "42314", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42314" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2010-3046", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3046" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses uninitialized memory during processing of editable elements, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "http://support.apple.com/kb/HT4455", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4455" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "ADV-2010-3046", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3046" + }, + { + "name": "oval:org.mitre.oval:def:11972", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11972" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "APPLE-SA-2010-11-18-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html" + }, + { + "name": "42314", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42314" + }, + { + "name": "http://support.apple.com/kb/HT4456", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4456" + }, + { + "name": "APPLE-SA-2010-11-22-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3971.json b/2010/3xxx/CVE-2010-3971.json index cd368eec6ac..6a338449cb3 100644 --- a/2010/3xxx/CVE-2010-3971.json +++ b/2010/3xxx/CVE-2010-3971.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3971", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka \"CSS Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-3971", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15708", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15708" - }, - { - "name" : "15746", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15746" - }, - { - "name" : "20101208 IE CSS parser dos bug", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2010/Dec/110" - }, - { - "name" : "http://www.breakingpointsystems.com/community/blog/ie-vulnerability/", - "refsource" : "MISC", - "url" : "http://www.breakingpointsystems.com/community/blog/ie-vulnerability/" - }, - { - "name" : "http://www.wooyun.org/bugs/wooyun-2010-0885", - "refsource" : "MISC", - "url" : "http://www.wooyun.org/bugs/wooyun-2010-0885" - }, - { - "name" : "http://www.microsoft.com/technet/security/advisory/2488013.mspx", - "refsource" : "MISC", - "url" : "http://www.microsoft.com/technet/security/advisory/2488013.mspx" - }, - { - "name" : "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx", - "refsource" : "MISC", - "url" : "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100127294", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100127294" - }, - { - "name" : "MS11-003", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-003" - }, - { - "name" : "VU#634956", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/634956" - }, - { - "name" : "45246", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45246" - }, - { - "name" : "oval:org.mitre.oval:def:12382", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12382" - }, - { - "name" : "1024922", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024922" - }, - { - "name" : "42510", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42510" - }, - { - "name" : "ADV-2010-3156", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3156" - }, - { - "name" : "ADV-2011-0318", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka \"CSS Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#634956", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/634956" + }, + { + "name": "http://www.microsoft.com/technet/security/advisory/2488013.mspx", + "refsource": "MISC", + "url": "http://www.microsoft.com/technet/security/advisory/2488013.mspx" + }, + { + "name": "15746", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15746" + }, + { + "name": "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx", + "refsource": "MISC", + "url": "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx" + }, + { + "name": "http://www.breakingpointsystems.com/community/blog/ie-vulnerability/", + "refsource": "MISC", + "url": "http://www.breakingpointsystems.com/community/blog/ie-vulnerability/" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100127294", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100127294" + }, + { + "name": "ADV-2011-0318", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0318" + }, + { + "name": "15708", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15708" + }, + { + "name": "ADV-2010-3156", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3156" + }, + { + "name": "MS11-003", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-003" + }, + { + "name": "1024922", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024922" + }, + { + "name": "http://www.wooyun.org/bugs/wooyun-2010-0885", + "refsource": "MISC", + "url": "http://www.wooyun.org/bugs/wooyun-2010-0885" + }, + { + "name": "20101208 IE CSS parser dos bug", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2010/Dec/110" + }, + { + "name": "45246", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45246" + }, + { + "name": "oval:org.mitre.oval:def:12382", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12382" + }, + { + "name": "42510", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42510" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0039.json b/2011/0xxx/CVE-2011-0039.json index c5bbdb40a17..aefffcd6629 100644 --- a/2011/0xxx/CVE-2011-0039.json +++ b/2011/0xxx/CVE-2011-0039.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0039", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka \"LSASS Length Validation Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-0039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-014", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-014" - }, - { - "name" : "46152", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46152" - }, - { - "name" : "oval:org.mitre.oval:def:12537", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12537" - }, - { - "name" : "1025049", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025049" - }, - { - "name" : "43253", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43253" - }, - { - "name" : "ADV-2011-0327", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0327" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka \"LSASS Length Validation Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46152", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46152" + }, + { + "name": "43253", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43253" + }, + { + "name": "ADV-2011-0327", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0327" + }, + { + "name": "MS11-014", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-014" + }, + { + "name": "1025049", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025049" + }, + { + "name": "oval:org.mitre.oval:def:12537", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12537" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0848.json b/2011/0xxx/CVE-2011-0848.json index 24177b74be2..2739d62cda4 100644 --- a/2011/0xxx/CVE-2011-0848.json +++ b/2011/0xxx/CVE-2011-0848.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0848", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Security Framework component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to User Model." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-0848", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" - }, - { - "name" : "TA11-201A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Security Framework component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to User Model." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA11-201A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1229.json b/2011/1xxx/CVE-2011-1229.json index 7faf09447e4..8ef1c221b19 100644 --- a/2011/1xxx/CVE-2011-1229.json +++ b/2011/1xxx/CVE-2011-1229.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1229", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other \"Vulnerability Type 2\" CVEs listed in MS11-034, aka \"Win32k Null Pointer De-reference Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1229", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx", - "refsource" : "MISC", - "url" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100133352", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100133352" - }, - { - "name" : "MS11-034", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034" - }, - { - "name" : "TA11-102A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" - }, - { - "name" : "47229", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47229" - }, - { - "name" : "71735", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/71735" - }, - { - "name" : "oval:org.mitre.oval:def:12503", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12503" - }, - { - "name" : "1025345", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025345" - }, - { - "name" : "44156", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44156" - }, - { - "name" : "ADV-2011-0952", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0952" - }, - { - "name" : "mswin-win32k-var17-priv-escalation(66411)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66411" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other \"Vulnerability Type 2\" CVEs listed in MS11-034, aka \"Win32k Null Pointer De-reference Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47229", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47229" + }, + { + "name": "TA11-102A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" + }, + { + "name": "mswin-win32k-var17-priv-escalation(66411)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66411" + }, + { + "name": "MS11-034", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034" + }, + { + "name": "ADV-2011-0952", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0952" + }, + { + "name": "oval:org.mitre.oval:def:12503", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12503" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100133352", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100133352" + }, + { + "name": "44156", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44156" + }, + { + "name": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx", + "refsource": "MISC", + "url": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx" + }, + { + "name": "1025345", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025345" + }, + { + "name": "71735", + "refsource": "OSVDB", + "url": "http://osvdb.org/71735" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1822.json b/2011/1xxx/CVE-2011-1822.json index 2d878e81a1b..24538086489 100644 --- a/2011/1xxx/CVE-2011-1822.json +++ b/2011/1xxx/CVE-2011-1822.