diff --git a/2006/0xxx/CVE-2006-0272.json b/2006/0xxx/CVE-2006-0272.json index be7b5f41ef3..1164f02c029 100644 --- a/2006/0xxx/CVE-2006-0272.json +++ b/2006/0xxx/CVE-2006-0272.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0272", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the XML Database component of Oracle Database server 9.2.0.7 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB29. NOTE: based on mutual credits by the relevant sources, it is highly likely that this issue is a buffer overflow in the (a) DBMS_XMLSCHEMA and (b) DBMS_XMLSCHEMA_INT packages, as exploitable via long arguments to (1) XDB.DBMS_XMLSCHEMA.GENERATESCHEMA or (2) XDB.DBMS_XMLSCHEMA.GENERATESCHEMAS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0272", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060126 [Argeniss] Oracle Database Buffer overflows vulnerabilities in public procedures of XDB.DBMS_XMLSCHEMA{_INT}", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0893.html" - }, - { - "name" : "http://www.argeniss.com/research/ARGENISS-ADV-010601.txt", - "refsource" : "MISC", - "url" : "http://www.argeniss.com/research/ARGENISS-ADV-010601.txt" - }, - { - "name" : "http://www.integrigy.com/info/IntegrigySecurityAnalysis-CPU0106.pdf", - "refsource" : "MISC", - "url" : "http://www.integrigy.com/info/IntegrigySecurityAnalysis-CPU0106.pdf" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html" - }, - { - "name" : "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html" - }, - { - "name" : "TA06-018A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-018A.html" - }, - { - "name" : "VU#545804", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/545804" - }, - { - "name" : "VU#891644", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/891644" - }, - { - "name" : "16287", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16287" - }, - { - "name" : "ADV-2006-0243", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0243" - }, - { - "name" : "ADV-2006-0323", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0323" - }, - { - "name" : "1015499", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015499" - }, - { - "name" : "18493", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18493" - }, - { - "name" : "18608", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18608" - }, - { - "name" : "oracle-january2006-update(24321)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321" - }, - { - "name" : "oracle-xdbdbmx-xmlschema-bo(24376)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24376" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the XML Database component of Oracle Database server 9.2.0.7 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB29. NOTE: based on mutual credits by the relevant sources, it is highly likely that this issue is a buffer overflow in the (a) DBMS_XMLSCHEMA and (b) DBMS_XMLSCHEMA_INT packages, as exploitable via long arguments to (1) XDB.DBMS_XMLSCHEMA.GENERATESCHEMA or (2) XDB.DBMS_XMLSCHEMA.GENERATESCHEMAS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.integrigy.com/info/IntegrigySecurityAnalysis-CPU0106.pdf", + "refsource": "MISC", + "url": "http://www.integrigy.com/info/IntegrigySecurityAnalysis-CPU0106.pdf" + }, + { + "name": "oracle-january2006-update(24321)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321" + }, + { + "name": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html" + }, + { + "name": "20060126 [Argeniss] Oracle Database Buffer overflows vulnerabilities in public procedures of XDB.DBMS_XMLSCHEMA{_INT}", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0893.html" + }, + { + "name": "18493", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18493" + }, + { + "name": "ADV-2006-0323", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0323" + }, + { + "name": "16287", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16287" + }, + { + "name": "TA06-018A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-018A.html" + }, + { + "name": "VU#545804", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/545804" + }, + { + "name": "1015499", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015499" + }, + { + "name": "ADV-2006-0243", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0243" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html" + }, + { + "name": "18608", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18608" + }, + { + "name": "VU#891644", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/891644" + }, + { + "name": "http://www.argeniss.com/research/ARGENISS-ADV-010601.txt", + "refsource": "MISC", + "url": "http://www.argeniss.com/research/ARGENISS-ADV-010601.txt" + }, + { + "name": "oracle-xdbdbmx-xmlschema-bo(24376)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24376" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0292.json b/2006/0xxx/CVE-2006-0292.json index e8376e686a7..31c0385d2d5 100644 --- a/2006/0xxx/CVE-2006-0292.json +++ b/2006/0xxx/CVE-2006-0292.json @@ -1,367 +1,367 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0292", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-0292", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-01.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-01.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=316885", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=316885" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm" - }, - { - "name" : "DSA-1044", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1044" - }, - { - "name" : "DSA-1046", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1046" - }, - { - "name" : "DSA-1051", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1051" - }, - { - "name" : "FEDORA-2006-075", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html" - }, - { - "name" : "FEDORA-2006-076", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html" - }, - { - "name" : "FLSA-2006:180036-2", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/425978/100/0/threaded" - }, - { - "name" : "FLSA:180036-1", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/425975/100/0/threaded" - }, - { - "name" : "GLSA-200604-12", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml" - }, - { - "name" : "GLSA-200604-18", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml" - }, - { - "name" : "GLSA-200605-09", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml" - }, - { - "name" : "HPSBUX02122", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/438730/100/0/threaded" - }, - { - "name" : "SSRT061158", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/438730/100/0/threaded" - }, - { - "name" : "HPSBUX02156", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" - }, - { - "name" : "SSRT061236", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" - }, - { - "name" : "MDKSA-2006:036", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:036" - }, - { - "name" : "MDKSA-2006:078", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:078" - }, - { - "name" : "MDKSA-2006:037", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:037" - }, - { - "name" : "RHSA-2006:0199", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0199.html" - }, - { - "name" : "RHSA-2006:0200", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0200.html" - }, - { - "name" : "RHSA-2006:0330", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0330.html" - }, - { - "name" : "SCOSA-2006.26", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt" - }, - { - "name" : "20060201-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U" - }, - { - "name" : "102550", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1" - }, - { - "name" : "228526", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1" - }, - { - "name" : "SUSE-SA:2006:022", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_04_25.html" - }, - { - "name" : "USN-275-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/275-1/" - }, - { - "name" : "USN-276-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/276-1/" - }, - { - "name" : "USN-271-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/271-1/" - }, - { - "name" : "16476", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16476" - }, - { - "name" : "oval:org.mitre.oval:def:10016", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10016" - }, - { - "name" : "ADV-2006-0413", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0413" - }, - { - "name" : "ADV-2006-3391", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3391" - }, - { - "name" : "ADV-2006-3749", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3749" - }, - { - "name" : "oval:org.mitre.oval:def:670", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A670" - }, - { - "name" : "1015570", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015570" - }, - { - "name" : "18700", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18700" - }, - { - "name" : "18703", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18703" - }, - { - "name" : "18704", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18704" - }, - { - "name" : "18708", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18708" - }, - { - "name" : "18709", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18709" - }, - { - "name" : "18705", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18705" - }, - { - "name" : "18706", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18706" - }, - { - "name" : "19230", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19230" - }, - { - "name" : "19759", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19759" - }, - { - "name" : "19821", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19821" - }, - { - "name" : "19823", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19823" - }, - { - "name" : "19852", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19852" - }, - { - "name" : "19862", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19862" - }, - { - "name" : "19863", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19863" - }, - { - "name" : "19902", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19902" - }, - { - "name" : "19950", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19950" - }, - { - "name" : "19941", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19941" - }, - { - "name" : "19746", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19746" - }, - { - "name" : "21033", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21033" - }, - { - "name" : "21622", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21622" - }, - { - "name" : "19780", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19780" - }, - { - "name" : "20051", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20051" - }, - { - "name" : "22065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22065" - }, - { - "name" : "mozilla-javascript-memory-corruption(24430)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24430" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDKSA-2006:036", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:036" + }, + { + "name": "USN-275-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/275-1/" + }, + { + "name": "RHSA-2006:0330", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0330.html" + }, + { + "name": "19902", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19902" + }, + { + "name": "mozilla-javascript-memory-corruption(24430)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24430" + }, + { + "name": "MDKSA-2006:037", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:037" + }, + { + "name": "USN-276-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/276-1/" + }, + { + "name": "HPSBUX02122", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded" + }, + { + "name": "19941", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19941" + }, + { + "name": "19780", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19780" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=316885", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=316885" + }, + { + "name": "19821", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19821" + }, + { + "name": "oval:org.mitre.oval:def:10016", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10016" + }, + { + "name": "FEDORA-2006-075", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html" + }, + { + "name": "GLSA-200604-12", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml" + }, + { + "name": "21622", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21622" + }, + { + "name": "19862", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19862" + }, + { + "name": "19230", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19230" + }, + { + "name": "18704", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18704" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm" + }, + { + "name": "19823", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19823" + }, + { + "name": "DSA-1051", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1051" + }, + { + "name": "18709", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18709" + }, + { + "name": "ADV-2006-3749", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3749" + }, + { + "name": "USN-271-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/271-1/" + }, + { + "name": "18705", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18705" + }, + { + "name": "GLSA-200604-18", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml" + }, + { + "name": "16476", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16476" + }, + { + "name": "ADV-2006-0413", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0413" + }, + { + "name": "1015570", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015570" + }, + { + "name": "19746", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19746" + }, + { + "name": "21033", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21033" + }, + { + "name": "18700", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18700" + }, + { + "name": "102550", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1" + }, + { + "name": "19759", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19759" + }, + { + "name": "SSRT061236", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded" + }, + { + "name": "RHSA-2006:0200", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0200.html" + }, + { + "name": "oval:org.mitre.oval:def:670", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A670" + }, + { + "name": "18706", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18706" + }, + { + "name": "SSRT061158", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded" + }, + { + "name": "FEDORA-2006-076", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html" + }, + { + "name": "MDKSA-2006:078", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:078" + }, + { + "name": "RHSA-2006:0199", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0199.html" + }, + { + "name": "20051", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20051" + }, + { + "name": "19863", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19863" + }, + { + "name": "HPSBUX02156", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded" + }, + { + "name": "FLSA-2006:180036-2", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/425978/100/0/threaded" + }, + { + "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-01.