diff --git a/2006/0xxx/CVE-2006-0265.json b/2006/0xxx/CVE-2006-0265.json index 381b53bdd5c..58609a366fa 100644 --- a/2006/0xxx/CVE-2006-0265.json +++ b/2006/0xxx/CVE-2006-0265.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0265", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.1 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB17 in the Oracle Text component and (2) DB18 in the Program Interface Network component. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that DB17 involves SQL injection in the (a) VALIDATE_STATEMENT and BUILD_DML functions in CTXSYS.DRILOAD; (b) CLEAN_DML function in CTXSYS.DRIDML; (c) GET_ROWID function in CTXSYS.CTX_DOC; (d) BROWSE_WORDS function in CTXSYS.CTX_QUERY; and (e) ODCIINDEXTRUNCATE, ODCIINDEXDROP, and ODCIINDEXDELETE functions in CATINDEXMETHODS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0265", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html" - }, - { - "name" : "VU#545804", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/545804" - }, - { - "name" : "16287", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16287" - }, - { - "name" : "ADV-2006-0243", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0243" - }, - { - "name" : "ADV-2006-0323", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0323" - }, - { - "name" : "22555", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22555" - }, - { - "name" : "22639", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22639" - }, - { - "name" : "22640", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22640" - }, - { - "name" : "22641", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22641" - }, - { - "name" : "22642", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22642" - }, - { - "name" : "1015499", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015499" - }, - { - "name" : "18493", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18493" - }, - { - "name" : "18608", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18608" - }, - { - "name" : "oracle-january2006-update(24321)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.1 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB17 in the Oracle Text component and (2) DB18 in the Program Interface Network component. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that DB17 involves SQL injection in the (a) VALIDATE_STATEMENT and BUILD_DML functions in CTXSYS.DRILOAD; (b) CLEAN_DML function in CTXSYS.DRIDML; (c) GET_ROWID function in CTXSYS.CTX_DOC; (d) BROWSE_WORDS function in CTXSYS.CTX_QUERY; and (e) ODCIINDEXTRUNCATE, ODCIINDEXDROP, and ODCIINDEXDELETE functions in CATINDEXMETHODS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22555", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22555" + }, + { + "name": "oracle-january2006-update(24321)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321" + }, + { + "name": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html" + }, + { + "name": "18493", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18493" + }, + { + "name": "ADV-2006-0323", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0323" + }, + { + "name": "16287", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16287" + }, + { + "name": "22640", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22640" + }, + { + "name": "VU#545804", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/545804" + }, + { + "name": "1015499", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015499" + }, + { + "name": "ADV-2006-0243", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0243" + }, + { + "name": "22642", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22642" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html" + }, + { + "name": "18608", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18608" + }, + { + "name": "22639", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22639" + }, + { + "name": "22641", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22641" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0280.json b/2006/0xxx/CVE-2006-0280.json index 4f95af4d485..21fc73d9094 100644 --- a/2006/0xxx/CVE-2006-0280.json +++ b/2006/0xxx/CVE-2006-0280.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0280", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle PeopleSoft Enterprise Portal 8.4 Bundle 15, 8.8 Bundle 10, and 8.9 Bundle 2 has unspecified impact and attack vectors, as identified by Oracle Vuln# PSE01." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0280", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html" - }, - { - "name" : "VU#545804", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/545804" - }, - { - "name" : "16287", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16287" - }, - { - "name" : "ADV-2006-0243", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0243" - }, - { - "name" : "ADV-2006-0323", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0323" - }, - { - "name" : "1015499", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015499" - }, - { - "name" : "18493", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18493" - }, - { - "name" : "18608", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18608" - }, - { - "name" : "oracle-january2006-update(24321)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle PeopleSoft Enterprise Portal 8.4 Bundle 15, 8.8 Bundle 10, and 8.9 Bundle 2 has unspecified impact and attack vectors, as identified by Oracle Vuln# PSE01." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oracle-january2006-update(24321)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321" + }, + { + "name": "18493", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18493" + }, + { + "name": "ADV-2006-0323", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0323" + }, + { + "name": "16287", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16287" + }, + { + "name": "VU#545804", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/545804" + }, + { + "name": "1015499", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015499" + }, + { + "name": "ADV-2006-0243", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0243" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html" + }, + { + "name": "18608", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18608" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0755.json b/2006/0xxx/CVE-2006-0755.json index 70e1148b8b0..14dd4f2d1f6 100644 --- a/2006/0xxx/CVE-2006-0755.json +++ b/2006/0xxx/CVE-2006-0755.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0755", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Multiple PHP remote file include vulnerabilities in dotProject 2.0.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary commands via the baseDir parameter in (1) db_adodb.php, (2) db_connect.php, (3) session.php, (4) vw_usr_roles.php, (5) calendar.php, (6) date_format.php, and (7) tasks/gantt.php; and the dPconfig[root_dir] parameter in (8) projects/gantt.php, (9) gantt2.php, and (10) vw_files.php. NOTE: the vendor disputes this issue, stating that the product documentation clearly recommends that the system administrator disable register_globals, and that the check.php script warns against this setting. Also, the vendor says that the protection.php/siteurl vector is incorrect because protection.php does not exist in the product." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0755", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060214 dotproject <= 2.0.1 remote code execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/424957/100/0/threaded" - }, - { - "name" : "20060215 Re: dotproject <= 2.0.1 remote code execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/425285/100/0/threaded" - }, - { - "name" : "16648", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16648" - }, - { - "name" : "ADV-2006-0604", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0604" - }, - { - "name" : "23209", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23209" - }, - { - "name" : "23212", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23212" - }, - { - "name" : "23210", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23210" - }, - { - "name" : "23211", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23211" - }, - { - "name" : "23213", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23213" - }, - { - "name" : "23214", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23214" - }, - { - "name" : "23215", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23215" - }, - { - "name" : "23216", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23216" - }, - { - "name" : "23217", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23217" - }, - { - "name" : "23218", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23218" - }, - { - "name" : "23219", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23219" - }, - { - "name" : "18879", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18879" - }, - { - "name" : "dotproject-multiple-basedir-file-include(24738)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24738" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Multiple PHP remote file include vulnerabilities in dotProject 2.0.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary commands via the baseDir parameter in (1) db_adodb.php, (2) db_connect.php, (3) session.php, (4) vw_usr_roles.php, (5) calendar.php, (6) date_format.php, and (7) tasks/gantt.php; and the dPconfig[root_dir] parameter in (8) projects/gantt.php, (9) gantt2.php, and (10) vw_files.php. NOTE: the vendor disputes this issue, stating that the product documentation clearly recommends that the system administrator disable register_globals, and that the check.php script warns against this setting. Also, the vendor says that the protection.php/siteurl vector is incorrect because protection.php does not exist in the product." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060214 dotproject <= 2.0.1 remote code execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/424957/100/0/threaded" + }, + { + "name": "23210", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23210" + }, + { + "name": "23216", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23216" + }, + { + "name": "23217", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23217" + }, + { + "name": "18879", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18879" + }, + { + "name": "23209", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23209" + }, + { + "name": "16648", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16648" + }, + { + "name": "23212", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23212" + }, + { + "name": "23215", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23215" + }, + { + "name": "dotproject-multiple-basedir-file-include(24738)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24738" + }, + { + "name": "23213", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23213" + }, + { + "name": "ADV-2006-0604", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0604" + }, + { + "name": "23214", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23214" + }, + { + "name": "23218", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23218" + }, + { + "name": "23211", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23211" + }, + { + "name": "23219", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23219" + }, + { + "name": "20060215 Re: dotproject <= 2.0.1 remote code execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/425285/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1237.json b/2006/1xxx/CVE-2006-1237.json index 0e90500ae7a..f3fddb0cbc5 100644 --- a/2006/1xxx/CVE-2006-1237.json +++ b/2006/1xxx/CVE-2006-1237.