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1822", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The LDAP_ADD implementation in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0009 stores a cleartext SHA password in the change log, which might allow local users to obtain sensitive information by reading this log." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1822", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg24029663", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg24029663" - }, - { - "name" : "IO11882", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg1IO11882" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The LDAP_ADD implementation in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0009 stores a cleartext SHA password in the change log, which might allow local users to obtain sensitive information by reading this log." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IO11882", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=swg1IO11882" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg24029663", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg24029663" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1958.json b/2011/1xxx/CVE-2011-1958.json index 097115a4aa6..850c7f23783 100644 --- a/2011/1xxx/CVE-2011-1958.json +++ b/2011/1xxx/CVE-2011-1958.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1958", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Diameter dictionary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1958", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110531 CVE request for Wireshark 1.4.6/1.2.16 Multiple DoS issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/05/31/20" - }, - { - "name" : "[oss-security] 20110601 Re: CVE request for Wireshark 1.4.6/1.2.16 Multiple DoS issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/06/01/1" - }, - { - "name" : "[oss-security] 20110601 Re: CVE request for Wireshark 1.4.6/1.2.16 Multiple DoS issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/06/01/11" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2011-07.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2011-07.html" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2011-08.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2011-08.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=710184", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=710184" - }, - { - "name" : "DSA-2274", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2274" - }, - { - "name" : "FEDORA-2011-7821", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061290.html" - }, - { - "name" : "FEDORA-2011-7846", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061437.html" - }, - { - "name" : "FEDORA-2011-7858", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061477.html" - }, - { - "name" : "RHSA-2013:0125", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0125.html" - }, - { - "name" : "48066", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48066" - }, - { - "name" : "oval:org.mitre.oval:def:15045", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15045" - }, - { - "name" : "44449", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44449" - }, - { - "name" : "45149", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45149" - }, - { - "name" : "44958", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44958" - }, - { - "name" : "48947", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48947" - }, - { - "name" : "wireshark-diameter-dos(67791)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67791" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Diameter dictionary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44958", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44958" + }, + { + "name": "FEDORA-2011-7846", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061437.html" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2011-07.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2011-07.html" + }, + { + "name": "RHSA-2013:0125", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0125.html" + }, + { + "name": "48947", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48947" + }, + { + "name": "48066", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48066" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2011-08.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2011-08.html" + }, + { + "name": "wireshark-diameter-dos(67791)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67791" + }, + { + "name": "DSA-2274", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2274" + }, + { + "name": "44449", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44449" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=710184", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=710184" + }, + { + "name": "[oss-security] 20110601 Re: CVE request for Wireshark 1.4.6/1.2.16 Multiple DoS issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/06/01/11" + }, + { + "name": "oval:org.mitre.oval:def:15045", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15045" + }, + { + "name": "[oss-security] 20110601 Re: CVE request for Wireshark 1.4.6/1.2.16 Multiple DoS issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/06/01/1" + }, + { + "name": "FEDORA-2011-7821", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061290.html" + }, + { + "name": "[oss-security] 20110531 CVE request for Wireshark 1.4.6/1.2.16 Multiple DoS issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/05/31/20" + }, + { + "name": "FEDORA-2011-7858", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061477.html" + }, + { + "name": "45149", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45149" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5047.json b/2011/5xxx/CVE-2011-5047.json index be65114a5c1..53e9c0263a5 100644 --- a/2011/5xxx/CVE-2011-5047.json +++ b/2011/5xxx/CVE-2011-5047.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5047", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in status_rrd_graph.php in pfSense before 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the style parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5047", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.pfsense.org/?p=633", - "refsource" : "MISC", - "url" : "http://blog.pfsense.org/?p=633" - }, - { - "name" : "51169", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51169" - }, - { - "name" : "77981", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/77981" - }, - { - "name" : "46780", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46780" - }, - { - "name" : "pfsense-style-xss(72090)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72090" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in status_rrd_graph.php in pfSense before 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the style parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51169", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51169" + }, + { + "name": "77981", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/77981" + }, + { + "name": "pfsense-style-xss(72090)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72090" + }, + { + "name": "http://blog.pfsense.org/?p=633", + "refsource": "MISC", + "url": "http://blog.pfsense.org/?p=633" + }, + { + "name": "46780", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46780" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3142.json b/2014/3xxx/CVE-2014-3142.json index aae62276cc3..1fd3efbc841 100644 --- a/2014/3xxx/CVE-2014-3142.json +++ b/2014/3xxx/CVE-2014-3142.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3142", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3142", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3182.json b/2014/3xxx/CVE-2014-3182.json index 8bb8c15a0dc..1ee0c3f4300 100644 --- a/2014/3xxx/CVE-2014-3182.json +++ b/2014/3xxx/CVE-2014-3182.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3182", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Array index error in the logi_dj_raw_event function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (invalid kfree) via a crafted device that provides a malformed REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-3182", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140911 Multiple Linux USB driver CVE assignment", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/09/11/21" - }, - { - "name" : "https://code.google.com/p/google-security-research/issues/detail?id=89", - "refsource" : "MISC", - "url" : "https://code.google.com/p/google-security-research/issues/detail?id=89" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ad3e14d7c5268c2e24477c6ef54bbdf88add5d36", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ad3e14d7c5268c2e24477c6ef54bbdf88add5d36" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.2", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1141210", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1141210" - }, - { - "name" : "https://github.com/torvalds/linux/commit/ad3e14d7c5268c2e24477c6ef54bbdf88add5d36", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/ad3e14d7c5268c2e24477c6ef54bbdf88add5d36" - }, - { - "name" : "RHSA-2014:1318", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1318.html" - }, - { - "name" : "69770", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69770" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Array index error in the logi_dj_raw_event function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (invalid kfree) via a crafted device that provides a malformed REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:1318", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1318.