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-01.html" + }, + { + "name": "20060201-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U" + }, + { + "name": "SCOSA-2006.26", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt" + }, + { + "name": "18708", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18708" + }, + { + "name": "FLSA:180036-1", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/425975/100/0/threaded" + }, + { + "name": "228526", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1" + }, + { + "name": "19852", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19852" + }, + { + "name": "SUSE-SA:2006:022", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_04_25.html" + }, + { + "name": "GLSA-200605-09", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml" + }, + { + "name": "ADV-2006-3391", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3391" + }, + { + "name": "18703", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18703" + }, + { + "name": "22065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22065" + }, + { + "name": "19950", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19950" + }, + { + "name": "DSA-1046", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1046" + }, + { + "name": "DSA-1044", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1044" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0540.json b/2006/0xxx/CVE-2006-0540.json index 23c09f69a90..1d3359206a2 100644 --- a/2006/0xxx/CVE-2006-0540.json +++ b/2006/0xxx/CVE-2006-0540.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0540", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Tachyon Vanilla Guestbook 1.0 beta allow remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0540", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060201 [eVuln] Vanilla Guestbook Multiple XSS & SQL Injection Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/423957/100/0/threaded" - }, - { - "name" : "http://www.evuln.com/vulns/54/summary.html", - "refsource" : "MISC", - "url" : "http://www.evuln.com/vulns/54/summary.html" - }, - { - "name" : "16464", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16464" - }, - { - "name" : "vanillaguestbook-messages-sql-injection(24412)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24412" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Tachyon Vanilla Guestbook 1.0 beta allow remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.evuln.com/vulns/54/summary.html", + "refsource": "MISC", + "url": "http://www.evuln.com/vulns/54/summary.html" + }, + { + "name": "vanillaguestbook-messages-sql-injection(24412)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24412" + }, + { + "name": "20060201 [eVuln] Vanilla Guestbook Multiple XSS & SQL Injection Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/423957/100/0/threaded" + }, + { + "name": "16464", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16464" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0879.json b/2006/0xxx/CVE-2006-0879.json index c43f67bcf32..bee1f3099e7 100644 --- a/2006/0xxx/CVE-2006-0879.json +++ b/2006/0xxx/CVE-2006-0879.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0879", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the search tool in Noah's Classifieds 1.3 allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0879", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060222 [KAPDA::#29]Noah's classifieds multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/425783/100/0/threaded" - }, - { - "name" : "http://www.kapda.ir/advisory-268.html", - "refsource" : "MISC", - "url" : "http://www.kapda.ir/advisory-268.html" - }, - { - "name" : "16773", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16773" - }, - { - "name" : "ADV-2006-0703", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0703" - }, - { - "name" : "1015667", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015667" - }, - { - "name" : "noahs-search-sql-injection(24896)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24896" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the search tool in Noah's Classifieds 1.3 allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "noahs-search-sql-injection(24896)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24896" + }, + { + "name": "20060222 [KAPDA::#29]Noah's classifieds multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/425783/100/0/threaded" + }, + { + "name": "1015667", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015667" + }, + { + "name": "16773", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16773" + }, + { + "name": "http://www.kapda.ir/advisory-268.html", + "refsource": "MISC", + "url": "http://www.kapda.ir/advisory-268.html" + }, + { + "name": "ADV-2006-0703", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0703" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3050.json b/2006/3xxx/CVE-2006-3050.json index 5e0495b07b4..8b31d720434 100644 --- a/2006/3xxx/CVE-2006-3050.json +++ b/2006/3xxx/CVE-2006-3050.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3050", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in detail.php in SixCMS 6.0, and other versions before 6.0.6patch2, allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the template parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3050", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060612 [MajorSecurity #17] SixCMS <= 6 - Multiple XSS and directory traversal vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437047/100/0/threaded" - }, - { - "name" : "20060619 Re: [MajorSecurity #17] SixCMS <= 6 - Multiple XSS and directory traversal vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437639/100/0/threaded" - }, - { - "name" : "http://www.majorsecurity.de/advisory/major_rls17.txt", - "refsource" : "MISC", - "url" : "http://www.majorsecurity.de/advisory/major_rls17.txt" - }, - { - "name" : "18395", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18395" - }, - { - "name" : "1016282", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016282" - }, - { - "name" : "1101", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1101" - }, - { - "name" : "sixcms-detail-directory-traversal(27107)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27107" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in detail.php in SixCMS 6.0, and other versions before 6.0.6patch2, allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the template parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sixcms-detail-directory-traversal(27107)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27107" + }, + { + "name": "18395", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18395" + }, + { + "name": "http://www.majorsecurity.de/advisory/major_rls17.txt", + "refsource": "MISC", + "url": "http://www.majorsecurity.de/advisory/major_rls17.txt" + }, + { + "name": "1016282", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016282" + }, + { + "name": "20060619 Re: [MajorSecurity #17] SixCMS <= 6 - Multiple XSS and directory traversal vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437639/100/0/threaded" + }, + { + "name": "1101", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1101" + }, + { + "name": "20060612 [MajorSecurity #17] SixCMS <= 6 - Multiple XSS and directory traversal vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437047/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3244.json b/2006/3xxx/CVE-2006-3244.json index 238d5f3cc90..0beec5e68f4 100644 --- a/2006/3xxx/CVE-2006-3244.json +++ b/2006/3xxx/CVE-2006-3244.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3244", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Anthill 0.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) order parameter in buglist.php and the (2) bug parameter in query.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3244", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/06/anthill-sql-injection-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/06/anthill-sql-injection-vuln.html" - }, - { - "name" : "18661", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18661" - }, - { - "name" : "ADV-2006-2529", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2529" - }, - { - "name" : "20838", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20838" - }, - { - "name" : "anthill-buglist-query-sql-injection(27373)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27373" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Anthill 0.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) order parameter in buglist.php and the (2) bug parameter in query.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "anthill-buglist-query-sql-injection(27373)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27373" + }, + { + "name": "ADV-2006-2529", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2529" + }, + { + "name": "18661", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18661" + }, + { + "name": "20838", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20838" + }, + { + "name": "http://pridels0.blogspot.com/2006/06/anthill-sql-injection-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/06/anthill-sql-injection-vuln.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3766.json b/2006/3xxx/CVE-2006-3766.json index 288c17be471..918694153e0 100644 --- a/2006/3xxx/CVE-2006-3766.json +++ b/2006/3xxx/CVE-2006-3766.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3766", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Darren's $5 Script Archive osDate 1.1.7 and earlier allows users to boost their own ratings via a txtrating parameter with a score greater than the intended maximum of 10." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3766", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060717 osDate 1.1.7 multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440490/100/0/threaded" - }, - { - "name" : "20060719 Re: osDate 1.1.7 multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440592/100/0/threaded" - }, - { - "name" : "20060813 osDate 1.1.8 - Multiple HTML Injection Vulnerability - fixed", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/443198/100/200/threaded" - }, - { - "name" : "1016700", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016700" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Darren's $5 Script Archive osDate 1.1.7 and earlier allows users to boost their own ratings via a txtrating parameter with a score greater than the intended maximum of 10." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060813 osDate 1.1.8 - Multiple HTML Injection Vulnerability - fixed", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/443198/100/200/threaded" + }, + { + "name": "1016700", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016700" + }, + { + "name": "20060719 Re: osDate 1.1.7 multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440592/100/0/threaded" + }, + { + "name": "20060717 osDate 1.1.7 multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440490/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3918.json b/2006/3xxx/CVE-2006-3918.json index 894654e74f8..8a122a7e12e 100644 --- a/2006/3xxx/CVE-2006-3918.json +++ b/2006/3xxx/CVE-2006-3918.json @@ -1,307 +1,307 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3918", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3918", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060508 Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-05/0151.html" - }, - { - "name" : "20060724 Write-up by Amit Klein: \"Forging HTTP request headers with Flash\"", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-07/0425.html" - }, - { - "name" : "http://svn.apache.org/viewvc?view=rev&revision=394965", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=rev&revision=394965" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-194.