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1237", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in DSNewsletter 1.0, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the email parameter to (1) include/sub.php, (2) include/confirm.php, or (3) include/unconfirm.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060324 [eVuln] DSNewsletter SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/428664/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/97/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/97/summary.html" - }, - { - "name" : "17111", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17111" - }, - { - "name" : "ADV-2006-0931", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0931" - }, - { - "name" : "23883", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23883" - }, - { - "name" : "23884", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23884" - }, - { - "name" : "23885", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23885" - }, - { - "name" : "1015757", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015757" - }, - { - "name" : "19207", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19207" - }, - { - "name" : "623", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/623" - }, - { - "name" : "dsnewsletter-email-sql-injection(25188)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25188" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in DSNewsletter 1.0, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the email parameter to (1) include/sub.php, (2) include/confirm.php, or (3) include/unconfirm.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19207", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19207" + }, + { + "name": "ADV-2006-0931", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0931" + }, + { + "name": "17111", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17111" + }, + { + "name": "623", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/623" + }, + { + "name": "23883", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23883" + }, + { + "name": "http://evuln.com/vulns/97/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/97/summary.html" + }, + { + "name": "dsnewsletter-email-sql-injection(25188)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25188" + }, + { + "name": "1015757", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015757" + }, + { + "name": "20060324 [eVuln] DSNewsletter SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/428664/100/0/threaded" + }, + { + "name": "23885", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23885" + }, + { + "name": "23884", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23884" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1464.json b/2006/1xxx/CVE-2006-1464.json index 06b1036e621..6ab718185f8 100644 --- a/2006/1xxx/CVE-2006-1464.json +++ b/2006/1xxx/CVE-2006-1464.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1464", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickTime MPEG4 (M4P) video format file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1464", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060512 Apple QuickDraw/QuickTime Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/433831/100/0/threaded" - }, - { - "name" : "APPLE-SA-2006-05-11", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/May/msg00002.html" - }, - { - "name" : "TA06-132B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-132B.html" - }, - { - "name" : "VU#587937", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/587937" - }, - { - "name" : "17953", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17953" - }, - { - "name" : "ADV-2006-1778", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1778" - }, - { - "name" : "1016067", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016067" - }, - { - "name" : "20069", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20069" - }, - { - "name" : "887", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/887" - }, - { - "name" : "quicktime-mpeg4-bo(26397)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26397" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickTime MPEG4 (M4P) video format file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#587937", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/587937" + }, + { + "name": "20069", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20069" + }, + { + "name": "APPLE-SA-2006-05-11", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/May/msg00002.html" + }, + { + "name": "1016067", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016067" + }, + { + "name": "TA06-132B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-132B.html" + }, + { + "name": "quicktime-mpeg4-bo(26397)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26397" + }, + { + "name": "887", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/887" + }, + { + "name": "17953", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17953" + }, + { + "name": "ADV-2006-1778", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1778" + }, + { + "name": "20060512 Apple QuickDraw/QuickTime Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/433831/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1709.json b/2006/1xxx/CVE-2006-1709.json index 02e57bbe79a..ae62b239965 100644 --- a/2006/1xxx/CVE-2006-1709.json +++ b/2006/1xxx/CVE-2006-1709.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1709", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in shop_main.cgi in interaktiv.shop 5 allows remote attackers to inject arbitrary web script or HTML via the (1) pn and (2) sbeg parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1709", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/04/interaktivshop-v5-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/04/interaktivshop-v5-xss-vuln.html" - }, - { - "name" : "17485", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17485" - }, - { - "name" : "ADV-2006-1326", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1326" - }, - { - "name" : "24557", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24557" - }, - { - "name" : "19622", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19622" - }, - { - "name" : "interaktiv-shopmain-xss(25739)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25739" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in shop_main.cgi in interaktiv.shop 5 allows remote attackers to inject arbitrary web script or HTML via the (1) pn and (2) sbeg parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "interaktiv-shopmain-xss(25739)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25739" + }, + { + "name": "http://pridels0.blogspot.com/2006/04/interaktivshop-v5-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/04/interaktivshop-v5-xss-vuln.html" + }, + { + "name": "24557", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24557" + }, + { + "name": "19622", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19622" + }, + { + "name": "ADV-2006-1326", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1326" + }, + { + "name": "17485", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17485" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1856.json b/2006/1xxx/CVE-2006-1856.json index 9143e2e8174..b5b13c3e473 100644 --- a/2006/1xxx/CVE-2006-1856.json +++ b/2006/1xxx/CVE-2006-1856.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1856", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Certain modifications to the Linux kernel 2.6.16 and earlier do not add the appropriate Linux Security Modules (LSM) file_permission hooks to the (1) readv and (2) writev functions, which might allow attackers to bypass intended access restrictions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-1856", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-security-module] 20050928 readv/writev syscalls are not checked by lsm", - "refsource" : "MLIST", - "url" : "http://lists.jammed.com/linux-security-module/2005/09/0019.html" - }, - { - "name" : "[linux-kernel] 20060426 [PATCH] LSM: add missing hook to do_compat_readv_writev()", - "refsource" : "MLIST", - "url" : "http://www.ussg.iu.edu/hypermail/linux/kernel/0604.3/0777.html" - }, - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191524", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191524" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm" - }, - { - "name" : "DSA-1184", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1184" - }, - { - "name" : "MDKSA-2006:123", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:123" - }, - { - "name" : "RHSA-2006:0493", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0493.html" - }, - { - "name" : "USN-302-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-302-1" - }, - { - "name" : "18105", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18105" - }, - { - "name" : "25747", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25747" - }, - { - "name" : "oval:org.mitre.oval:def:9927", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9927" - }, - { - "name" : "20237", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20237" - }, - { - "name" : "20716", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20716" - }, - { - "name" : "21045", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21045" - }, - { - "name" : "21745", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21745" - }, - { - "name" : "22093", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22093" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Certain modifications to the Linux kernel 2.6.16 and earlier do not add the appropriate Linux Security Modules (LSM) file_permission hooks to the (1) readv and (2) writev functions, which might allow attackers to bypass intended access restrictions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm" + }, + { + "name": "RHSA-2006:0493", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0493.html" + }, + { + "name": "oval:org.mitre.oval:def:9927", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9927" + }, + { + "name": "[linux-security-module] 20050928 readv/writev syscalls are not checked by lsm", + "refsource": "MLIST", + "url": "http://lists.jammed.com/linux-security-module/2005/09/0019.html" + }, + { + "name": "20716", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20716" + }, + { + "name": "21745", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21745" + }, + { + "name": "USN-302-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-302-1" + }, + { + "name": "MDKSA-2006:123", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:123" + }, + { + "name": "[linux-kernel] 20060426 [PATCH] LSM: add missing hook to do_compat_readv_writev()", + "refsource": "MLIST", + "url": "http://www.ussg.iu.edu/hypermail/linux/kernel/0604.3/0777.html" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191524", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191524" + }, + { + "name": "25747", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25747" + }, + { + "name": "21045", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21045" + }, + { + "name": "20237", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20237" + }, + { + "name": "22093", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22093" + }, + { + "name": "DSA-1184", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1184" + }, + { + "name": "18105", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18105" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1878.json b/2006/1xxx/CVE-2006-1878.json index 19219464daf..56519233f22 100644 --- a/2006/1xxx/CVE-2006-1878.json +++ b/2006/1xxx/CVE-2006-1878.