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/ad3e14d7c5268c2e24477c6ef54bbdf88add5d36", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/ad3e14d7c5268c2e24477c6ef54bbdf88add5d36" + }, + { + "name": "69770", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69770" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ad3e14d7c5268c2e24477c6ef54bbdf88add5d36", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ad3e14d7c5268c2e24477c6ef54bbdf88add5d36" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.2", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.2" + }, + { + "name": "[oss-security] 20140911 Multiple Linux USB driver CVE assignment", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/09/11/21" + }, + { + "name": "https://code.google.com/p/google-security-research/issues/detail?id=89", + "refsource": "MISC", + "url": "https://code.google.com/p/google-security-research/issues/detail?id=89" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1141210", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1141210" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3490.json b/2014/3xxx/CVE-2014-3490.json index df6cdc04af8..3cddbeb2203 100644 --- a/2014/3xxx/CVE-2014-3490.json +++ b/2014/3xxx/CVE-2014-3490.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3490", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0818." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3490", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ronsigal/Resteasy/commit/9b7d0f574cafdcf3bea5428f3145ab4908fc6d83", - "refsource" : "MISC", - "url" : "https://github.com/ronsigal/Resteasy/commit/9b7d0f574cafdcf3bea5428f3145ab4908fc6d83" - }, - { - "name" : "https://github.com/resteasy/Resteasy/pull/521", - "refsource" : "CONFIRM", - "url" : "https://github.com/resteasy/Resteasy/pull/521" - }, - { - "name" : "https://github.com/resteasy/Resteasy/pull/533", - "refsource" : "CONFIRM", - "url" : "https://github.com/resteasy/Resteasy/pull/533" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "RHSA-2014:1011", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1011.html" - }, - { - "name" : "RHSA-2014:1039", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1039.html" - }, - { - "name" : "RHSA-2014:1040", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1040.html" - }, - { - "name" : "RHSA-2014:1298", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1298.html" - }, - { - "name" : "RHSA-2015:0125", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0125.html" - }, - { - "name" : "RHSA-2015:0675", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0675.html" - }, - { - "name" : "RHSA-2015:0720", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0720.html" - }, - { - "name" : "RHSA-2015:0765", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0765.html" - }, - { - "name" : "69058", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69058" - }, - { - "name" : "60019", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60019" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0818." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ronsigal/Resteasy/commit/9b7d0f574cafdcf3bea5428f3145ab4908fc6d83", + "refsource": "MISC", + "url": "https://github.com/ronsigal/Resteasy/commit/9b7d0f574cafdcf3bea5428f3145ab4908fc6d83" + }, + { + "name": "RHSA-2015:0765", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html" + }, + { + "name": "RHSA-2015:0675", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html" + }, + { + "name": "60019", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60019" + }, + { + "name": "RHSA-2015:0720", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html" + }, + { + "name": "https://github.com/resteasy/Resteasy/pull/521", + "refsource": "CONFIRM", + "url": "https://github.com/resteasy/Resteasy/pull/521" + }, + { + "name": "https://github.com/resteasy/Resteasy/pull/533", + "refsource": "CONFIRM", + "url": "https://github.com/resteasy/Resteasy/pull/533" + }, + { + "name": "RHSA-2014:1039", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1039.html" + }, + { + "name": "69058", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69058" + }, + { + "name": "RHSA-2015:0125", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0125.html" + }, + { + "name": "RHSA-2014:1040", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1040.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "RHSA-2014:1011", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1011.html" + }, + { + "name": "RHSA-2014:1298", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1298.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3604.json b/2014/3xxx/CVE-2014-3604.json index e135b5072e3..9230fa4f3f8 100644 --- a/2014/3xxx/CVE-2014-3604.json +++ b/2014/3xxx/CVE-2014-3604.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3604", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3604", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1131803", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1131803" - }, - { - "name" : "https://github.com/victims/victims-cve-db/blob/master/database/java/2014/3604.yaml", - "refsource" : "MISC", - "url" : "https://github.com/victims/victims-cve-db/blob/master/database/java/2014/3604.yaml" - }, - { - "name" : "http://juliusdavies.ca/svn/viewvc.cgi/not-yet-commons-ssl?view=rev&revision=172", - "refsource" : "CONFIRM", - "url" : "http://juliusdavies.ca/svn/viewvc.cgi/not-yet-commons-ssl?view=rev&revision=172" - }, - { - "name" : "RHSA-2015:1888", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1888.html" - }, - { - "name" : "notyetcommons-cve20143604-sec-bypass(97659)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97659" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://juliusdavies.ca/svn/viewvc.cgi/not-yet-commons-ssl?view=rev&revision=172", + "refsource": "CONFIRM", + "url": "http://juliusdavies.ca/svn/viewvc.cgi/not-yet-commons-ssl?view=rev&revision=172" + }, + { + "name": "notyetcommons-cve20143604-sec-bypass(97659)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97659" + }, + { + "name": "RHSA-2015:1888", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1888.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1131803", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1131803" + }, + { + "name": "https://github.com/victims/victims-cve-db/blob/master/database/java/2014/3604.yaml", + "refsource": "MISC", + "url": "https://github.com/victims/victims-cve-db/blob/master/database/java/2014/3604.yaml" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6020.json b/2014/6xxx/CVE-2014-6020.json index 53ace04440a..a9b605b221d 100644 --- a/2014/6xxx/CVE-2014-6020.json +++ b/2014/6xxx/CVE-2014-6020.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6020", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Fuel Rewards Network (aka com.excentus.frn) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6020", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#202601", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/202601" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Fuel Rewards Network (aka com.excentus.frn) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#202601", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/202601" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6943.json b/2014/6xxx/CVE-2014-6943.json index 64239efb0b4..dd2f1d0df7a 100644 --- a/2014/6xxx/CVE-2014-6943.json +++ b/2014/6xxx/CVE-2014-6943.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6943", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Konigsleiten (aka com.knigsleiten) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6943", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#383441", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/383441" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Konigsleiten (aka com.knigsleiten) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#383441", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/383441" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7169.json b/2014/7xxx/CVE-2014-7169.json index 080e8ee337d..adfa2f372a0 100644 --- a/2014/7xxx/CVE-2014-7169.json +++ b/2014/7xxx/CVE-2014-7169.json @@ -1,882 +1,882 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7169", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141001 NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/533593/100/0/threaded" - }, - { - "name" : "34879", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/34879/" - }, - { - "name" : "20141001 FW: NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Oct/0" - }, - { - "name" : "[oss-security] 20140924 Re: CVE-2014-6271: remote code execution through bash", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/09/24/32" - }, - { - "name" : "http://twitter.com/taviso/statuses/514887394294652929", - "refsource" : "MISC", - "url" : "http://twitter.com/taviso/statuses/514887394294652929" - }, - { - "name" : "http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html", - "refsource" : "MISC", - "url" : "http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html" - }, - { - "name" : "http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html" - }, - { - "name" : "http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html" - }, - { - "name" : "http://support.novell.com/security/cve/CVE-2014-7169.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/security/cve/CVE-2014-7169.html" - }, - { - "name" : "https://www.suse.com/support/shellshock/", - "refsource" : "CONFIRM", - "url" : "https://www.suse.com/support/shellshock/" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-1306.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-1306.html" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-3075.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-3075.html" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-3077.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-3077.html" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-3078.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-3078.html" - }, - { - "name" : "http://support.apple.com/kb/HT6495", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6495" - }, - { - "name" : "http://www.novell.com/support/kb/doc.php?id=7015701", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/kb/doc.php?id=7015701" - }, - { - "name" : "https://kb.bluecoat.com/index?page=content&id=SA82", - "refsource" : "CONFIRM", - "url" : "https://kb.bluecoat.com/index?page=content&id=SA82" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685749", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685749" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685914", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685914" - }, - { - "name" : "http://www.novell.com/support/kb/doc.php?id=7015721", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/kb/doc.php?id=7015721" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2014-0010.