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-194.htm" - }, - { - "name" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117", - "refsource" : "CONFIRM", - "url" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117" - }, - { - "name" : "http://kb.vmware.com/KanisaPlatform/Publishing/466/5915871_f.SAL_Public.html", - "refsource" : "CONFIRM", - "url" : "http://kb.vmware.com/KanisaPlatform/Publishing/466/5915871_f.SAL_Public.html" - }, - { - "name" : "http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-2.html", - "refsource" : "CONFIRM", - "url" : "http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-2.html" - }, - { - "name" : "PK24631", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1PK24631" - }, - { - "name" : "PK27875", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg24013080" - }, - { - "name" : "DSA-1167", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1167" - }, - { - "name" : "HPSBUX02465", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=125631037611762&w=2" - }, - { - "name" : "SSRT090192", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=125631037611762&w=2" - }, - { - "name" : "HPSBUX02612", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=129190899612998&w=2" - }, - { - "name" : "SSRT100345", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=129190899612998&w=2" - }, - { - "name" : "HPSBOV02683", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130497311408250&w=2" - }, - { - "name" : "SSRT090208", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130497311408250&w=2" - }, - { - "name" : "[3.9] 012: SECURITY FIX: October 7, 2006", - "refsource" : "OPENBSD", - "url" : "http://openbsd.org/errata.html#httpd2" - }, - { - "name" : "RHSA-2006:0618", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2006-0618.html" - }, - { - "name" : "RHSA-2006:0619", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0619.html" - }, - { - "name" : "RHSA-2006:0692", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2006-0692.html" - }, - { - "name" : "20060801-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P" - }, - { - "name" : "SUSE-SA:2006:051", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_51_apache.html" - }, - { - "name" : "SUSE-SA:2008:021", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html" - }, - { - "name" : "USN-575-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-575-1" - }, - { - "name" : "19661", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19661" - }, - { - "name" : "oval:org.mitre.oval:def:10352", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10352" - }, - { - "name" : "oval:org.mitre.oval:def:12238", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12238" - }, - { - "name" : "1024144", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024144" - }, - { - "name" : "40256", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40256" - }, - { - "name" : "ADV-2006-2963", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2963" - }, - { - "name" : "ADV-2006-2964", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2964" - }, - { - "name" : "ADV-2006-3264", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3264" - }, - { - "name" : "ADV-2006-4207", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4207" - }, - { - "name" : "ADV-2006-5089", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5089" - }, - { - "name" : "1016569", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016569" - }, - { - "name" : "21172", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21172" - }, - { - "name" : "21174", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21174" - }, - { - "name" : "21399", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21399" - }, - { - "name" : "21478", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21478" - }, - { - "name" : "21848", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21848" - }, - { - "name" : "21598", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21598" - }, - { - "name" : "21744", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21744" - }, - { - "name" : "21986", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21986" - }, - { - "name" : "22140", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22140" - }, - { - "name" : "22317", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22317" - }, - { - "name" : "22523", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22523" - }, - { - "name" : "28749", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28749" - }, - { - "name" : "29640", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29640" - }, - { - "name" : "1294", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1294" - }, - { - "name" : "ADV-2010-1572", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1572" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060801-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P" + }, + { + "name": "ADV-2010-1572", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1572" + }, + { + "name": "http://svn.apache.org/viewvc?view=rev&revision=394965", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=rev&revision=394965" + }, + { + "name": "28749", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28749" + }, + { + "name": "http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-2.html", + "refsource": "CONFIRM", + "url": "http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-2.html" + }, + { + "name": "DSA-1167", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1167" + }, + { + "name": "19661", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19661" + }, + { + "name": "21744", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21744" + }, + { + "name": "20060724 Write-up by Amit Klein: \"Forging HTTP request headers with Flash\"", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0425.html" + }, + { + "name": "HPSBUX02465", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2" + }, + { + "name": "1024144", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024144" + }, + { + "name": "22317", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22317" + }, + { + "name": "22523", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22523" + }, + { + "name": "SSRT090208", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2" + }, + { + "name": "ADV-2006-5089", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5089" + }, + { + "name": "ADV-2006-3264", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3264" + }, + { + "name": "20060508 Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0151.html" + }, + { + "name": "21598", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21598" + }, + { + "name": "21399", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21399" + }, + { + "name": "SSRT090192", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2" + }, + { + "name": "oval:org.mitre.oval:def:10352", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10352" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-194.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-194.htm" + }, + { + "name": "21478", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21478" + }, + { + "name": "RHSA-2006:0619", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0619.html" + }, + { + "name": "21986", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21986" + }, + { + "name": "HPSBUX02612", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=129190899612998&w=2" + }, + { + "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117", + "refsource": "CONFIRM", + "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117" + }, + { + "name": "ADV-2006-4207", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4207" + }, + { + "name": "HPSBOV02683", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2" + }, + { + "name": "21848", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21848" + }, + { + "name": "RHSA-2006:0618", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2006-0618.html" + }, + { + "name": "PK24631", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK24631" + }, + { + "name": "SUSE-SA:2008:021", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html" + }, + { + "name": "RHSA-2006:0692", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2006-0692.html" + }, + { + "name": "40256", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40256" + }, + { + "name": "SUSE-SA:2006:051", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_51_apache.html" + }, + { + "name": "ADV-2006-2963", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2963" + }, + { + "name": "21174", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21174" + }, + { + "name": "SSRT100345", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=129190899612998&w=2" + }, + { + "name": "USN-575-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-575-1" + }, + { + "name": "oval:org.mitre.oval:def:12238", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12238" + }, + { + "name": "29640", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29640" + }, + { + "name": "1294", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1294" + }, + { + "name": "[3.9] 012: SECURITY FIX: October 7, 2006", + "refsource": "OPENBSD", + "url": "http://openbsd.org/errata.html#httpd2" + }, + { + "name": "PK27875", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24013080" + }, + { + "name": "21172", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21172" + }, + { + "name": "http://kb.vmware.com/KanisaPlatform/Publishing/466/5915871_f.SAL_Public.html", + "refsource": "CONFIRM", + "url": "http://kb.vmware.com/KanisaPlatform/Publishing/466/5915871_f.SAL_Public.html" + }, + { + "name": "1016569", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016569" + }, + { + "name": "ADV-2006-2964", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2964" + }, + { + "name": "22140", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22140" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3964.json b/2006/3xxx/CVE-2006-3964.json index 1dc706a2cc0..39b26453a12 100644 --- a/2006/3xxx/CVE-2006-3964.json +++ b/2006/3xxx/CVE-2006-3964.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3964", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in members.php in Banex PHP MySQL Banner Exchange 2.21 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_root parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3964", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060730 Banex Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=115423462216111&w=2" - }, - { - "name" : "19240", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19240" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in members.php in Banex PHP MySQL Banner Exchange 2.21 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_root parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060730 Banex Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=115423462216111&w=2" + }, + { + "name": "19240", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19240" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4260.json b/2006/4xxx/CVE-2006-4260.json index 9c8130812fd..feaa6722cd0 100644 --- a/2006/4xxx/CVE-2006-4260.json +++ b/2006/4xxx/CVE-2006-4260.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4260", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in Fotopholder 1.8 allows remote attackers to read arbitrary directories or files via a .. (dot dot) in the path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4260", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060815 otopholder 1.8 suffers from a local file inclusion,XSS and directory listing vuln", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-08/0316.html" - }, - { - "name" : "28243", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28243" - }, - { - "name" : "1016702", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016702" - }, - { - "name" : "1421", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1421" - }, - { - "name" : "fotopholder-index-obtain-information(28399)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28399" - }, - { - "name" : "fotopholder-index-file-include(28398)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28398" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in Fotopholder 1.8 allows remote attackers to read arbitrary directories or files via a .. (dot dot) in the path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "fotopholder-index-obtain-information(28399)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28399" + }, + { + "name": "1421", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1421" + }, + { + "name": "fotopholder-index-file-include(28398)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28398" + }, + { + "name": "28243", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28243" + }, + { + "name": "20060815 otopholder 1.8 suffers from a local file inclusion,XSS and directory listing vuln", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-08/0316.html" + }, + { + "name": "1016702", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016702" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4367.json b/2006/4xxx/CVE-2006-4367.json index aa60cccd348..3eaf7029707 100644 --- a/2006/4xxx/CVE-2006-4367.json +++ b/2006/4xxx/CVE-2006-4367.