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1878", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in phpFaber TopSites allows remote attackers to inject arbitrary web script or HTML via the page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1878", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060415 phpFaber TopSites Script Cross-Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431073/100/0/threaded" - }, - { - "name" : "17542", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17542" - }, - { - "name" : "ADV-2006-1394", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1394" - }, - { - "name" : "1015945", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015945" - }, - { - "name" : "19652", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19652" - }, - { - "name" : "719", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/719" - }, - { - "name" : "760", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/760" - }, - { - "name" : "phpfabertopsites-index-xss(25804)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25804" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in phpFaber TopSites allows remote attackers to inject arbitrary web script or HTML via the page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015945", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015945" + }, + { + "name": "760", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/760" + }, + { + "name": "719", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/719" + }, + { + "name": "19652", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19652" + }, + { + "name": "ADV-2006-1394", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1394" + }, + { + "name": "phpfabertopsites-index-xss(25804)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25804" + }, + { + "name": "17542", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17542" + }, + { + "name": "20060415 phpFaber TopSites Script Cross-Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431073/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3817.json b/2006/3xxx/CVE-2006-3817.json index 8bba014f2ff..8f6e5c8b80f 100644 --- a/2006/3xxx/CVE-2006-3817.json +++ b/2006/3xxx/CVE-2006-3817.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3817", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess 6.5 and 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via an encoded SCRIPT element in an e-mail message with the UTF-7 character set, as demonstrated by the \"+ADw-SCRIPT+AD4-\" sequence." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3817", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060808 [ISR] - Novell Groupwise Webaccess (Cross-Site Scripting)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/442719/100/100/threaded" - }, - { - "name" : "20060808 [ISR] - Novell Groupwise Webaccess (Cross-Site Scripting)", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048593.html" - }, - { - "name" : "http://www.infobyte.com.ar/adv/ISR-14.html", - "refsource" : "MISC", - "url" : "http://www.infobyte.com.ar/adv/ISR-14.html" - }, - { - "name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974176.htm", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974176.htm" - }, - { - "name" : "http://www.novell.com/support/search.do?cmd=displayKC&externalId=3701584&sliceId=SAL_Public", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/search.do?cmd=displayKC&externalId=3701584&sliceId=SAL_Public" - }, - { - "name" : "19297", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19297" - }, - { - "name" : "ADV-2006-3098", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3098" - }, - { - "name" : "1016648", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016648" - }, - { - "name" : "21411", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21411" - }, - { - "name" : "groupwise-utf7-xss(28211)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28211" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess 6.5 and 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via an encoded SCRIPT element in an e-mail message with the UTF-7 character set, as demonstrated by the \"+ADw-SCRIPT+AD4-\" sequence." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060808 [ISR] - Novell Groupwise Webaccess (Cross-Site Scripting)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/442719/100/100/threaded" + }, + { + "name": "19297", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19297" + }, + { + "name": "groupwise-utf7-xss(28211)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28211" + }, + { + "name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974176.htm", + "refsource": "CONFIRM", + "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974176.htm" + }, + { + "name": "20060808 [ISR] - Novell Groupwise Webaccess (Cross-Site Scripting)", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048593.html" + }, + { + "name": "21411", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21411" + }, + { + "name": "http://www.novell.com/support/search.do?cmd=displayKC&externalId=3701584&sliceId=SAL_Public", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/search.do?cmd=displayKC&externalId=3701584&sliceId=SAL_Public" + }, + { + "name": "ADV-2006-3098", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3098" + }, + { + "name": "http://www.infobyte.com.ar/adv/ISR-14.html", + "refsource": "MISC", + "url": "http://www.infobyte.com.ar/adv/ISR-14.html" + }, + { + "name": "1016648", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016648" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4188.json b/2006/4xxx/CVE-2006-4188.json index d87e7df9bb2..fef4555f806 100644 --- a/2006/4xxx/CVE-2006-4188.json +++ b/2006/4xxx/CVE-2006-4188.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4188", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the LP subsystem in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers to cause a denial of service via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4188", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-184.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-184.htm" - }, - { - "name" : "HPSBUX02139", - "refsource" : "HP", - "url" : "http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00746980" - }, - { - "name" : "SSRT5981", - "refsource" : "HP", - "url" : "http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00746980" - }, - { - "name" : "19535", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19535" - }, - { - "name" : "oval:org.mitre.oval:def:5500", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5500" - }, - { - "name" : "ADV-2006-3291", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3291" - }, - { - "name" : "1016698", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/alerts/2006/Aug/1016698.html" - }, - { - "name" : "21499", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21499" - }, - { - "name" : "21898", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21898" - }, - { - "name" : "hpux-lpsubsystem-dos(28440)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28440" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the LP subsystem in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers to cause a denial of service via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT5981", + "refsource": "HP", + "url": "http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00746980" + }, + { + "name": "hpux-lpsubsystem-dos(28440)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28440" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-184.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-184.htm" + }, + { + "name": "21499", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21499" + }, + { + "name": "HPSBUX02139", + "refsource": "HP", + "url": "http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00746980" + }, + { + "name": "21898", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21898" + }, + { + "name": "ADV-2006-3291", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3291" + }, + { + "name": "19535", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19535" + }, + { + "name": "1016698", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/alerts/2006/Aug/1016698.html" + }, + { + "name": "oval:org.mitre.oval:def:5500", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5500" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4191.json b/2006/4xxx/CVE-2006-4191.json index dde22583522..d761506723b 100644 --- a/2006/4xxx/CVE-2006-4191.json +++ b/2006/4xxx/CVE-2006-4191.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4191", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4191", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060813 XMB <= 1.9.6 Final basename()/'langfilenew' arbitrary local inclusion / remote commands execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/443167/100/0/threaded" - }, - { - "name" : "http://retrogod.altervista.org/xmb_196_sql.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/xmb_196_sql.html" - }, - { - "name" : "2178", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2178" - }, - { - "name" : "19501", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19501" - }, - { - "name" : "19494", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19494" - }, - { - "name" : "21293", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21293" - }, - { - "name" : "1411", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1411" - }, - { - "name" : "xmb-memcp-file-include(28356)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28356" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21293", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21293" + }, + { + "name": "1411", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1411" + }, + { + "name": "2178", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2178" + }, + { + "name": "19501", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19501" + }, + { + "name": "20060813 XMB <= 1.9.6 Final basename()/'langfilenew' arbitrary local inclusion / remote commands execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/443167/100/0/threaded" + }, + { + "name": "http://retrogod.altervista.org/xmb_196_sql.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/xmb_196_sql.html" + }, + { + "name": "xmb-memcp-file-include(28356)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28356" + }, + { + "name": "19494", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19494" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4244.json b/2006/4xxx/CVE-2006-4244.json index bdc43b50e7f..ea553c9b20a 100644 --- a/2006/4xxx/CVE-2006-4244.json +++ b/2006/4xxx/CVE-2006-4244.