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2014-0010.html" - }, - { - "name" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648" - }, - { - "name" : "https://support.apple.com/kb/HT6535", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT6535" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686084", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686084" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685541", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685541" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685604", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685604" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685733", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685733" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686131", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686131" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686479", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686479" - }, - { - "name" : "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315", - "refsource" : "CONFIRM", - "url" : "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315" - }, - { - "name" : "https://support.citrix.com/article/CTX200217", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX200217" - }, - { - "name" : "https://support.citrix.com/article/CTX200223", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX200223" - }, - { - "name" : "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686246", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686246" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686445", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686445" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686494", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686494" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21687079", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21687079" - }, - { - "name" : "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts", - "refsource" : "CONFIRM", - "url" : "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts" - }, - { - "name" : "http://www.qnap.com/i/en/support/con_show.php?cid=61", - "refsource" : "CONFIRM", - "url" : "http://www.qnap.com/i/en/support/con_show.php?cid=61" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686447", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686447" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0393.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0393.html" - }, - { - "name" : "https://access.redhat.com/articles/1200223", - "refsource" : "CONFIRM", - "url" : "https://access.redhat.com/articles/1200223" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10085", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10085" - }, - { - "name" : "https://access.redhat.com/node/1200223", - "refsource" : "CONFIRM", - "url" : "https://access.redhat.com/node/1200223" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183" - }, - { - "name" : "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", - "refsource" : "CONFIRM", - "url" : "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes" - }, - { - "name" : "APPLE-SA-2014-10-16-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" - }, - { - "name" : "20140926 GNU Bash Environmental Variable Command Injection Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash" - }, - { - "name" : "DSA-3035", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3035" - }, - { - "name" : "HPSBGN03117", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141216207813411&w=2" - }, - { - "name" : "HPSBHF03119", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141216668515282&w=2" - }, - { - "name" : "HPSBHF03124", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141235957116749&w=2" - }, - { - "name" : "HPSBST03122", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141319209015420&w=2" - }, - { - "name" : "HPSBGN03138", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141330468527613&w=2" - }, - { - "name" : "HPSBHF03125", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141345648114150&w=2" - }, - { - "name" : "HPSBMU03133", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141330425327438&w=2" - }, - { - "name" : "HPSBGN03141", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141383304022067&w=2" - }, - { - "name" : "HPSBGN03142", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141383244821813&w=2" - }, - { - "name" : "HPSBHF03146", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141383353622268&w=2" - }, - { - "name" : "HPSBMU03143", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141383026420882&w=2" - }, - { - "name" : "HPSBMU03144", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141383081521087&w=2" - }, - { - "name" : "HPSBST03129", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141383196021590&w=2" - }, - { - "name" : "HPSBST03131", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141383138121313&w=2" - }, - { - "name" : "HPSBST03157", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141450491804793&w=2" - }, - { - "name" : "HPSBHF03145", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141383465822787&w=2" - }, - { - "name" : "HPSBMU03165", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141577137423233&w=2" - }, - { - "name" : "HPSBMU03182", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141585637922673&w=2" - }, - { - "name" : "HPSBST03154", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141577297623641&w=2" - }, - { - "name" : "HPSBST03155", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141576728022234&w=2" - }, - { - "name" : "HPSBST03181", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141577241923505&w=2" - }, - { - "name" : "HPSBST03148", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141694386919794&w=2" - }, - { - "name" : "HPSBMU03217", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141879528318582&w=2" - }, - { - "name" : "HPSBMU03245", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142358026505815&w=2" - }, - { - "name" : "HPSBMU03246", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142358078406056&w=2" - }, - { - "name" : "HPSBOV03228", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142113462216480&w=2" - }, - { - "name" : "SSRT101711", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142113462216480&w=2" - }, - { - "name" : "SSRT101742", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142358026505815&w=2" - }, - { - "name" : "SSRT101827", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141879528318582&w=2" - }, - { - "name" : "HPSBGN03233", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142118135300698&w=2" - }, - { - "name" : "SSRT101739", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142118135300698&w=2" - }, - { - "name" : "SSRT101868", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142118135300698&w=2" - }, - { - "name" : "HPSBMU03220", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142721162228379&w=2" - }, - { - "name" : "SSRT101819", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142721162228379&w=2" - }, - { - "name" : "HPSBST03195", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142805027510172&w=2" - }, - { - "name" : "MDVSA-2015:164", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:164" - }, - { - "name" : "RHSA-2014:1306", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1306.html" - }, - { - "name" : "RHSA-2014:1311", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1311.html" - }, - { - "name" : "RHSA-2014:1312", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1312.html" - }, - { - "name" : "RHSA-2014:1354", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1354.html" - }, - { - "name" : "SUSE-SU-2014:1247", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.html" - }, - { - "name" : "SUSE-SU-2014:1259", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00048.html" - }, - { - "name" : "openSUSE-SU-2014:1229", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.html" - }, - { - "name" : "openSUSE-SU-2014:1242", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.html" - }, - { - "name" : "openSUSE-SU-2014:1254", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html" - }, - { - "name" : "SUSE-SU-2014:1287", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html" - }, - { - "name" : "openSUSE-SU-2014:1308", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html" - }, - { - "name" : "openSUSE-SU-2014:1310", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html" - }, - { - "name" : "USN-2363-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2363-1" - }, - { - "name" : "USN-2363-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2363-2" - }, - { - "name" : "TA14-268A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA14-268A" - }, - { - "name" : "VU#252743", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/252743" - }, - { - "name" : "JVN#55667175", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN55667175/index.html" - }, - { - "name" : "JVNDB-2014-000126", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126" - }, - { - "name" : "59737", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59737" - }, - { - "name" : "61479", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61479" - }, - { - "name" : "61618", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61618" - }, - { - "name" : "61619", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61619" - }, - { - "name" : "61622", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61622" - }, - { - "name" : "61626", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61626" - }, - { - "name" : "61641", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61641" - }, - { - "name" : "61676", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61676" - }, - { - "name" : "61700", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61700" - }, - { - "name" : "59907", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59907" - }, - { - "name" : "61283", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61283" - }, - { - "name" : "61485", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61485" - }, - { - "name" : "61503", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61503" - }, - { - "name" : "61552", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61552" - }, - { - "name" : "61565", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61565" - }, - { - "name" : "61603", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61603" - }, - { - "name" : "61633", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61633" - }, - { - "name" : "61643", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61643" - }, - { - "name" : "61654", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61654" - }, - { - "name" : "61703", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61703" - }, - { - "name" : "61711", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61711" - }, - { - "name" : "61715", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61715" - }, - { - "name" : "60947", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60947" - }, - { - "name" : "61188", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61188" - }, - { - "name" : "58200", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58200" - }, - { - "name" : "60034", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60034" - }, - { - "name" : "60055", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60055" - }, - { - "name" : "60193", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60193" - }, - { - "name" : "60325", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60325" - }, - { - "name" : "61065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61065" - }, - { - "name" : "61128", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61128" - }, - { - "name" : "61129", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61129" - }, - { - "name" : "61287", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61287" - }, - { - "name" : "61312", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61312" - }, - { - "name" : "61313", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61313" - }, - { - "name" : "61328", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61328" - }, - { - "name" : "61442", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61442" - }, - { - "name" : "61471", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61471" - }, - { - "name" : "61550", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61550" - }, - { - "name" : "61780", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61780" - }, - { - "name" : "61816", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61816" - }, - { - "name" : "61855", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61855" - }, - { - "name" : "61857", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61857" - }, - { - "name" : "60024", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60024" - }, - { - "name" : "60063", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60063" - }, - { - "name" : "60044", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60044" - }, - { - "name" : "60433", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60433" - }, - { - "name" : "61291", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61291" - }, - { - "name" : "61873", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61873" - }, - { - "name" : "62312", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62312" - }, - { - "name" : "62343", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62343" - }, - { - "name" : "62228", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62228" - }, - { - "name" : "59272", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59272" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21685749", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685749" + }, + { + "name": "[oss-security] 20140924 Re: CVE-2014-6271: remote code execution through bash", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/09/24/32" + }, + { + "name": "HPSBMU03165", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141577137423233&w=2" + }, + { + "name": "HPSBHF03119", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141216668515282&w=2" + }, + { + "name": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts", + "refsource": "CONFIRM", + "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts" + }, + { + "name": "HPSBST03131", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141383138121313&w=2" + }, + { + "name": "SSRT101819", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142721162228379&w=2" + }, + { + "name": "20141001 NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/533593/100/0/threaded" + }, + { + "name": "HPSBMU03245", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142358026505815&w=2" + }, + { + "name": "openSUSE-SU-2014:1229", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686084", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686084" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686479", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686479" + }, + { + "name": "61188", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61188" + }, + { + "name": "JVN#55667175", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN55667175/index.html" + }, + { + "name": "61676", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61676" + }, + { + "name": "openSUSE-SU-2014:1254", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html" + }, + { + "name": "60433", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60433" + }, + { + "name": "HPSBMU03143", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141383026420882&w=2" + }, + { + "name": "HPSBMU03182", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141585637922673&w=2" + }, + { + "name": "RHSA-2014:1306", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1306.html" + }, + { + "name": "HPSBST03155", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141576728022234&w=2" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21685541", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685541" + }, + { + "name": "61715", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61715" + }, + { + "name": "USN-2363-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2363-2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html" + }, + { + "name": "61816", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61816" + }, + { + "name": "openSUSE-SU-2014:1310", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html" + }, + { + "name": "61442", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61442" + }, + { + "name": "HPSBMU03246", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142358078406056&w=2" + }, + { + "name": "HPSBST03195", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142805027510172&w=2" + }, + { + "name": "61283", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61283" + }, + { + "name": "SSRT101711", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142113462216480&w=2" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10085", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10085" + }, + { + "name": "openSUSE-SU-2014:1308", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html" + }, + { + "name": "61654", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61654" + }, + { + "name": "http://www.novell.com/support/kb/doc.php?id=7015701", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/kb/doc.php?id=7015701" + }, + { + "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315", + "refsource": "CONFIRM", + "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315" + }, + { + "name": "62312", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62312" + }, + { + "name": "59272", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59272" + }, + { + "name": "HPSBST03122", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141319209015420&w=2" + }, + { + "name": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html", + "refsource": "CONFIRM", + "url": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html" + }, + { + "name": "HPSBMU03217", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141879528318582&w=2" + }, + { + "name": "RHSA-2014:1312", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1312.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21685604", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685604" + }, + { + "name": "USN-2363-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2363-1" + }, + { + "name": "SSRT101868", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142118135300698&w=2" + }, + { + "name": "61703", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61703" + }, + { + "name": "http://support.apple.com/kb/HT6495", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6495" + }, + { + "name": "VU#252743", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/252743" + }, + { + "name": "61065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61065" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-3075.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-3075.html" + }, + { + "name": "HPSBST03129", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141383196021590&w=2" + }, + { + "name": "HPSBMU03144", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141383081521087&w=2" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686445", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686445" + }, + { + "name": "http://support.novell.com/security/cve/CVE-2014-7169.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/security/cve/CVE-2014-7169.