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4367", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in alltopics.php in the All Topics Hack 1.5.0 and earlier for phpBB 2.0.21 allows remote attackers to execute arbitrary SQL commands via the start parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4367", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2248", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2248" - }, - { - "name" : "19682", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19682" - }, - { - "name" : "phpbb-alltopics-sql-injection(28538)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28538" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in alltopics.php in the All Topics Hack 1.5.0 and earlier for phpBB 2.0.21 allows remote attackers to execute arbitrary SQL commands via the start parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpbb-alltopics-sql-injection(28538)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28538" + }, + { + "name": "2248", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2248" + }, + { + "name": "19682", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19682" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2022.json b/2010/2xxx/CVE-2010-2022.json index 9b188b75bbd..f33a8b1af9e 100644 --- a/2010/2xxx/CVE-2010-2022.json +++ b/2010/2xxx/CVE-2010-2022.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2022", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "jail.c in jail in FreeBSD 8.0 and 8.1-PRERELEASE, when the \"-l -U root\" options are omitted, does not properly restrict access to the current working directory, which might allow local users to read, modify, or create arbitrary files via standard filesystem operations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2022", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FreeBSD-SA-10:04", - "refsource" : "FREEBSD", - "url" : "http://security.FreeBSD.org/advisories/FreeBSD-SA-10:04.jail.asc" - }, - { - "name" : "40399", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40399" - }, - { - "name" : "1024038", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024038" - }, - { - "name" : "ADV-2010-1247", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1247" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "jail.c in jail in FreeBSD 8.0 and 8.1-PRERELEASE, when the \"-l -U root\" options are omitted, does not properly restrict access to the current working directory, which might allow local users to read, modify, or create arbitrary files via standard filesystem operations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-1247", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1247" + }, + { + "name": "FreeBSD-SA-10:04", + "refsource": "FREEBSD", + "url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-10:04.jail.asc" + }, + { + "name": "40399", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40399" + }, + { + "name": "1024038", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024038" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2048.json b/2010/2xxx/CVE-2010-2048.json index 2d9211665cc..292fd2596de 100644 --- a/2010/2xxx/CVE-2010-2048.json +++ b/2010/2xxx/CVE-2010-2048.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2048", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Heartbeat module 6.x before 6.x-4.9 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2048", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/802508", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/802508" - }, - { - "name" : "http://drupal.org/node/803570", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/803570" - }, - { - "name" : "40268", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40268" - }, - { - "name" : "39893", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39893" - }, - { - "name" : "heartbeat-unspecified-xss(58702)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58702" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Heartbeat module 6.x before 6.x-4.9 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "heartbeat-unspecified-xss(58702)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58702" + }, + { + "name": "http://drupal.org/node/803570", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/803570" + }, + { + "name": "http://drupal.org/node/802508", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/802508" + }, + { + "name": "39893", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39893" + }, + { + "name": "40268", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40268" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2244.json b/2010/2xxx/CVE-2010-2244.json index 4ed97ce3090..56800e3fc46 100644 --- a/2010/2xxx/CVE-2010-2244.json +++ b/2010/2xxx/CVE-2010-2244.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2244", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNS packet with an invalid checksum followed by a DNS packet with a valid checksum, a different vulnerability than CVE-2008-5081." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2244", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100623 CVE Request: avahi DoS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/06/23/4" - }, - { - "name" : "[oss-security] 20100625 Re: CVE Request: avahi DoS", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127748459505200&w=2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=607293", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=607293" - }, - { - "name" : "DSA-2086", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2086" - }, - { - "name" : "FEDORA-2010-10581", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043820.html" - }, - { - "name" : "FEDORA-2010-10584", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043800.html" - }, - { - "name" : "MDVSA-2010:204", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:204" - }, - { - "name" : "1024200", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024200" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNS packet with an invalid checksum followed by a DNS packet with a valid checksum, a different vulnerability than CVE-2008-5081." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20100625 Re: CVE Request: avahi DoS", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127748459505200&w=2" + }, + { + "name": "[oss-security] 20100623 CVE Request: avahi DoS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/06/23/4" + }, + { + "name": "FEDORA-2010-10584", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043800.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=607293", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=607293" + }, + { + "name": "MDVSA-2010:204", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:204" + }, + { + "name": "1024200", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024200" + }, + { + "name": "DSA-2086", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2086" + }, + { + "name": "FEDORA-2010-10581", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043820.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2505.json b/2010/2xxx/CVE-2010-2505.json index b64a65519d6..e973c3a0f24 100644 --- a/2010/2xxx/CVE-2010-2505.json +++ b/2010/2xxx/CVE-2010-2505.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2505", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Soft SaschArt SasCAM Webcam Server 2.6.5, 2.7, and earlier allows remote attackers to cause a denial of service (crash) via a large number of requests with a long line, as demonstrated using a long GET request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2505", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "13888", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/13888" - }, - { - "name" : "65544", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/65544" - }, - { - "name" : "40214", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40214" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Soft SaschArt SasCAM Webcam Server 2.6.5, 2.7, and earlier allows remote attackers to cause a denial of service (crash) via a large number of requests with a long line, as demonstrated using a long GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13888", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/13888" + }, + { + "name": "40214", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40214" + }, + { + "name": "65544", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/65544" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2627.json b/2010/2xxx/CVE-2010-2627.json index 45250f4af12..01986bb374f 100644 --- a/2010/2xxx/CVE-2010-2627.json +++ b/2010/2xxx/CVE-2010-2627.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2627", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in the Refractor 2 engine, as used in Battlefield 2 1.50 (1.5.3153-802.0) and earlier, and Battlefield 2142 (1.10.48.0) and earlier, allow remote servers to overwrite arbitrary files on the client via \"..\\\" (dot dot backslash) sequences in URLs for the (1) sponsor or (2) community logos, and other URLs related to (3) DemoDownloadURL, (4) DemoIndexURL and (5) CustomMapsURL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2627", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.altervista.org/adv/bf2urlz-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/bf2urlz-adv.txt" - }, - { - "name" : "41262", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41262" - }, - { - "name" : "65863", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/65863" - }, - { - "name" : "40334", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40334" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in the Refractor 2 engine, as used in Battlefield 2 1.50 (1.5.3153-802.0) and earlier, and Battlefield 2142 (1.10.48.0) and earlier, allow remote servers to overwrite arbitrary files on the client via \"..\\\" (dot dot backslash) sequences in URLs for the (1) sponsor or (2) community logos, and other URLs related to (3) DemoDownloadURL, (4) DemoIndexURL and (5) CustomMapsURL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40334", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40334" + }, + { + "name": "65863", + "refsource": "OSVDB", + "url": "http://osvdb.org/65863" + }, + { + "name": "41262", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41262" + }, + { + "name": "http://aluigi.altervista.org/adv/bf2urlz-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/bf2urlz-adv.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2668.json b/2010/2xxx/CVE-2010-2668.json index e9fe2c242eb..61e39b69649 100644 --- a/2010/2xxx/CVE-2010-2668.json +++ b/2010/2xxx/CVE-2010-2668.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2668", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Adaptive Micro Systems ALPHA Ethernet Adapter II Web-Manager 3.40.2 allows remote attackers to bypass authentication and read or write configuration files via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2668", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100701 DDIVRT-2010-29 ALPHA Ethernet Adapter II Web-Manager 3.40.2 Authentication Bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/512132/100/0/threaded" - }, - { - "name" : "20100701 DDIVRT-2010-29 ALPHA Ethernet Adapter II Web-Manager 3.40.2 Authentication Bypass", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-07/0010.html" - }, - { - "name" : "41288", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41288" - }, - { - "name" : "66015", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/66015" - }, - { - "name" : "40369", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40369" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Adaptive Micro Systems ALPHA Ethernet Adapter II Web-Manager 3.40.2 allows remote attackers to bypass authentication and read or write configuration files via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100701 DDIVRT-2010-29 ALPHA Ethernet Adapter II Web-Manager 3.40.2 Authentication Bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/512132/100/0/threaded" + }, + { + "name": "66015", + "refsource": "OSVDB", + "url": "http://osvdb.org/66015" + }, + { + "name": "40369", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40369" + }, + { + "name": "20100701 DDIVRT-2010-29 ALPHA Ethernet Adapter II Web-Manager 3.40.2 Authentication Bypass", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-07/0010.html" + }, + { + "name": "41288", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41288" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3567.json b/2010/3xxx/CVE-2010-3567.json index 7a6e9da3aed..e0865e7abde 100644 --- a/2010/3xxx/CVE-2010-3567.json +++ b/2010/3xxx/CVE-2010-3567.json @@ -1,197 +1,197 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3567", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to a calculation error in right-to-left text character counts for the ICU OpenType font rendering implementation, which triggers an out-of-bounds memory