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4244", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2006-4244", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060830 SQL-Ledger serious security vulnerability and workaround", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444741/100/0/threaded" - }, - { - "name" : "20060907 Full Disclosure for SQL-Ledger vulnerability CVE-2006-4244", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445512" - }, - { - "name" : "http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html&title=What's%20New", - "refsource" : "CONFIRM", - "url" : "http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html&title=What's%20New" - }, - { - "name" : "19758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19758" - }, - { - "name" : "21689", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21689" - }, - { - "name" : "1472", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1472" - }, - { - "name" : "sql-ledger-session-unauth-access(28671)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html&title=What's%20New", + "refsource": "CONFIRM", + "url": "http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html&title=What's%20New" + }, + { + "name": "sql-ledger-session-unauth-access(28671)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28671" + }, + { + "name": "19758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19758" + }, + { + "name": "21689", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21689" + }, + { + "name": "20060830 SQL-Ledger serious security vulnerability and workaround", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444741/100/0/threaded" + }, + { + "name": "20060907 Full Disclosure for SQL-Ledger vulnerability CVE-2006-4244", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445512" + }, + { + "name": "1472", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1472" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2042.json b/2010/2xxx/CVE-2010-2042.json index 7cd9dfe936f..796a57033cf 100644 --- a/2010/2xxx/CVE-2010-2042.json +++ b/2010/2xxx/CVE-2010-2042.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in search.php in ECShop 2.7.2 allows remote attackers to execute arbitrary SQL commands via the encode parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "12702", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12702" - }, - { - "name" : "http://packetstormsecurity.org/1005-exploits/ecshopsearch-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1005-exploits/ecshopsearch-sql.txt" - }, - { - "name" : "40338", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40338" - }, - { - "name" : "39930", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39930" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in search.php in ECShop 2.7.2 allows remote attackers to execute arbitrary SQL commands via the encode parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/1005-exploits/ecshopsearch-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1005-exploits/ecshopsearch-sql.txt" + }, + { + "name": "39930", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39930" + }, + { + "name": "40338", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40338" + }, + { + "name": "12702", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12702" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2071.json b/2010/2xxx/CVE-2010-2071.json index 58cb77f0970..55ffb89721c 100644 --- a/2010/2xxx/CVE-2010-2071.json +++ b/2010/2xxx/CVE-2010-2071.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2071", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The btrfs_xattr_set_acl function in fs/btrfs/acl.c in btrfs in the Linux kernel 2.6.34 and earlier does not check file ownership before setting an ACL, which allows local users to bypass file permissions by setting arbitrary ACLs, as demonstrated using setfacl." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2071", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20100518 [PATCH] btrfs: should add a permission check for setfacl", - "refsource" : "MLIST", - "url" : "http://lkml.org/lkml/2010/5/17/544" - }, - { - "name" : "[oss-security] 20100611 CVE request - kernel: btrfs: prevent users from setting ACLs on files they do not own", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/06/11/3" - }, - { - "name" : "[oss-security] 20100614 Re: CVE request - kernel: btrfs: prevent users from setting ACLs on files they do not own", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/06/14/2" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=2f26afba", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=2f26afba" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The btrfs_xattr_set_acl function in fs/btrfs/acl.c in btrfs in the Linux kernel 2.6.34 and earlier does not check file ownership before setting an ACL, which allows local users to bypass file permissions by setting arbitrary ACLs, as demonstrated using setfacl." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=2f26afba", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=2f26afba" + }, + { + "name": "[linux-kernel] 20100518 [PATCH] btrfs: should add a permission check for setfacl", + "refsource": "MLIST", + "url": "http://lkml.org/lkml/2010/5/17/544" + }, + { + "name": "[oss-security] 20100614 Re: CVE request - kernel: btrfs: prevent users from setting ACLs on files they do not own", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/06/14/2" + }, + { + "name": "[oss-security] 20100611 CVE request - kernel: btrfs: prevent users from setting ACLs on files they do not own", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/06/11/3" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2584.json b/2010/2xxx/CVE-2010-2584.json index 7b6da185faa..aae5ca64e73 100644 --- a/2010/2xxx/CVE-2010-2584.json +++ b/2010/2xxx/CVE-2010-2584.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2584", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Upload method in the RealPage Module Upload ActiveX control in Realpage.dll 1.0.0.9 in RealPage Module ActiveX Controls does not properly restrict certain property values, which allows remote attackers to read arbitrary files via a filename in the SourceFile property in conjunction with an http URL in the DestURL property." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2010-2584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2010-118/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2010-118/" - }, - { - "name" : "44302", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44302" - }, - { - "name" : "68813", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/68813" - }, - { - "name" : "41392", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41392" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Upload method in the RealPage Module Upload ActiveX control in Realpage.dll 1.0.0.9 in RealPage Module ActiveX Controls does not properly restrict certain property values, which allows remote attackers to read arbitrary files via a filename in the SourceFile property in conjunction with an http URL in the DestURL property." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41392", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41392" + }, + { + "name": "44302", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44302" + }, + { + "name": "http://secunia.com/secunia_research/2010-118/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2010-118/" + }, + { + "name": "68813", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/68813" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2730.json b/2010/2xxx/CVE-2010-2730.json index 681d5e35856..4997085a41e 100644 --- a/2010/2xxx/CVE-2010-2730.json +++ b/2010/2xxx/CVE-2010-2730.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2730", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka \"Request Header Buffer Overflow Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-2730", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-065", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-065" - }, - { - "name" : "oval:org.mitre.oval:def:6933", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6933" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka \"Request Header Buffer Overflow Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS10-065", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-065" + }, + { + "name": "oval:org.mitre.oval:def:6933", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6933" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2796.json b/2010/2xxx/CVE-2010-2796.json index fbf2d99f29d..4a55606ba23 100644 --- a/2010/2xxx/CVE-2010-2796.json +++ b/2010/2xxx/CVE-2010-2796.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2796", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in phpCAS before 1.1.2, when proxy mode is enabled, allows remote attackers to inject arbitrary web script or HTML via a callback URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2796", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://issues.jasig.org/browse/PHPCAS-67", - "refsource" : "CONFIRM", - "url" : "https://issues.jasig.org/browse/PHPCAS-67" - }, - { - "name" : "https://wiki.jasig.org/display/CASC/phpCAS+ChangeLog", - "refsource" : "CONFIRM", - "url" : "https://wiki.jasig.org/display/CASC/phpCAS+ChangeLog" - }, - { - "name" : "https://forge.indepnet.net/projects/glpi/repository/revisions/12601", - "refsource" : "CONFIRM", - "url" : "https://forge.indepnet.net/projects/glpi/repository/revisions/12601" - }, - { - "name" : "DSA-2172", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2172" - }, - { - "name" : "FEDORA-2010-12247", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046584.html" - }, - { - "name" : "FEDORA-2010-12258", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046576.html" - }, - { - "name" : "FEDORA-2010-16905", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html" - }, - { - "name" : "FEDORA-2010-16912", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html" - }, - { - "name" : "42160", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42160" - }, - { - "name" : "40845", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40845" - }, - { - "name" : "41240", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41240" - }, - { - "name" : "42149", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42149" - }, - { - "name" : "42184", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42184" - }, - { - "name" : "43427", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43427" - }, - { - "name" : "ADV-2010-2234", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2234" - }, - { - "name" : "ADV-2010-2261", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2261" - }, - { - "name" : "ADV-2010-2909", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2909" - }, - { - "name" : "ADV-2011-0456", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0456" - }, - { - "name" : "phpcas-callback-url-xss(60895)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60895" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in phpCAS before 1.1.2, when proxy mode is enabled, allows remote attackers to inject arbitrary web script or HTML via a callback URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2172", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2172" + }, + { + "name": "ADV-2011-0456", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0456" + }, + { + "name": "https://issues.jasig.org/browse/PHPCAS-67", + "refsource": "CONFIRM", + "url": "https://issues.jasig.org/browse/PHPCAS-67" + }, + { + "name": "41240", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41240" + }, + { + "name": "40845", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40845" + }, + { + "name": "FEDORA-2010-12258", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046576.html" + }, + { + "name": "42160", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42160" + }, + { + "name": "ADV-2010-2909", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2909" + }, + { + "name": "https://wiki.jasig.org/display/CASC/phpCAS+ChangeLog", + "refsource": "CONFIRM", + "url": "https://wiki.jasig.org/display/CASC/phpCAS+ChangeLog" + }, + { + "name": "ADV-2010-2261", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2261" + }, + { + "name": "42149", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42149" + }, + { + "name": "https://forge.indepnet.net/projects/glpi/repository/revisions/12601", + "refsource": "CONFIRM", + "url": "https://forge.indepnet.net/projects/glpi/repository/revisions/12601" + }, + { + "name": "FEDORA-2010-12247", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046584.html" + }, + { + "name": "43427", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43427" + }, + { + "name": "phpcas-callback-url-xss(60895)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60895" + }, + { + "name": "ADV-2010-2234", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2234" + }, + { + "name": "FEDORA-2010-16912", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html" + }, + { + "name": "FEDORA-2010-16905", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html" + }, + { + "name": "42184", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42184" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2928.json b/2010/2xxx/CVE-2010-2928.json index 6514e392487..42a085fea64 100644 --- a/2010/2xxx/CVE-2010-2928.json +++ b/2010/2xxx/CVE-2010-2928.