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686131", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686131" + }, + { + "name": "JVNDB-2014-000126", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126" + }, + { + "name": "SSRT101827", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141879528318582&w=2" + }, + { + "name": "TA14-268A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA14-268A" + }, + { + "name": "61641", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61641" + }, + { + "name": "SUSE-SU-2014:1247", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.html" + }, + { + "name": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648" + }, + { + "name": "https://access.redhat.com/node/1200223", + "refsource": "CONFIRM", + "url": "https://access.redhat.com/node/1200223" + }, + { + "name": "SUSE-SU-2014:1287", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898" + }, + { + "name": "APPLE-SA-2014-10-16-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21685914", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685914" + }, + { + "name": "20141001 FW: NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Oct/0" + }, + { + "name": "MDVSA-2015:164", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:164" + }, + { + "name": "61619", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61619" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-3078.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-3078.html" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075" + }, + { + "name": "HPSBMU03220", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142721162228379&w=2" + }, + { + "name": "60325", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60325" + }, + { + "name": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", + "refsource": "CONFIRM", + "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes" + }, + { + "name": "60024", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60024" + }, + { + "name": "http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html" + }, + { + "name": "34879", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/34879/" + }, + { + "name": "61622", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61622" + }, + { + "name": "https://access.redhat.com/articles/1200223", + "refsource": "CONFIRM", + "url": "https://access.redhat.com/articles/1200223" + }, + { + "name": "62343", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62343" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0393.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0393.html" + }, + { + "name": "61565", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61565" + }, + { + "name": "https://www.suse.com/support/shellshock/", + "refsource": "CONFIRM", + "url": "https://www.suse.com/support/shellshock/" + }, + { + "name": "HPSBST03157", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141450491804793&w=2" + }, + { + "name": "61313", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61313" + }, + { + "name": "SSRT101742", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142358026505815&w=2" + }, + { + "name": "61873", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61873" + }, + { + "name": "61485", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61485" + }, + { + "name": "openSUSE-SU-2014:1242", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.html" + }, + { + "name": "61618", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61618" + }, + { + "name": "60947", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60947" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183" + }, + { + "name": "https://support.apple.com/kb/HT6535", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT6535" + }, + { + "name": "HPSBST03154", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141577297623641&w=2" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272" + }, + { + "name": "HPSBGN03142", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141383244821813&w=2" + }, + { + "name": "61312", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61312" + }, + { + "name": "60193", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60193" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2014-0010.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2014-0010.html" + }, + { + "name": "61479", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61479" + }, + { + "name": "60063", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60063" + }, + { + "name": "60034", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60034" + }, + { + "name": "HPSBMU03133", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141330425327438&w=2" + }, + { + "name": "http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html", + "refsource": "MISC", + "url": "http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html" + }, + { + "name": "59907", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59907" + }, + { + "name": "58200", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58200" + }, + { + "name": "HPSBST03181", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141577241923505&w=2" + }, + { + "name": "61643", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61643" + }, + { + "name": "http://twitter.com/taviso/statuses/514887394294652929", + "refsource": "MISC", + "url": "http://twitter.com/taviso/statuses/514887394294652929" + }, + { + "name": "http://www.novell.com/support/kb/doc.php?id=7015721", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/kb/doc.php?id=7015721" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21687079", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687079" + }, + { + "name": "61503", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61503" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686246", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686246" + }, + { + "name": "RHSA-2014:1354", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1354.html" + }, + { + "name": "HPSBGN03117", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141216207813411&w=2" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915" + }, + { + "name": "HPSBHF03145", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141383465822787&w=2" + }, + { + "name": "http://www.qnap.com/i/en/support/con_show.php?cid=61", + "refsource": "CONFIRM", + "url": "http://www.qnap.com/i/en/support/con_show.php?cid=61" + }, + { + "name": "HPSBST03148", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141694386919794&w=2" + }, + { + "name": "61552", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61552" + }, + { + "name": "61780", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61780" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279" + }, + { + "name": "https://support.citrix.com/article/CTX200223", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX200223" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-3077.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-3077.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686447", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686447" + }, + { + "name": "62228", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62228" + }, + { + "name": "HPSBGN03138", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141330468527613&w=2" + }, + { + "name": "61855", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61855" + }, + { + "name": "HPSBHF03124", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141235957116749&w=2" + }, + { + "name": "60044", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60044" + }, + { + "name": "61291", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61291" + }, + { + "name": "HPSBHF03125", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141345648114150&w=2" + }, + { + "name": "59737", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59737" + }, + { + "name": "61287", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61287" + }, + { + "name": "HPSBHF03146", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141383353622268&w=2" + }, + { + "name": "HPSBGN03233", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142118135300698&w=2" + }, + { + "name": "SSRT101739", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142118135300698&w=2" + }, + { + "name": "61711", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61711" + }, + { + "name": "HPSBOV03228", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142113462216480&w=2" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361" + }, + { + "name": "HPSBGN03141", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141383304022067&w=2" + }, + { + "name": "RHSA-2014:1311", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1311.html" + }, + { + "name": "61128", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61128" + }, + { + "name": "DSA-3035", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3035" + }, + { + "name": "https://support.citrix.com/article/CTX200217", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX200217" + }, + { + "name": "61471", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61471" + }, + { + "name": "60055", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60055" + }, + { + "name": "20140926 GNU Bash Environmental Variable Command Injection Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash" + }, + { + "name": "61550", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61550" + }, + { + "name": "61633", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61633" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686494", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686494" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-1306.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-1306.html" + }, + { + "name": "https://kb.bluecoat.com/index?page=content&id=SA82", + "refsource": "CONFIRM", + "url": "https://kb.bluecoat.com/index?page=content&id=SA82" + }, + { + "name": "SUSE-SU-2014:1259", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00048.html" + }, + { + "name": "61328", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61328" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21685733", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685733" + }, + { + "name": "61129", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61129" + }, + { + "name": "61700", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61700" + }, + { + "name": "61626", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61626" + }, + { + "name": "61603", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61603" + }, + { + "name": "61857", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61857" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7207.json b/2014/7xxx/CVE-2014-7207.json index e0e6db26a0e..0fef3bbc721 100644 --- a/2014/7xxx/CVE-2014-7207.json +++ b/2014/7xxx/CVE-2014-7207.