access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-3567", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100114315", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100114315" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100114327", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100114327" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=642197", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=642197" - }, - { - "name" : "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100123193", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100123193" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" - }, - { - "name" : "FEDORA-2010-16240", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html" - }, - { - "name" : "FEDORA-2010-16294", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html" - }, - { - "name" : "FEDORA-2010-16312", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBUX02608", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" - }, - { - "name" : "SSRT100333", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "RHSA-2010:0770", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0770.html" - }, - { - "name" : "RHSA-2010:0768", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0768.html" - }, - { - "name" : "RHSA-2010:0865", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0865.html" - }, - { - "name" : "SUSE-SR:2010:019", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" - }, - { - "name" : "USN-1010-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1010-1" - }, - { - "name" : "43992", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43992" - }, - { - "name" : "oval:org.mitre.oval:def:11714", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11714" - }, - { - "name" : "oval:org.mitre.oval:def:12153", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12153" - }, - { - "name" : "41972", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41972" - }, - { - "name" : "42377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42377" - }, - { - "name" : "42974", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42974" - }, - { - "name" : "ADV-2010-3086", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3086" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to a calculation error in right-to-left text character counts for the ICU OpenType font rendering implementation, which triggers an out-of-bounds memory access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.avaya.com/css/P8/documents/100114327", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100114327" + }, + { + "name": "RHSA-2010:0865", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html" + }, + { + "name": "oval:org.mitre.oval:def:11714", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11714" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100114315", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100114315" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "RHSA-2010:0770", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html" + }, + { + "name": "SSRT100333", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" + }, + { + "name": "43992", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43992" + }, + { + "name": "RHSA-2010:0768", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html" + }, + { + "name": "FEDORA-2010-16240", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html" + }, + { + "name": "oval:org.mitre.oval:def:12153", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12153" + }, + { + "name": "USN-1010-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1010-1" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html" + }, + { + "name": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" + }, + { + "name": "42974", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42974" + }, + { + "name": "41972", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41972" + }, + { + "name": "ADV-2010-3086", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3086" + }, + { + "name": "HPSBUX02608", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=642197", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642197" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100123193", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100123193" + }, + { + "name": "42377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42377" + }, + { + "name": "SUSE-SR:2010:019", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" + }, + { + "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" + }, + { + "name": "FEDORA-2010-16312", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html" + }, + { + "name": "FEDORA-2010-16294", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3670.json b/2010/3xxx/CVE-2010-3670.json index 8639e2c7382..64bea4113ba 100644 --- a/2010/3xxx/CVE-2010-3670.json +++ b/2010/3xxx/CVE-2010-3670.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3670", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3670", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3848.json b/2010/3xxx/CVE-2010-3848.json index db096233bd4..6e77706dd51 100644 --- a/2010/3xxx/CVE-2010-3848.json +++ b/2010/3xxx/CVE-2010-3848.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3848", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to gain privileges by providing a large number of iovec structures." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3848", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20101129 kernel: Multiple vulnerabilities in AF_ECONET", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/11/30/1" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a27e13d370415add3487949c60810e36069a23a6", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a27e13d370415add3487949c60810e36069a23a6" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=644156", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=644156" - }, - { - "name" : "DSA-2126", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2126" - }, - { - "name" : "MDVSA-2010:257", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:257" - }, - { - "name" : "SUSE-SA:2011:005", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html" - }, - { - "name" : "SUSE-SA:2011:007", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" - }, - { - "name" : "SUSE-SA:2011:008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html" - }, - { - "name" : "USN-1023-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1023-1" - }, - { - "name" : "43056", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43056" - }, - { - "name" : "43291", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43291" - }, - { - "name" : "ADV-2011-0213", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0213" - }, - { - "name" : "ADV-2011-0298", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0298" - }, - { - "name" : "ADV-2011-0375", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0375" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to gain privileges by providing a large number of iovec structures." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43056", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43056" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=644156", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=644156" + }, + { + "name": "SUSE-SA:2011:007", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" + }, + { + "name": "[oss-security] 20101129 kernel: Multiple vulnerabilities in AF_ECONET", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/11/30/1" + }, + { + "name": "ADV-2011-0298", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0298" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a27e13d370415add3487949c60810e36069a23a6", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a27e13d370415add3487949c60810e36069a23a6" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2" + }, + { + "name": "MDVSA-2010:257", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:257" + }, + { + "name": "SUSE-SA:2011:005", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html" + }, + { + "name": "ADV-2011-0375", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0375" + }, + { + "name": "USN-1023-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1023-1" + }, + { + "name": "SUSE-SA:2011:008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html" + }, + { + "name": "43291", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43291" + }, + { + "name": "ADV-2011-0213", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0213" + }, + { + "name": "DSA-2126", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2126" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3939.json b/2010/3xxx/CVE-2010-3939.json index f553964a6ea..d68eb581b4e 100644 --- a/2010/3xxx/CVE-2010-3939.json +++ b/2010/3xxx/CVE-2010-3939.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3939", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies from user mode, aka \"Win32k Buffer Overflow Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-3939", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-098", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-098" - }, - { - "name" : "TA10-348A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-348A.html" - }, - { - "name" : "oval:org.mitre.oval:def:12252", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12252" - }, - { - "name" : "1024880", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024880" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies from user mode, aka \"Win32k Buffer Overflow Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-348A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html" + }, + { + "name": "MS10-098", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-098" + }, + { + "name": "1024880", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024880" + }, + { + "name": "oval:org.mitre.oval:def:12252", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12252" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0327.json b/2011/0xxx/CVE-2011-0327.json index 796e7d7466e..888ca6c175d 100644 --- a/2011/0xxx/CVE-2011-0327.json +++ b/2011/0xxx/CVE-2011-0327.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0327", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0327", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0890.json b/2011/0xxx/CVE-2011-0890.json index 55cd89e7ad5..92c4b07628f 100644 --- a/2011/0xxx/CVE-2011-0890.json +++ b/2011/0xxx/CVE-2011-0890.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0890", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HP Discovery & Dependency Mapping Inventory (DDMI) 7.50, 7.51, 7.60, 7.61, 7.70, and 9.30 launches the Windows SNMP service with its default configuration, which allows remote attackers to obtain potentially sensitive information or have unspecified other impact by leveraging the public read community." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-0890", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA02647", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130082163516878&w=2" - }, - { - "name" : "SSRT100383", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130082163516878&w=2" - }, - { - "name" : "46981", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46981" - }, - { - "name" : "1025239", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025239" - }, - { - "name" : "8163", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8163" - }, - { - "name" : "ADV-2011-0755", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0755" - }, - { - "name" : "hp-discovery-snmp-info-disclosure(66242)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66242" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HP Discovery & Dependency Mapping Inventory (DDMI) 7.50, 7.51, 7.60, 7.61, 7.70, and 9.30 launches the Windows SNMP service with its default configuration, which allows remote attackers to obtain potentially sensitive information or have unspecified other impact by leveraging the public read community." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "hp-discovery-snmp-info-disclosure(66242)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66242" + }, + { + "name": "1025239", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025239" + }, + { + "name": "8163", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8163" + }, + { + "name": "SSRT100383", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130082163516878&w=2" + }, + { + "name": "HPSBMA02647", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130082163516878&w=2" + }, + { + "name": "ADV-2011-0755", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0755" + }, + { + "name": "46981", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46981" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1550.json b/2011/1xxx/CVE-2011-1550.json index 3688f8e94eb..b8ebf129b79 100644 --- a/2011/1xxx/CVE-2011-1550.json +++ b/2011/1xxx/CVE-2011-1550.json @@ -1,227 +1,227 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1550", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1550", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110304 CVE Request -- logrotate -- nine issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/04/16" - }, - { - "name" : "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/04/17" - }, - { - "name" : "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/04/18" - }, - { - "name" : "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/04/19" - }, - { - "name" : "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/04/22" - }, - { - "name" : "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/04/24" - }, - { - "name" : "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/04/25" - }, - { - "name" : "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/04/26" - }, - { - "name" : "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/04/27" - }, - { - "name" : "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/04/28" - }, - { - "name" : "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/04/29" - }, - { - "name" : "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/04/30" - }, - { - "name" : "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/04/31" - }, - { - "name" : "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/04/32" - }, - { - "name" : "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/04/33" - }, - { - "name" : "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/05/4" - }, - { - "name" : "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/05/6" - }, - { - "name" : "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/05/8" - }, - { - "name" : "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/06/3" - }, - { - "name" : "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/06/4" - }, - { - "name" : "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/06/5" - }, - { - "name" : "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/06/6" - }, - { - "name" : "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/07/5" - }, - { - "name" : "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/07/6" - }, - { - "name" : "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/07/11" - }, - { - "name" : "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/08/5" - }, - { - "name" : "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/10/2" - }, - { - "name" : "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/10/3" - }, - { - "name" : "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/10/6" - }, - { - "name" : "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/10/7" - }, - { - "name" : "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/11/3" - }, - { - "name" : "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/11/5" - }, - { - "name" : "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/14/26" - }, - { - "name" : "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/23/11" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/04/19" + }, + { + "name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/04/16" + }, + { + "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/04/25" + }, + { + "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/04/30" + }, + { + "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/04/26" + }, + { + "name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/10/3" + }, + { + "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/04/28" + }, + { + "name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/08/5" + }, + { + "name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/07/5" + }, + { + "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/04/31" + }, + { + "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/04/17" + }, + { + "name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/10/6" + }, + { + "name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/06/3" + }, + { + "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/04/29" + }, + { + "name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/07/6" + }, + { + "name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/05/6" + }, + { + "name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/05/4" + }, + { + "name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/07/11" + }, + { + "name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/23/11" + }, + { + "name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/06/5" + }, + { + "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/04/18" + }, + { + "name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/10/2" + }, + { + "name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/11/3" + }, + { + "name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/10/7" + }, + { + "name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/05/8" + }, + { + "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/04/22" + }, + { + "name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/11/5" + }, + { + "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/04/27" + }, + { + "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/04/32" + }, + { + "name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/14/26" + }, + { + "name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/04/24" + }, + { + "name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/06/4" + }, + { + "name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/06/6" + }, + { + "name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/04/33" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1734.json b/2011/1xxx/CVE-2011-1734.json index 75b04ca6b71..ed21a549007 100644 --- a/2011/1xxx/CVE-2011-1734.json +++ b/2011/1xxx/CVE-2011-1734.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1734", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed omniiaputil message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-1734", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110429 ZDI-11-150: HP Data Protector Backup Client Service omniiaputil Message Processing Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/517770/100/0/threaded" - }, - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-11-150/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-11-150/" - }, - { - "name" : "HPSBMA02668", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240" - }, - { - "name" : "SSRT100474", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240" - }, - { - "name" : "47638", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47638" - }, - { - "name" : "72193", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/72193" - }, - { - "name" : "1025454", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025454" - }, - { - "name" : "44402", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44402" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed omniiaputil message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20110429 ZDI-11-150: HP Data Protector Backup Client Service omniiaputil Message Processing Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/517770/100/0/threaded" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-11-150/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-11-150/" + }, + { + "name": "47638", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47638" + }, + { + "name": "HPSBMA02668", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240" + }, + { + "name": "SSRT100474", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240" + }, + { + "name": "44402", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44402" + }, + { + "name": "1025454", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025454" + }, + { + "name": "72193", + "refsource": "OSVDB", + "url": "http://osvdb.org/72193" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3067.json b/2014/3xxx/CVE-2014-3067.json index bc940f6043d..4b961188188 100644 --- a/2014/3xxx/CVE-2014-3067.json +++ b/2014/3xxx/CVE-2014-3067.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3067", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3067", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3192.json b/2014/3xxx/CVE-2014-3192.json index 73658bfa803..83d625699e6 100644 --- a/2014/3xxx/CVE-2014-3192.json +++ b/2014/3xxx/CVE-2014-3192.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3192", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-3192", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html" - }, - { - "name" : "https://crbug.com/403276", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/403276" - }, - { - "name" : "https://src.chromium.org/viewvc/blink?revision=182309&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/blink?revision=182309&view=revision" - }, - { - "name" : "http://support.apple.com/HT204243", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204243" - }, - { - "name" : "http://support.apple.com/HT204245", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204245" - }, - { - "name" : "http://support.apple.com/HT204246", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204246" - }, - { - "name" : "https://support.apple.com/kb/HT204949", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT204949" - }, - { - "name" : "APPLE-SA-2015-01-27-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html" - }, - { - "name" : "APPLE-SA-2015-01-27-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-01-27-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00002.html" - }, - { - "name" : "APPLE-SA-2015-06-30-6", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html" - }, - { - "name" : "RHSA-2014:1626", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1626.html" - }, - { - "name" : "70273", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70273" - }, - { - "name" : "1031647", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031647" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031647", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031647" + }, + { + "name": "http://support.apple.com/HT204245", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204245" + }, + { + "name": "RHSA-2014:1626", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1626.html" + }, + { + "name": "http://support.apple.com/HT204246", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204246" + }, + { + "name": "APPLE-SA-2015-06-30-6", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html" + }, + { + "name": "https://src.chromium.org/viewvc/blink?revision=182309&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/blink?revision=182309&view=revision" + }, + { + "name": "http://support.apple.com/HT204243", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204243" + }, + { + "name": "APPLE-SA-2015-01-27-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html" + }, + { + "name": "APPLE-SA-2015-01-27-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00002.html" + }, + { + "name": "https://support.apple.com/kb/HT204949", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT204949" + }, + { + "name": "APPLE-SA-2015-01-27-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html" + }, + { + "name": "70273", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70273" + }, + { + "name": "https://crbug.com/403276", + "refsource": "CONFIRM", + "url": "https://crbug.com/403276" + }, + { + "name": "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3674.json b/2014/3xxx/CVE-2014-3674.json index 8d13099c433..afb913f8203 100644 --- a/2014/3xxx/CVE-2014-3674.json +++ b/2014/3xxx/CVE-2014-3674.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3674", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the network resources of arbitrary gears via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3674", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2014:1796", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1796.html" - }, - { - "name" : "RHSA-2014:1906", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1906.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the network resources of arbitrary gears via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:1906", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1906.html" + }, + { + "name": "RHSA-2014:1796", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1796.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3706.json b/2014/3xxx/CVE-2014-3706.json index c8538cb73f5..e35a1a947e4 100644 --- a/2014/3xxx/CVE-2014-3706.json +++ b/2014/3xxx/CVE-2014-3706.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3706", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3706", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1154977", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1154977" - }, - { - "name" : "101507", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101507" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101507", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101507" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1154977", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1154977" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3729.json b/2014/3xxx/CVE-2014-3729.json index 550717b656d..f676ef8f3bb 100644 --- a/2014/3xxx/CVE-2014-3729.json +++ b/2014/3xxx/CVE-2014-3729.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3729", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3729", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7455.json b/2014/7xxx/CVE-2014-7455.json index 765b16b5ea0..82992956d7d 100644 --- a/2014/7xxx/CVE-2014-7455.json +++ b/2014/7xxx/CVE-2014-7455.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7455", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Zoella Unofficial (aka com.automon.ay.zoella) application 1.4.0.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7455", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#692673", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/692673" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Zoella Unofficial (aka com.automon.ay.zoella) application 1.4.0.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#692673", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/692673" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7702.json b/2014/7xxx/CVE-2014-7702.json index 0c607b8f8a4..d10070e40e1 100644 --- a/2014/7xxx/CVE-2014-7702.json +++ b/2014/7xxx/CVE-2014-7702.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7702", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ahtty (aka com.crevation.babylon.ahtty) application 1.97.16 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7702", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#367865", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/367865" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ahtty (aka com.crevation.babylon.ahtty) application 1.97.16 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#367865", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/367865" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7983.json b/2014/7xxx/CVE-2014-7983.json index c78cd53d7c6..93f916d53b2 100644 --- a/2014/7xxx/CVE-2014-7983.json +++ b/2014/7xxx/CVE-2014-7983.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7983", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS 3.1.2 through 3.2.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7983", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://developer.joomla.org/security/579-20140302-core-xss-vulnerability.html", - "refsource" : "CONFIRM", - "url" : "http://developer.joomla.org/security/579-20140302-core-xss-vulnerability.