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2928", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The vCenter Tomcat Management Application in VMware vCenter Server 4.1 before Update 1 stores log-on credentials in a configuration file, which allows local users to gain privileges by reading this file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2928", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded" - }, - { - "name" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" - }, - { - "name" : "70859", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70859" - }, - { - "name" : "43307", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43307" - }, - { - "name" : "8079", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8079" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The vCenter Tomcat Management Application in VMware vCenter Server 4.1 before Update 1 stores log-on credentials in a configuration file, which allows local users to gain privileges by reading this file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70859", + "refsource": "OSVDB", + "url": "http://osvdb.org/70859" + }, + { + "name": "43307", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43307" + }, + { + "name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" + }, + { + "name": "8079", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8079" + }, + { + "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3380.json b/2010/3xxx/CVE-2010-3380.json index dc3d70aff17..18b9b7ded3a 100644 --- a/2010/3xxx/CVE-2010-3380.json +++ b/2010/3xxx/CVE-2010-3380.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3380", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) init.d/slurm and (2) init.d/slurmdbd scripts in SLURM before 2.1.14 place the . (dot) directory in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3380", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/projects/slurm/files//slurm/version_2.1/2.1.14/RELEASE_NOTES_2.1.14/view", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/projects/slurm/files//slurm/version_2.1/2.1.14/RELEASE_NOTES_2.1.14/view" - }, - { - "name" : "43537", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43537" - }, - { - "name" : "41614", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41614" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) init.d/slurm and (2) init.d/slurmdbd scripts in SLURM before 2.1.14 place the . (dot) directory in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41614", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41614" + }, + { + "name": "43537", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43537" + }, + { + "name": "http://sourceforge.net/projects/slurm/files//slurm/version_2.1/2.1.14/RELEASE_NOTES_2.1.14/view", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/projects/slurm/files//slurm/version_2.1/2.1.14/RELEASE_NOTES_2.1.14/view" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3407.json b/2010/3xxx/CVE-2010-3407.json index d9e2b13cffe..ff3911f4f35 100644 --- a/2010/3xxx/CVE-2010-3407.json +++ b/2010/3xxx/CVE-2010-3407.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3407", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the MailCheck821Address function in nnotes.dll in the nrouter.exe service in the server in IBM Lotus Domino 8.0.x before 8.0.2 FP5 and 8.5.x before 8.5.1 FP2 allows remote attackers to execute arbitrary code via a long e-mail address in an ORGANIZER:mailto header in an iCalendar calendar-invitation e-mail message, aka SPR NRBY7ZPJ9V." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3407", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100914 ZDI-10-177: IBM Lotus Domino iCalendar MAILTO Stack Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/513706/100/0/threaded" - }, - { - "name" : "15005", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15005" - }, - { - "name" : "http://labs.mwrinfosecurity.com/files/Advisories/mwri_lotus-domino-ical-stack-overflow_2010-09-14.pdf", - "refsource" : "MISC", - "url" : "http://labs.mwrinfosecurity.com/files/Advisories/mwri_lotus-domino-ical-stack-overflow_2010-09-14.pdf" - }, - { - "name" : "http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/52f9218288b51dcb852576c600741f72?OpenDocument", - "refsource" : "MISC", - "url" : "http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/52f9218288b51dcb852576c600741f72?OpenDocument" - }, - { - "name" : "http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/613a204806e3f211852576e2006afa3d?OpenDocument", - "refsource" : "MISC", - "url" : "http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/613a204806e3f211852576e2006afa3d?OpenDocument" - }, - { - "name" : "http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/af36678d60bd74288525778400534d7c?OpenDocument", - "refsource" : "MISC", - "url" : "http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/af36678d60bd74288525778400534d7c?OpenDocument" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-177/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-177/" - }, - { - "name" : "http://labs.mwrinfosecurity.com/advisories/lotus_domino_ical_stack_buffer_overflow/", - "refsource" : "CONFIRM", - "url" : "http://labs.mwrinfosecurity.com/advisories/lotus_domino_ical_stack_buffer_overflow/" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21446515", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21446515" - }, - { - "name" : "43219", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43219" - }, - { - "name" : "1024448", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024448" - }, - { - "name" : "41433", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41433" - }, - { - "name" : "ADV-2010-2381", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2381" - }, - { - "name" : "lotus-domino-icalendar-bo(61790)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61790" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the MailCheck821Address function in nnotes.dll in the nrouter.exe service in the server in IBM Lotus Domino 8.0.x before 8.0.2 FP5 and 8.5.x before 8.5.1 FP2 allows remote attackers to execute arbitrary code via a long e-mail address in an ORGANIZER:mailto header in an iCalendar calendar-invitation e-mail message, aka SPR NRBY7ZPJ9V." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "lotus-domino-icalendar-bo(61790)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61790" + }, + { + "name": "ADV-2010-2381", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2381" + }, + { + "name": "http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/af36678d60bd74288525778400534d7c?OpenDocument", + "refsource": "MISC", + "url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/af36678d60bd74288525778400534d7c?OpenDocument" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-177/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-177/" + }, + { + "name": "43219", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43219" + }, + { + "name": "http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/52f9218288b51dcb852576c600741f72?OpenDocument", + "refsource": "MISC", + "url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/52f9218288b51dcb852576c600741f72?OpenDocument" + }, + { + "name": "41433", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41433" + }, + { + "name": "http://labs.mwrinfosecurity.com/files/Advisories/mwri_lotus-domino-ical-stack-overflow_2010-09-14.pdf", + "refsource": "MISC", + "url": "http://labs.mwrinfosecurity.com/files/Advisories/mwri_lotus-domino-ical-stack-overflow_2010-09-14.pdf" + }, + { + "name": "http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/613a204806e3f211852576e2006afa3d?OpenDocument", + "refsource": "MISC", + "url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/613a204806e3f211852576e2006afa3d?OpenDocument" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21446515", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21446515" + }, + { + "name": "1024448", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024448" + }, + { + "name": "15005", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15005" + }, + { + "name": "http://labs.mwrinfosecurity.com/advisories/lotus_domino_ical_stack_buffer_overflow/", + "refsource": "CONFIRM", + "url": "http://labs.mwrinfosecurity.com/advisories/lotus_domino_ical_stack_buffer_overflow/" + }, + { + "name": "20100914 ZDI-10-177: IBM Lotus Domino iCalendar MAILTO Stack Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/513706/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3412.json b/2010/3xxx/CVE-2010-3412.json index 8ea2d4c475c..cb7f7263760 100644 --- a/2010/3xxx/CVE-2010-3412.json +++ b/2010/3xxx/CVE-2010-3412.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3412", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the console implementation in Google Chrome before 6.0.472.59 has unspecified impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3412", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=51919", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=51919" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html" - }, - { - "name" : "oval:org.mitre.oval:def:7354", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7354" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the console implementation in Google Chrome before 6.0.472.59 has unspecified impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/chromium/issues/detail?id=51919", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=51919" + }, + { + "name": "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html" + }, + { + "name": "oval:org.mitre.oval:def:7354", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7354" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3825.json b/2010/3xxx/CVE-2010-3825.json index aa9510f91ef..c0366d3bf4a 100644 --- a/2010/3xxx/CVE-2010-3825.json +++ b/2010/3xxx/CVE-2010-3825.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3825", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3825", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3837.json b/2010/3xxx/CVE-2010-3837.json index 490a4e6e5e2..28ae22d36b4 100644 --- a/2010/3xxx/CVE-2010-3837.json +++ b/2010/3xxx/CVE-2010-3837.