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7207", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A certain Debian patch to the IPv6 implementation in the Linux kernel 3.2.x through 3.2.63 does not properly validate arguments in ipv6_select_ident function calls, which allows local users to cause a denial of service (NULL pointer dereference and system crash) by leveraging (1) tun or (2) macvtap device access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2014-7207", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141102 CVE-2014-7207 assignment: Debian-specific Linux 3.2 backport issue", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/11/02/1" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766195", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766195" - }, - { - "name" : "DSA-3060", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3060" - }, - { - "name" : "USN-2417-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2417-1" - }, - { - "name" : "USN-2418-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2418-1" - }, - { - "name" : "70867", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70867" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A certain Debian patch to the IPv6 implementation in the Linux kernel 3.2.x through 3.2.63 does not properly validate arguments in ipv6_select_ident function calls, which allows local users to cause a denial of service (NULL pointer dereference and system crash) by leveraging (1) tun or (2) macvtap device access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2418-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2418-1" + }, + { + "name": "USN-2417-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2417-1" + }, + { + "name": "DSA-3060", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3060" + }, + { + "name": "[oss-security] 20141102 CVE-2014-7207 assignment: Debian-specific Linux 3.2 backport issue", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/11/02/1" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766195", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766195" + }, + { + "name": "70867", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70867" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7311.json b/2014/7xxx/CVE-2014-7311.json index 5cf2b6a421e..b8e036dc4be 100644 --- a/2014/7xxx/CVE-2014-7311.json +++ b/2014/7xxx/CVE-2014-7311.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7311", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7311", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7843.json b/2014/7xxx/CVE-2014-7843.json index 379af375cec..62544f5e5fc 100644 --- a/2014/7xxx/CVE-2014-7843.json +++ b/2014/7xxx/CVE-2014-7843.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7843", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The __clear_user function in arch/arm64/lib/clear_user.S in the Linux kernel before 3.17.4 on the ARM64 platform allows local users to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-7843", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141113 CVE-2014-7843 Linux kernel: aarch64: copying from /dev/zero causes local DoS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/11/13/5" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=97fc15436b36ee3956efad83e22a557991f7d19d", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=97fc15436b36ee3956efad83e22a557991f7d19d" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1163744", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1163744" - }, - { - "name" : "https://github.com/torvalds/linux/commit/97fc15436b36ee3956efad83e22a557991f7d19d", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/97fc15436b36ee3956efad83e22a557991f7d19d" - }, - { - "name" : "71082", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71082" - }, - { - "name" : "62305", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62305" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The __clear_user function in arch/arm64/lib/clear_user.S in the Linux kernel before 3.17.4 on the ARM64 platform allows local users to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20141113 CVE-2014-7843 Linux kernel: aarch64: copying from /dev/zero causes local DoS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/11/13/5" + }, + { + "name": "https://github.com/torvalds/linux/commit/97fc15436b36ee3956efad83e22a557991f7d19d", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/97fc15436b36ee3956efad83e22a557991f7d19d" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=97fc15436b36ee3956efad83e22a557991f7d19d", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=97fc15436b36ee3956efad83e22a557991f7d19d" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1163744", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1163744" + }, + { + "name": "71082", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71082" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4" + }, + { + "name": "62305", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62305" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7920.json b/2014/7xxx/CVE-2014-7920.json index bafabb59cf5..61ea86c8cc2 100644 --- a/2014/7xxx/CVE-2014-7920.json +++ b/2014/7xxx/CVE-2014-7920.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7920", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7921." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-7920", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://android.googlesource.com/platform/frameworks/av/+/36d1577%5E!/", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/av/+/36d1577%5E!/" - }, - { - "name" : "https://bits-please.blogspot.com/2016/01/android-privilege-escalation-to.html", - "refsource" : "CONFIRM", - "url" : "https://bits-please.blogspot.com/2016/01/android-privilege-escalation-to.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7921." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bits-please.blogspot.com/2016/01/android-privilege-escalation-to.html", + "refsource": "CONFIRM", + "url": "https://bits-please.blogspot.com/2016/01/android-privilege-escalation-to.html" + }, + { + "name": "https://android.googlesource.com/platform/frameworks/av/+/36d1577%5E!/", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/av/+/36d1577%5E!/" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8000.json b/2014/8xxx/CVE-2014-8000.json index 99446ed389c..14ec6387714 100644 --- a/2014/8xxx/CVE-2014-8000.json +++ b/2014/8xxx/CVE-2014-8000.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8000", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCur63497." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-8000", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36467", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36467" - }, - { - "name" : "20141119 Cisco Unified Communications Manager IM and Presence Service Enumeration Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8000" - }, - { - "name" : "71173", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71173" - }, - { - "name" : "1031240", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031240" - }, - { - "name" : "62558", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62558" - }, - { - "name" : "cisco-ucm-cve20148000-info-disc(98786)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98786" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCur63497." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36467", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36467" + }, + { + "name": "20141119 Cisco Unified Communications Manager IM and Presence Service Enumeration Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8000" + }, + { + "name": "62558", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62558" + }, + { + "name": "71173", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71173" + }, + { + "name": "1031240", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031240" + }, + { + "name": "cisco-ucm-cve20148000-info-disc(98786)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98786" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2282.json b/2016/2xxx/CVE-2016-2282.json index 3384ab22c2b..f67bd7af51b 100644 --- a/2016/2xxx/CVE-2016-2282.json +++ b/2016/2xxx/CVE-2016-2282.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2282", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt credentials, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-2282", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-063-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-063-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt credentials, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-063-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-063-01" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2311.json b/2016/2xxx/CVE-2016-2311.json index c1f1042e46b..149a3fafb20 100644 --- a/2016/2xxx/CVE-2016-2311.json +++ b/2016/2xxx/CVE-2016-2311.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2311", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Black Box AlertWerks ServSensor with firmware before SP473, AlertWerks ServSensor Junior with firmware before SP473, AlertWerks ServSensor Junior with PoE with firmware before SP473, and AlertWerks ServSensor Contact with firmware before SP473 allow remote authenticated users to discover administrator and user passwords via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-2311", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-147-03", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-147-03" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Black Box AlertWerks ServSensor with firmware before SP473, AlertWerks ServSensor Junior with firmware before SP473, AlertWerks ServSensor Junior with PoE with firmware before SP473, and AlertWerks ServSensor Contact with firmware before SP473 allow remote authenticated users to discover administrator and user passwords via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-147-03", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-147-03" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2342.json b/2016/2xxx/CVE-2016-2342.json index 90da6617af4..fca6bb19cef 100644 --- a/2016/2xxx/CVE-2016-2342.json +++ b/2016/2xxx/CVE-2016-2342.