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS 3.1.2 through 3.2.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://developer.joomla.org/security/579-20140302-core-xss-vulnerability.html", + "refsource": "CONFIRM", + "url": "http://developer.joomla.org/security/579-20140302-core-xss-vulnerability.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8536.json b/2014/8xxx/CVE-2014-8536.json index 0366faaf450..833d0883605 100644 --- a/2014/8xxx/CVE-2014-8536.json +++ b/2014/8xxx/CVE-2014-8536.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8536", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to obtain sensitive information by reading unspecified error messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8536", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10044", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10044" - }, - { - "name" : "70840", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70840" - }, - { - "name" : "mcafee-ndlp-cve20148536-info-disc(98427)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98427" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to obtain sensitive information by reading unspecified error messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10044", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10044" + }, + { + "name": "70840", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70840" + }, + { + "name": "mcafee-ndlp-cve20148536-info-disc(98427)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98427" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8602.json b/2014/8xxx/CVE-2014-8602.json index 61e8af88788..274c27bc347 100644 --- a/2014/8xxx/CVE-2014-8602.json +++ b/2014/8xxx/CVE-2014-8602.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8602", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8602", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://unbound.net/downloads/patch_cve_2014_8602.diff", - "refsource" : "MISC", - "url" : "http://unbound.net/downloads/patch_cve_2014_8602.diff" - }, - { - "name" : "http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html", - "refsource" : "MISC", - "url" : "http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html" - }, - { - "name" : "https://unbound.net/downloads/CVE-2014-8602.txt", - "refsource" : "CONFIRM", - "url" : "https://unbound.net/downloads/CVE-2014-8602.txt" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" - }, - { - "name" : "DSA-3097", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3097" - }, - { - "name" : "USN-2484-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2484-1" - }, - { - "name" : "VU#264212", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/264212" - }, - { - "name" : "71589", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71589" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "71589", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71589" + }, + { + "name": "http://unbound.net/downloads/patch_cve_2014_8602.diff", + "refsource": "MISC", + "url": "http://unbound.net/downloads/patch_cve_2014_8602.diff" + }, + { + "name": "http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html", + "refsource": "MISC", + "url": "http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html" + }, + { + "name": "DSA-3097", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3097" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" + }, + { + "name": "VU#264212", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/264212" + }, + { + "name": "https://unbound.net/downloads/CVE-2014-8602.txt", + "refsource": "CONFIRM", + "url": "https://unbound.net/downloads/CVE-2014-8602.txt" + }, + { + "name": "USN-2484-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2484-1" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8627.json b/2014/8xxx/CVE-2014-8627.json index f89a2fce0c5..92d2c50972b 100644 --- a/2014/8xxx/CVE-2014-8627.json +++ b/2014/8xxx/CVE-2014-8627.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8627", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PolarSSL 1.3.8 does not properly negotiate the signature algorithm to use, which allows remote attackers to conduct downgrade attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "ID": "CVE-2014-8627", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released", - "refsource" : "CONFIRM", - "url" : "https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released" - }, - { - "name" : "openSUSE-SU-2014:1457", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00079.html" - }, - { - "name" : "61220", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61220" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PolarSSL 1.3.8 does not properly negotiate the signature algorithm to use, which allows remote attackers to conduct downgrade attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2014:1457", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00079.html" + }, + { + "name": "https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released", + "refsource": "CONFIRM", + "url": "https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released" + }, + { + "name": "61220", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61220" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8727.json b/2014/8xxx/CVE-2014-8727.json index 95f45a45deb..51e3aa1a633 100644 --- a/2014/8xxx/CVE-2014-8727.json +++ b/2014/8xxx/CVE-2014-8727.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8727", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in F5 BIG-IP before 10.2.2 allow local users with the \"Resource Administrator\" or \"Administrator\" role to enumerate and delete arbitrary files via a .. (dot dot) in the name parameter to (1) tmui/Control/jspmap/tmui/system/archive/properties.jsp or (2) tmui/Control/form." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8727", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35222", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35222" - }, - { - "name" : "http://packetstormsecurity.com/files/129084/F5-BIG-IP-10.1.0-Directory-Traversal.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129084/F5-BIG-IP-10.1.0-Directory-Traversal.html" - }, - { - "name" : "https://support.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnote_11_0_0_ltm.html", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnote_11_0_0_ltm.html" - }, - { - "name" : "https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13109.html", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13109.html" - }, - { - "name" : "71063", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71063" - }, - { - "name" : "1031216", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031216" - }, - { - "name" : "f5-bigip-cve20148727-dir-trav(98676)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98676" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in F5 BIG-IP before 10.2.2 allow local users with the \"Resource Administrator\" or \"Administrator\" role to enumerate and delete arbitrary files via a .. (dot dot) in the name parameter to (1) tmui/Control/jspmap/tmui/system/archive/properties.jsp or (2) tmui/Control/form." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031216", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031216" + }, + { + "name": "http://packetstormsecurity.com/files/129084/F5-BIG-IP-10.1.0-Directory-Traversal.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129084/F5-BIG-IP-10.1.0-Directory-Traversal.html" + }, + { + "name": "f5-bigip-cve20148727-dir-trav(98676)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98676" + }, + { + "name": "71063", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71063" + }, + { + "name": "35222", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35222" + }, + { + "name": "https://support.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnote_11_0_0_ltm.html", + "refsource": "CONFIRM", + "url": "https://support.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnote_11_0_0_ltm.html" + }, + { + "name": "https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13109.html", + "refsource": "CONFIRM", + "url": "https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13109.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9625.json b/2014/9xxx/CVE-2014-9625.json index a46a1359f35..d51d9c3e0ce 100644 --- a/2014/9xxx/CVE-2014-9625.json +++ b/2014/9xxx/CVE-2014-9625.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9625", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9625", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2313.json b/2016/2xxx/CVE-2016-2313.json index 7df9469b7ac..e5807cee4c7 100644 --- a/2016/2xxx/CVE-2016-2313.json +++ b/2016/2xxx/CVE-2016-2313.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2313", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "ID": "CVE-2016-2313", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.cacti.net/view.php?id=2656", - "refsource" : "CONFIRM", - "url" : "http://bugs.cacti.net/view.php?id=2656" - }, - { - "name" : "http://www.cacti.net/release_notes_0_8_8g.php", - "refsource" : "CONFIRM", - "url" : "http://www.cacti.net/release_notes_0_8_8g.php" - }, - { - "name" : "GLSA-201607-05", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201607-05" - }, - { - "name" : "GLSA-201711-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201711-10" - }, - { - "name" : "openSUSE-SU-2016:0437", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-02/msg00077.html" - }, - { - "name" : "openSUSE-SU-2016:0438", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-02/msg00078.html" - }, - { - "name" : "openSUSE-SU-2016:0440", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-02/msg00080.html" - }, - { - "name" : "1037745", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037745" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201607-05", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201607-05" + }, + { + "name": "1037745", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037745" + }, + { + "name": "openSUSE-SU-2016:0438", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00078.html" + }, + { + "name": "http://www.cacti.net/release_notes_0_8_8g.php", + "refsource": "CONFIRM", + "url": "http://www.cacti.net/release_notes_0_8_8g.php" + }, + { + "name": "openSUSE-SU-2016:0437", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00077.html" + }, + { + "name": "openSUSE-SU-2016:0440", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00080.html" + }, + { + "name": "http://bugs.cacti.net/view.php?id=2656", + "refsource": "CONFIRM", + "url": "http://bugs.cacti.net/view.php?id=2656" + }, + { + "name": "GLSA-201711-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201711-10" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2477.json b/2016/2xxx/CVE-2016-2477.json index 79ab9ceac5e..58121b50bec 100644 --- a/2016/2xxx/CVE-2016-2477.json +++ b/2016/2xxx/CVE-2016-2477.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2477", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles pointers, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27251096." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-2477", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-06-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-06-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/hardware/qcom/media/+/f22c2a0f0f9e030c240468d9d18b9297f001bcf0", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/hardware/qcom/media/+/f22c2a0f0f9e030c240468d9d18b9297f001bcf0" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles pointers, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27251096." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://android.googlesource.com/platform/hardware/qcom/media/+/f22c2a0f0f9e030c240468d9d18b9297f001bcf0", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/hardware/qcom/media/+/f22c2a0f0f9e030c240468d9d18b9297f001bcf0" + }, + { + "name": "http://source.android.com/security/bulletin/2016-06-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-06-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2983.json b/2016/2xxx/CVE-2016-2983.json index 6a254adb37b..1c79d9a6f32 100644 --- a/2016/2xxx/CVE-2016-2983.json +++ b/2016/2xxx/CVE-2016-2983.json @@ -1,84 +1,84 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-01-23T00:00:00", - "ID" : "CVE-2016-2983", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Tealeaf Customer Experience", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.2" - }, - { - "version_value" : "8.7" - }, - { - "version_value" : "8.8" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker under unusual circumstances to read operational data or TLS session state for any active sessions, cause denial of service, or bypass security. IBM X-Force ID: 113999." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Bypass Security" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-01-23T00:00:00", + "ID": "CVE-2016-2983", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Tealeaf Customer Experience", + "version": { + "version_data": [ + { + "version_value": "9.0.2" + }, + { + "version_value": "8.7" + }, + { + "version_value": "8.8" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/113999", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/113999" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22006393", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22006393" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22006455", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22006455" - }, - { - "name" : "102891", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102891" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker under unusual circumstances to read operational data or TLS session state for any active sessions, cause denial of service, or bypass security. IBM X-Force ID: 113999." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Bypass Security" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22006455", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22006455" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22006393", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22006393" + }, + { + "name": "102891", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102891" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113999", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113999" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6078.json b/2016/6xxx/CVE-2016-6078.json index 4b7d5d698e1..86d0063d59d 100644 --- a/2016/6xxx/CVE-2016-6078.json +++ b/2016/6xxx/CVE-2016-6078.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6078", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6078", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6617.json b/2016/6xxx/CVE-2016-6617.json index 0242600f451..0cb55d2d43d 100644 --- a/2016/6xxx/CVE-2016-6617.json +++ b/2016/6xxx/CVE-2016-6617.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6617", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4) are affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6617", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.phpmyadmin.net/security/PMASA-2016-40", - "refsource" : "CONFIRM", - "url" : "https://www.phpmyadmin.net/security/PMASA-2016-40" - }, - { - "name" : "GLSA-201701-32", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-32" - }, - { - "name" : "95044", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95044" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4) are affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.phpmyadmin.net/security/PMASA-2016-40", + "refsource": "CONFIRM", + "url": "https://www.phpmyadmin.net/security/PMASA-2016-40" + }, + { + "name": "95044", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95044" + }, + { + "name": "GLSA-201701-32", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-32" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6696.json b/2016/6xxx/CVE-2016-6696.json index 752b6479433..2e0441da6f8 100644 --- a/2016/6xxx/CVE-2016-6696.json +++ b/2016/6xxx/CVE-2016-6696.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6696", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via a large negative value for the data length, aka Qualcomm internal bug CR 1041130." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-6696", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-10-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-10-01.html" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=c3c9341bfdf93606983f893a086cb33a487306e5", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=c3c9341bfdf93606983f893a086cb33a487306e5" - }, - { - "name" : "93330", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93330" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via a large negative value for the data length, aka Qualcomm internal bug CR 1041130." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93330", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93330" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=c3c9341bfdf93606983f893a086cb33a487306e5", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=c3c9341bfdf93606983f893a086cb33a487306e5" + }, + { + "name": "http://source.android.com/security/bulletin/2016-10-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-10-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6909.json b/2016/6xxx/CVE-2016-6909.json index bb20db0c408..7b4f7685fee 100644 --- a/2016/6xxx/CVE-2016-6909.json +++ b/2016/6xxx/CVE-2016-6909.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6909", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6909", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40276", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40276/" - }, - { - "name" : "http://packetstormsecurity.com/files/138387/EGREGIOUSBLUNDER-Fortigate-Remote-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/138387/EGREGIOUSBLUNDER-Fortigate-Remote-Code-Execution.html" - }, - { - "name" : "https://musalbas.com/2016/08/16/equation-group-firewall-operations-catalogue.html", - "refsource" : "MISC", - "url" : "https://musalbas.com/2016/08/16/equation-group-firewall-operations-catalogue.html" - }, - { - "name" : "http://fortiguard.com/advisory/FG-IR-16-023", - "refsource" : "CONFIRM", - "url" : "http://fortiguard.com/advisory/FG-IR-16-023" - }, - { - "name" : "92523", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92523" - }, - { - "name" : "1036643", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036643" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://fortiguard.com/advisory/FG-IR-16-023", + "refsource": "CONFIRM", + "url": "http://fortiguard.com/advisory/FG-IR-16-023" + }, + { + "name": "https://musalbas.com/2016/08/16/equation-group-firewall-operations-catalogue.html", + "refsource": "MISC", + "url": "https://musalbas.com/2016/08/16/equation-group-firewall-operations-catalogue.html" + }, + { + "name": "1036643", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036643" + }, + { + "name": "http://packetstormsecurity.com/files/138387/EGREGIOUSBLUNDER-Fortigate-Remote-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/138387/EGREGIOUSBLUNDER-Fortigate-Remote-Code-Execution.html" + }, + { + "name": "40276", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40276/" + }, + { + "name": "92523", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92523" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18039.json b/2017/18xxx/CVE-2017-18039.json index f0531b30e8e..e4f6fe6f055 100644 --- a/2017/18xxx/CVE-2017-18039.json +++ b/2017/18xxx/CVE-2017-18039.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@atlassian.com", - "DATE_PUBLIC" : "2018-02-02T00:00:00", - "ID" : "CVE-2017-18039", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jira", - "version" : { - "version_data" : [ - { - "version_value" : "from 6.2.1 prior to 7.4.4" - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2018-02-02T00:00:00", + "ID": "CVE-2017-18039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira", + "version": { + "version_data": [ + { + "version_value": "from 6.2.1 prior to 7.4.4" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jira.atlassian.com/browse/JRASERVER-66719", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/JRASERVER-66719" - }, - { - "name" : "103086", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103086" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103086", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103086" + }, + { + "name": "https://jira.atlassian.com/browse/JRASERVER-66719", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/JRASERVER-66719" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5223.json b/2017/5xxx/CVE-2017-5223.json index af7ded2745e..9c0e4cfbe23 100644 --- a/2017/5xxx/CVE-2017-5223.json +++ b/2017/5xxx/CVE-2017-5223.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5223", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base directory is provided, it resolves to /, meaning that relative image URLs get treated as absolute local file paths and added as attachments. To form a remote vulnerability, the msgHTML method must be called, passed an unfiltered, user-supplied HTML document, and must not set a base directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5223", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43056", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43056/" - }, - { - "name" : "http://kalilinux.co/2017/01/12/phpmailer-cve-2017-5223-local-information-disclosure-vulnerability-analysis/", - "refsource" : "MISC", - "url" : "http://kalilinux.co/2017/01/12/phpmailer-cve-2017-5223-local-information-disclosure-vulnerability-analysis/" - }, - { - "name" : "https://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.md", - "refsource" : "MISC", - "url" : "https://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.md" - }, - { - "name" : "95328", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95328" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base directory is provided, it resolves to /, meaning that relative image URLs get treated as absolute local file paths and added as attachments. To form a remote vulnerability, the msgHTML method must be called, passed an unfiltered, user-supplied HTML document, and must not set a base directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95328", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95328" + }, + { + "name": "http://kalilinux.co/2017/01/12/phpmailer-cve-2017-5223-local-information-disclosure-vulnerability-analysis/", + "refsource": "MISC", + "url": "http://kalilinux.co/2017/01/12/phpmailer-cve-2017-5223-local-information-disclosure-vulnerability-analysis/" + }, + { + "name": "43056", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43056/" + }, + { + "name": "https://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.md", + "refsource": "MISC", + "url": "https://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.md" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5688.json b/2017/5xxx/CVE-2017-5688.json index 2f97eaa897a..99f8b547824 100644 --- a/2017/5xxx/CVE-2017-5688.json +++ b/2017/5xxx/CVE-2017-5688.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "ID" : "CVE-2017-5688", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Solid State Drive Toolbox", - "version" : { - "version_data" : [ - { - "version_value" : "Before 3.4.5" - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is an escalation of privilege vulnerability in the Intel Solid State Drive Toolbox versions before 3.4.5 which allow a local administrative attacker to load and execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Escalation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "ID": "CVE-2017-5688", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solid State Drive Toolbox", + "version": { + "version_data": [ + { + "version_value": "Before 3.4.5" + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00074&languageid=en-fr", - "refsource" : "CONFIRM", - "url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00074&languageid=en-fr" - }, - { - "name" : "98771", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98771" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is an escalation of privilege vulnerability in the Intel Solid State Drive Toolbox versions before 3.4.5 which allow a local administrative attacker to load and execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00074&languageid=en-fr", + "refsource": "CONFIRM", + "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00074&languageid=en-fr" + }, + { + "name": "98771", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98771" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5838.json b/2017/5xxx/CVE-2017-5838.json index 8af7ed4b078..423c7fbdca2 100644 --- a/2017/5xxx/CVE-2017-5838.json +++ b/2017/5xxx/CVE-2017-5838.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5838", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a malformed datetime string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5838", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170201 Multiple memory access issues in gstreamer", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/01/7" - }, - { - "name" : "[oss-security] 20170202 Re: Multiple memory access issues in gstreamer", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/02/9" - }, - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=777263", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=777263" - }, - { - "name" : "https://gstreamer.freedesktop.org/releases/1.10/#1.10.3", - "refsource" : "CONFIRM", - "url" : "https://gstreamer.freedesktop.org/releases/1.10/#1.10.3" - }, - { - "name" : "DSA-3822", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3822" - }, - { - "name" : "GLSA-201705-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-10" - }, - { - "name" : "RHSA-2017:2060", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2060" - }, - { - "name" : "96001", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96001" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a malformed datetime string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3822", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3822" + }, + { + "name": "96001", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96001" + }, + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=777263", + "refsource": "CONFIRM", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=777263" + }, + { + "name": "RHSA-2017:2060", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2060" + }, + { + "name": "[oss-security] 20170202 Re: Multiple memory access issues in gstreamer", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/02/9" + }, + { + "name": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.3", + "refsource": "CONFIRM", + "url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.3" + }, + { + "name": "GLSA-201705-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-10" + }, + { + "name": "[oss-security] 20170201 Multiple memory access issues in gstreamer", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/01/7" + } + ] + } +} \ No newline at end of file