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3837", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3837", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.mysql.com/bug.php?id=54476", - "refsource" : "CONFIRM", - "url" : "http://bugs.mysql.com/bug.php?id=54476" - }, - { - "name" : "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html", - "refsource" : "CONFIRM", - "url" : "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html" - }, - { - "name" : "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html", - "refsource" : "CONFIRM", - "url" : "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html" - }, - { - "name" : "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html", - "refsource" : "CONFIRM", - "url" : "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=640856", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=640856" - }, - { - "name" : "http://support.apple.com/kb/HT4723", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4723" - }, - { - "name" : "APPLE-SA-2011-06-23-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html" - }, - { - "name" : "DSA-2143", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2143" - }, - { - "name" : "MDVSA-2010:222", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:222" - }, - { - "name" : "MDVSA-2010:223", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:223" - }, - { - "name" : "RHSA-2010:0825", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0825.html" - }, - { - "name" : "RHSA-2011:0164", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0164.html" - }, - { - "name" : "TLSA-2011-3", - "refsource" : "TURBO", - "url" : "http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt" - }, - { - "name" : "USN-1017-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1017-1" - }, - { - "name" : "USN-1397-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1397-1" - }, - { - "name" : "43676", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43676" - }, - { - "name" : "42875", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42875" - }, - { - "name" : "42936", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42936" - }, - { - "name" : "ADV-2011-0105", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0105" - }, - { - "name" : "ADV-2011-0170", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0170" - }, - { - "name" : "ADV-2011-0345", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0345" - }, - { - "name" : "mysql-prepared-statement-dos(64841)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64841" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html", + "refsource": "CONFIRM", + "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html" + }, + { + "name": "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html", + "refsource": "CONFIRM", + "url": "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html" + }, + { + "name": "USN-1397-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1397-1" + }, + { + "name": "http://support.apple.com/kb/HT4723", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4723" + }, + { + "name": "42875", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42875" + }, + { + "name": "USN-1017-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1017-1" + }, + { + "name": "APPLE-SA-2011-06-23-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html" + }, + { + "name": "TLSA-2011-3", + "refsource": "TURBO", + "url": "http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt" + }, + { + "name": "ADV-2011-0105", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0105" + }, + { + "name": "MDVSA-2010:222", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:222" + }, + { + "name": "RHSA-2011:0164", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0164.html" + }, + { + "name": "http://bugs.mysql.com/bug.php?id=54476", + "refsource": "CONFIRM", + "url": "http://bugs.mysql.com/bug.php?id=54476" + }, + { + "name": "ADV-2011-0170", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0170" + }, + { + "name": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html", + "refsource": "CONFIRM", + "url": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html" + }, + { + "name": "DSA-2143", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2143" + }, + { + "name": "43676", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43676" + }, + { + "name": "ADV-2011-0345", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0345" + }, + { + "name": "42936", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42936" + }, + { + "name": "mysql-prepared-statement-dos(64841)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64841" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=640856", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=640856" + }, + { + "name": "RHSA-2010:0825", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0825.html" + }, + { + "name": "MDVSA-2010:223", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:223" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3888.json b/2010/3xxx/CVE-2010-3888.json index c46c560ea8d..10e758a9992 100644 --- a/2010/3xxx/CVE-2010-3888.json +++ b/2010/3xxx/CVE-2010-3888.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3888", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3888", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.computerworld.com/s/article/9185919/Is_Stuxnet_the_best_malware_ever_", - "refsource" : "MISC", - "url" : "http://www.computerworld.com/s/article/9185919/Is_Stuxnet_the_best_malware_ever_" - }, - { - "name" : "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2010/20100716", - "refsource" : "MISC", - "url" : "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2010/20100716" - }, - { - "name" : "http://www.securelist.com/en/blog/2291/Myrtus_and_Guava_Episode_MS10_061", - "refsource" : "MISC", - "url" : "http://www.securelist.com/en/blog/2291/Myrtus_and_Guava_Episode_MS10_061" - }, - { - "name" : "http://www.symantec.com/connect/blogs/stuxnet-using-three-additional-zero-day-vulnerabilities", - "refsource" : "MISC", - "url" : "http://www.symantec.com/connect/blogs/stuxnet-using-three-additional-zero-day-vulnerabilities" - }, - { - "name" : "http://www.virusbtn.com/conference/vb2010/abstracts/LastMinute7.xml", - "refsource" : "MISC", - "url" : "http://www.virusbtn.com/conference/vb2010/abstracts/LastMinute7.xml" - }, - { - "name" : "http://www.virusbtn.com/conference/vb2010/abstracts/LastMinute8.xml", - "refsource" : "MISC", - "url" : "http://www.virusbtn.com/conference/vb2010/abstracts/LastMinute8.xml" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.virusbtn.com/conference/vb2010/abstracts/LastMinute7.xml", + "refsource": "MISC", + "url": "http://www.virusbtn.com/conference/vb2010/abstracts/LastMinute7.xml" + }, + { + "name": "http://www.symantec.com/connect/blogs/stuxnet-using-three-additional-zero-day-vulnerabilities", + "refsource": "MISC", + "url": "http://www.symantec.com/connect/blogs/stuxnet-using-three-additional-zero-day-vulnerabilities" + }, + { + "name": "http://www.computerworld.com/s/article/9185919/Is_Stuxnet_the_best_malware_ever_", + "refsource": "MISC", + "url": "http://www.computerworld.com/s/article/9185919/Is_Stuxnet_the_best_malware_ever_" + }, + { + "name": "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2010/20100716", + "refsource": "MISC", + "url": "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2010/20100716" + }, + { + "name": "http://www.virusbtn.com/conference/vb2010/abstracts/LastMinute8.xml", + "refsource": "MISC", + "url": "http://www.virusbtn.com/conference/vb2010/abstracts/LastMinute8.xml" + }, + { + "name": "http://www.securelist.com/en/blog/2291/Myrtus_and_Guava_Episode_MS10_061", + "refsource": "MISC", + "url": "http://www.securelist.com/en/blog/2291/Myrtus_and_Guava_Episode_MS10_061" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4300.json b/2010/4xxx/CVE-2010-4300.json index eb69e82ed18..e4279975851 100644 --- a/2010/4xxx/CVE-2010-4300.json +++ b/2010/4xxx/CVE-2010-4300.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4300", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the dissect_ldss_transfer function (epan/dissectors/packet-ldss.c) in the LDSS dissector in Wireshark 1.2.0 through 1.2.12 and 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an LDSS packet with a long digest line that triggers memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4300", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15676", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15676" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2010-14.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2010-14.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5318", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5318" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2010-13.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2010-13.html" - }, - { - "name" : "http://blogs.sun.com/security/entry/buffer_overflow_vulnerability_in_wireshark", - "refsource" : "CONFIRM", - "url" : "http://blogs.sun.com/security/entry/buffer_overflow_vulnerability_in_wireshark" - }, - { - "name" : "MDVSA-2010:242", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:242" - }, - { - "name" : "RHSA-2010:0924", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0924.html" - }, - { - "name" : "SUSE-SR:2011:001", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "44987", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44987" - }, - { - "name" : "69354", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/69354" - }, - { - "name" : "oval:org.mitre.oval:def:14287", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14287" - }, - { - "name" : "1024762", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024762" - }, - { - "name" : "42290", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42290" - }, - { - "name" : "42411", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42411" - }, - { - "name" : "42877", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42877" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2010-3038", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3038" - }, - { - "name" : "ADV-2010-3068", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3068" - }, - { - "name" : "ADV-2010-3093", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3093" - }, - { - "name" : "ADV-2011-0076", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0076" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - }, - { - "name" : "ADV-2011-0404", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0404" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the dissect_ldss_transfer function (epan/dissectors/packet-ldss.c) in the LDSS dissector in Wireshark 1.2.0 through 1.2.12 and 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an LDSS packet with a long digest line that triggers memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5318", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5318" + }, + { + "name": "SUSE-SR:2011:001", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html" + }, + { + "name": "http://blogs.sun.com/security/entry/buffer_overflow_vulnerability_in_wireshark", + "refsource": "CONFIRM", + "url": "http://blogs.sun.com/security/entry/buffer_overflow_vulnerability_in_wireshark" + }, + { + "name": "ADV-2010-3093", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3093" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "42290", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42290" + }, + { + "name": "1024762", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024762" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "ADV-2010-3068", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3068" + }, + { + "name": "69354", + "refsource": "OSVDB", + "url": "http://osvdb.org/69354" + }, + { + "name": "42877", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42877" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "RHSA-2010:0924", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0924.html" + }, + { + "name": "15676", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15676" + }, + { + "name": "ADV-2011-0404", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0404" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2010-14.