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2342", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-2342", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=a3bc7e9400b214a0f078fdb19596ba54214a1442", - "refsource" : "CONFIRM", - "url" : "http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=a3bc7e9400b214a0f078fdb19596ba54214a1442" - }, - { - "name" : "http://nongnu.askapache.com//quagga/quagga-1.0.20160309.changelog.txt", - "refsource" : "CONFIRM", - "url" : "http://nongnu.askapache.com//quagga/quagga-1.0.20160309.changelog.txt" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "DSA-3532", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3532" - }, - { - "name" : "GLSA-201610-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201610-03" - }, - { - "name" : "RHSA-2017:0794", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0794.html" - }, - { - "name" : "openSUSE-SU-2016:0888", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00117.html" - }, - { - "name" : "openSUSE-SU-2016:0863", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00102.html" - }, - { - "name" : "USN-2941-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2941-1" - }, - { - "name" : "VU#270232", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/270232" - }, - { - "name" : "84318", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "84318", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84318" + }, + { + "name": "RHSA-2017:0794", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0794.html" + }, + { + "name": "openSUSE-SU-2016:0863", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00102.html" + }, + { + "name": "DSA-3532", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3532" + }, + { + "name": "VU#270232", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/270232" + }, + { + "name": "http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=a3bc7e9400b214a0f078fdb19596ba54214a1442", + "refsource": "CONFIRM", + "url": "http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=a3bc7e9400b214a0f078fdb19596ba54214a1442" + }, + { + "name": "GLSA-201610-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201610-03" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "openSUSE-SU-2016:0888", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00117.html" + }, + { + "name": "http://nongnu.askapache.com//quagga/quagga-1.0.20160309.changelog.txt", + "refsource": "CONFIRM", + "url": "http://nongnu.askapache.com//quagga/quagga-1.0.20160309.changelog.txt" + }, + { + "name": "USN-2941-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2941-1" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2498.json b/2016/2xxx/CVE-2016-2498.json index 94ac8801970..326189aad1c 100644 --- a/2016/2xxx/CVE-2016-2498.json +++ b/2016/2xxx/CVE-2016-2498.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2498", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to bypass intended data-access restrictions via a crafted application, aka internal bug 27777162." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-2498", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-06-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-06-01.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to bypass intended data-access restrictions via a crafted application, aka internal bug 27777162." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-06-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-06-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2615.json b/2016/2xxx/CVE-2016-2615.json index f15fca3f004..a60fc45b2b3 100644 --- a/2016/2xxx/CVE-2016-2615.json +++ b/2016/2xxx/CVE-2016-2615.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2615", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2615", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6697.json b/2016/6xxx/CVE-2016-6697.json index 7d698f54d36..7c80a8d1c81 100644 --- a/2016/6xxx/CVE-2016-6697.json +++ b/2016/6xxx/CVE-2016-6697.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6697", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6697", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18177.json b/2017/18xxx/CVE-2017-18177.json index 9bf0ab09acd..65e99eefad5 100644 --- a/2017/18xxx/CVE-2017-18177.json +++ b/2017/18xxx/CVE-2017-18177.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18177", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Progress Sitefinity 9.1 has XSS via the Last name, First name, and About fields on the New User Creation Page. This is fixed in 10.1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18177", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://packetstormsecurity.com/files/143894/Progress-Sitefinity-9.1-XSS-Session-Management-Open-Redirect.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/143894/Progress-Sitefinity-9.1-XSS-Session-Management-Open-Redirect.html" - }, - { - "name" : "https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-progress-sitefinity/index.html", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-progress-sitefinity/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Progress Sitefinity 9.1 has XSS via the Last name, First name, and About fields on the New User Creation Page. This is fixed in 10.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-progress-sitefinity/index.html", + "refsource": "MISC", + "url": "https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-progress-sitefinity/index.html" + }, + { + "name": "https://packetstormsecurity.com/files/143894/Progress-Sitefinity-9.1-XSS-Session-Management-Open-Redirect.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/143894/Progress-Sitefinity-9.1-XSS-Session-Management-Open-Redirect.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1463.json b/2017/1xxx/CVE-2017-1463.json index c8593c832ef..a10fbbedbbb 100644 --- a/2017/1xxx/CVE-2017-1463.json +++ b/2017/1xxx/CVE-2017-1463.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1463", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1463", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1776.json b/2017/1xxx/CVE-2017-1776.json index f2fd4a82ffc..9ff5159934d 100644 --- a/2017/1xxx/CVE-2017-1776.json +++ b/2017/1xxx/CVE-2017-1776.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1776", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1776", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5282.json b/2017/5xxx/CVE-2017-5282.json index b7aa5543207..48645c02b9c 100644 --- a/2017/5xxx/CVE-2017-5282.json +++ b/2017/5xxx/CVE-2017-5282.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5282", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5282", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5366.json b/2017/5xxx/CVE-2017-5366.json index dbe3f3af717..ab78695cd9b 100644 --- a/2017/5xxx/CVE-2017-5366.json +++ b/2017/5xxx/CVE-2017-5366.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5366", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5366", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5707.json b/2017/5xxx/CVE-2017-5707.json index 12f52f24213..7839797d8b7 100644 --- a/2017/5xxx/CVE-2017-5707.json +++ b/2017/5xxx/CVE-2017-5707.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2017-11-20T00:00:00", - "ID" : "CVE-2017-5707", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trusted Execution Engine", - "version" : { - "version_data" : [ - { - "version_value" : "3.0" - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in kernel in Intel Trusted Execution Engine Firmware 3.0 allow attacker with local access to the system to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2017-11-20T00:00:00", + "ID": "CVE-2017-5707", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trusted Execution Engine", + "version": { + "version_data": [ + { + "version_value": "3.0" + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://twitter.com/PTsecurity_UK/status/938447926128291842", - "refsource" : "MISC", - "url" : "https://twitter.com/PTsecurity_UK/status/938447926128291842" - }, - { - "name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr", - "refsource" : "CONFIRM", - "url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20171120-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20171120-0001/" - }, - { - "name" : "https://www.asus.com/News/wzeltG5CjYaIwGJ0", - "refsource" : "CONFIRM", - "url" : "https://www.asus.com/News/wzeltG5CjYaIwGJ0" - }, - { - "name" : "https://www.synology.com/support/security/Synology_SA_17_73", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/support/security/Synology_SA_17_73" - }, - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf" - }, - { - "name" : "101919", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101919" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in kernel in Intel Trusted Execution Engine Firmware 3.0 allow attacker with local access to the system to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.netapp.com/advisory/ntap-20171120-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20171120-0001/" + }, + { + "name": "https://twitter.com/PTsecurity_UK/status/938447926128291842", + "refsource": "MISC", + "url": "https://twitter.com/PTsecurity_UK/status/938447926128291842" + }, + { + "name": "101919", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101919" + }, + { + "name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr", + "refsource": "CONFIRM", + "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr" + }, + { + "name": "https://www.synology.com/support/security/Synology_SA_17_73", + "refsource": "CONFIRM", + "url": "https://www.synology.com/support/security/Synology_SA_17_73" + }, + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf" + }, + { + "name": "https://www.asus.com/News/wzeltG5CjYaIwGJ0", + "refsource": "CONFIRM", + "url": "https://www.asus.com/News/wzeltG5CjYaIwGJ0" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5958.json b/2017/5xxx/CVE-2017-5958.json index 32e2a300dae..91c69344d53 100644 --- a/2017/5xxx/CVE-2017-5958.json +++ b/2017/5xxx/CVE-2017-5958.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5958", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5958", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file