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2010-14.html" + }, + { + "name": "ADV-2011-0076", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0076" + }, + { + "name": "oval:org.mitre.oval:def:14287", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14287" + }, + { + "name": "MDVSA-2010:242", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:242" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2010-13.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2010-13.html" + }, + { + "name": "ADV-2010-3038", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3038" + }, + { + "name": "42411", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42411" + }, + { + "name": "44987", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44987" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4399.json b/2010/4xxx/CVE-2010-4399.json index e1f1e6f8be5..e08ce8cd52c 100644 --- a/2010/4xxx/CVE-2010-4399.json +++ b/2010/4xxx/CVE-2010-4399.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4399", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in languages.inc.php in DynPG CMS 4.1.1 and 4.2.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the CHG_DYNPG_SET_LANGUAGE parameter to index.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4399", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15646", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15646" - }, - { - "name" : "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt" - }, - { - "name" : "http://www.htbridge.ch/advisory/lfi_in_dynpg.html", - "refsource" : "MISC", - "url" : "http://www.htbridge.ch/advisory/lfi_in_dynpg.html" - }, - { - "name" : "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update&read_article=226", - "refsource" : "CONFIRM", - "url" : "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update&read_article=226" - }, - { - "name" : "45115", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45115" - }, - { - "name" : "69539", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/69539" - }, - { - "name" : "42380", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42380" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in languages.inc.php in DynPG CMS 4.1.1 and 4.2.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the CHG_DYNPG_SET_LANGUAGE parameter to index.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update&read_article=226", + "refsource": "CONFIRM", + "url": "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update&read_article=226" + }, + { + "name": "45115", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45115" + }, + { + "name": "42380", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42380" + }, + { + "name": "69539", + "refsource": "OSVDB", + "url": "http://osvdb.org/69539" + }, + { + "name": "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt" + }, + { + "name": "http://www.htbridge.ch/advisory/lfi_in_dynpg.html", + "refsource": "MISC", + "url": "http://www.htbridge.ch/advisory/lfi_in_dynpg.html" + }, + { + "name": "15646", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15646" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4491.json b/2010/4xxx/CVE-2010-4491.json index 1b5ab830b7d..ef87ad75c96 100644 --- a/2010/4xxx/CVE-2010-4491.json +++ b/2010/4xxx/CVE-2010-4491.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4491", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 8.0.552.215 does not properly restrict privileged extensions, which allows remote attackers to cause a denial of service (memory corruption) via a crafted extension." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4491", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=62168", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=62168" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html" - }, - { - "name" : "oval:org.mitre.oval:def:11991", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11991" - }, - { - "name" : "42472", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42472" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 8.0.552.215 does not properly restrict privileged extensions, which allows remote attackers to cause a denial of service (memory corruption) via a crafted extension." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:11991", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11991" + }, + { + "name": "42472", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42472" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=62168", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=62168" + }, + { + "name": "http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4808.json b/2010/4xxx/CVE-2010-4808.json index c2a0c0ff028..b9829905161 100644 --- a/2010/4xxx/CVE-2010-4808.json +++ b/2010/4xxx/CVE-2010-4808.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4808", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Webmatic allows remote attackers to execute arbitrary SQL commands via the p parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4808", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15517", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15517" - }, - { - "name" : "http://packetstormsecurity.org/files/view/95827/webmatic-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/view/95827/webmatic-sql.txt" - }, - { - "name" : "44863", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44863" - }, - { - "name" : "webmatic-index-sql-injection(63241)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/63241" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Webmatic allows remote attackers to execute arbitrary SQL commands via the p parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "webmatic-index-sql-injection(63241)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63241" + }, + { + "name": "15517", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15517" + }, + { + "name": "44863", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44863" + }, + { + "name": "http://packetstormsecurity.org/files/view/95827/webmatic-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/view/95827/webmatic-sql.txt" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1614.json b/2011/1xxx/CVE-2011-1614.json index d731ee81441..1f68d4ce9da 100644 --- a/2011/1xxx/CVE-2011-1614.json +++ b/2011/1xxx/CVE-2011-1614.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1614", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1614", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1644.json b/2011/1xxx/CVE-2011-1644.json index b75ddbf6628..cff70d754cc 100644 --- a/2011/1xxx/CVE-2011-1644.json +++ b/2011/1xxx/CVE-2011-1644.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1644", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1644", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1662.json b/2011/1xxx/CVE-2011-1662.json index 2f35e193d0d..28154fe619a 100644 --- a/2011/1xxx/CVE-2011-1662.json +++ b/2011/1xxx/CVE-2011-1662.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1662", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1662", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/1111174", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1111174" - }, - { - "name" : "47098", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47098" - }, - { - "name" : "43950", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43950" - }, - { - "name" : "transalation-unspecified-xss(66475)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66475" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "transalation-unspecified-xss(66475)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66475" + }, + { + "name": "http://drupal.org/node/1111174", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1111174" + }, + { + "name": "43950", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43950" + }, + { + "name": "47098", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47098" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1736.json b/2011/1xxx/CVE-2011-1736.json index 1c46d775fcc..054f2b2e82f 100644 --- a/2011/1xxx/CVE-2011-1736.json +++ b/2011/1xxx/CVE-2011-1736.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1736", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to read arbitrary files via directory traversal sequences in a filename in a GET_FILE message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-1736", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110429 ZDI-11-152: HP Data Protector Backup Client Service GET_FILE Directory Traversal Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/517772/100/0/threaded" - }, - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-11-152/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-11-152/" - }, - { - "name" : "HPSBMA02668", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240" - }, - { - "name" : "SSRT100474", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240" - }, - { - "name" : "47638", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47638" - }, - { - "name" : "72195", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/72195" - }, - { - "name" : "1025454", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025454" - }, - { - "name" : "44402", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44402" - }, - { - "name" : "openview-data-code-exec(67209)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67209" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to read arbitrary files via directory traversal sequences in a filename in a GET_FILE message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20110429 ZDI-11-152: HP Data Protector Backup Client Service GET_FILE Directory Traversal Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/517772/100/0/threaded" + }, + { + "name": "72195", + "refsource": "OSVDB", + "url": "http://osvdb.org/72195" + }, + { + "name": "47638", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47638" + }, + { + "name": "HPSBMA02668", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240" + }, + { + "name": "SSRT100474", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240" + }, + { + "name": "openview-data-code-exec(67209)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67209" + }, + { + "name": "44402", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44402" + }, + { + "name": "1025454", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025454" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-11-152/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-11-152/" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1769.json b/2011/1xxx/CVE-2011-1769.json index 7485ba12183..14506bce19e 100644 --- a/2011/1xxx/CVE-2011-1769.json +++ b/2011/1xxx/CVE-2011-1769.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1769", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SystemTap 1.4 and earlier, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs context variable access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1769", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110520 systemtap divide-by-zero issues (CVE-2011-1769, CVE-2011-1781)", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/05/20/2" - }, - { - "name" : "http://sourceware.org/git/?p=systemtap.git;a=commit;h=fa2e3415185a28542d419a641ecd6cddd52e3cd9", - "refsource" : "CONFIRM", - "url" : "http://sourceware.org/git/?p=systemtap.git;a=commit;h=fa2e3415185a28542d419a641ecd6cddd52e3cd9" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=702687", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=702687" - }, - { - "name" : "MDVSA-2011:154", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:154" - }, - { - "name" : "MDVSA-2011:155", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:155" - }, - { - "name" : "RHSA-2011:0842", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2011-0842.html" - }, - { - "name" : "47934", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47934" - }, - { - "name" : "44802", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44802" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SystemTap 1.4 and earlier, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs context variable access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44802", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44802" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=702687", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=702687" + }, + { + "name": "http://sourceware.org/git/?p=systemtap.git;a=commit;h=fa2e3415185a28542d419a641ecd6cddd52e3cd9", + "refsource": "CONFIRM", + "url": "http://sourceware.org/git/?p=systemtap.git;a=commit;h=fa2e3415185a28542d419a641ecd6cddd52e3cd9" + }, + { + "name": "47934", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47934" + }, + { + "name": "MDVSA-2011:154", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:154" + }, + { + "name": "MDVSA-2011:155", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:155" + }, + { + "name": "RHSA-2011:0842", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2011-0842.html" + }, + { + "name": "[oss-security] 20110520 systemtap divide-by-zero issues (CVE-2011-1769, CVE-2011-1781)", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/05/20/2" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5115.json b/2011/5xxx/CVE-2011-5115.json index 8e263ff9001..7c1d0322f93 100644 --- a/2011/5xxx/CVE-2011-5115.json +++ b/2011/5xxx/CVE-2011-5115.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5115", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in DLGuard, possibly 4.6 and earlier, allows remote attackers to inject arbitrary web script or HTML via the searchCart parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5115", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/106859/dlguardshoppingcart-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/106859/dlguardshoppingcart-xss.txt" - }, - { - "name" : "46855", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46855" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in DLGuard, possibly 4.6 and earlier, allows remote attackers to inject arbitrary web script or HTML via the searchCart parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46855", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46855" + }, + { + "name": "http://packetstormsecurity.org/files/106859/dlguardshoppingcart-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/106859/dlguardshoppingcart-xss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5219.json b/2011/5xxx/CVE-2011-5219.json index b5b0fbf558f..bd576b442f9 100644 --- a/2011/5xxx/CVE-2011-5219.json +++ b/2011/5xxx/CVE-2011-5219.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5219", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in examples/show_code.php in mPDF 5.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5219", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18248", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18248" - }, - { - "name" : "77939", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/77939" - }, - { - "name" : "47262", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47262" - }, - { - "name" : "mpdf-showcode-dir-traversal(71862)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71862" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in examples/show_code.php in mPDF 5.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "77939", + "refsource": "OSVDB", + "url": "http://osvdb.org/77939" + }, + { + "name": "47262", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47262" + }, + { + "name": "18248", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18248" + }, + { + "name": "mpdf-showcode-dir-traversal(71862)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71862" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3296.json b/2014/3xxx/CVE-2014-3296.json index d94e5f3fe5d..e21371886b2 100644 --- a/2014/3xxx/CVE-2014-3296.json +++ b/2014/3xxx/CVE-2014-3296.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3296", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The XML programmatic interface (XML PI) in Cisco WebEx Meeting Server 1.5(.1.131) and earlier allows remote authenticated users to obtain sensitive meeting information via a crafted URL, aka Bug ID CSCum03527." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3296", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34663", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34663" - }, - { - "name" : "20140619 Cisco WebEx Meeting Server Sensitive Information Disclosure Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3296" - }, - { - "name" : "68118", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68118" - }, - { - "name" : "59263", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59263" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The XML programmatic interface (XML PI) in Cisco WebEx Meeting Server 1.5(.1.131) and earlier allows remote authenticated users to obtain sensitive meeting information via a crafted URL, aka Bug ID CSCum03527." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34663", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34663" + }, + { + "name": "59263", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59263" + }, + { + "name": "68118", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68118" + }, + { + "name": "20140619 Cisco WebEx Meeting Server Sensitive Information Disclosure Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3296" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3343.json b/2014/3xxx/CVE-2014-3343.json index 1dfa279a1b2..987f7b79391 100644 --- a/2014/3xxx/CVE-2014-3343.json +++ b/2014/3xxx/CVE-2014-3343.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3343", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (DHCPv6 daemon crash) via a malformed DHCPv6 packet, aka Bug ID CSCuo59052." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3343", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35651", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35651" - }, - { - "name" : "20140908 Cisco IOS XR Software DHCPv6 Denial Of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3343" - }, - { - "name" : "69667", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69667" - }, - { - "name" : "1030816", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030816" - }, - { - "name" : "60122", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60122" - }, - { - "name" : "ciscoiosxr-cve20143343-dos(95781)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95781" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (DHCPv6 daemon crash) via a malformed DHCPv6 packet, aka Bug ID CSCuo59052." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35651", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35651" + }, + { + "name": "60122", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60122" + }, + { + "name": "20140908 Cisco IOS XR Software DHCPv6 Denial Of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3343" + }, + { + "name": "1030816", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030816" + }, + { + "name": "69667", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69667" + }, + { + "name": "ciscoiosxr-cve20143343-dos(95781)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95781" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3592.json b/2014/3xxx/CVE-2014-3592.json index 02bc079407b..b2d8866f8f4 100644 --- a/2014/3xxx/CVE-2014-3592.json +++ b/2014/3xxx/CVE-2014-3592.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3592", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3592", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3810.json b/2014/3xxx/CVE-2014-3810.json index 7e69ca266a9..e880343a9ce 100644 --- a/2014/3xxx/CVE-2014-3810.json +++ b/2014/3xxx/CVE-2014-3810.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3810", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in administration/profiles.php in BoonEx Dolphin 7.1.4 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the members[] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-4333." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3810", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140618 SQL Injection in Dolphin", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/532468/100/0/threaded" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23216", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23216" - }, - { - "name" : "http://packetstormsecurity.com/files/127148/Dolphin-7.1.4-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127148/Dolphin-7.1.4-SQL-Injection.html" - }, - { - "name" : "http://www.boonex.com/forums/topic/Medium-Risk-Security-Vulnerability-in-Dolphin-7-1.htm", - "refsource" : "CONFIRM", - "url" : "http://www.boonex.com/forums/topic/Medium-Risk-Security-Vulnerability-in-Dolphin-7-1.htm" - }, - { - "name" : "68091", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68091" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in administration/profiles.php in BoonEx Dolphin 7.1.4 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the members[] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-4333." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/127148/Dolphin-7.1.4-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127148/Dolphin-7.1.4-SQL-Injection.html" + }, + { + "name": "68091", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68091" + }, + { + "name": "20140618 SQL Injection in Dolphin", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/532468/100/0/threaded" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23216", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23216" + }, + { + "name": "http://www.boonex.com/forums/topic/Medium-Risk-Security-Vulnerability-in-Dolphin-7-1.htm", + "refsource": "CONFIRM", + "url": "http://www.boonex.com/forums/topic/Medium-Risk-Security-Vulnerability-in-Dolphin-7-1.htm" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7393.json b/2014/7xxx/CVE-2014-7393.json index 8fb322ad102..a6fc615e7a9 100644 --- a/2014/7xxx/CVE-2014-7393.json +++ b/2014/7xxx/CVE-2014-7393.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7393", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The 100 Beauty Tips (aka com.ww100BeautyTipsApp) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#613121", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/613121" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The 100 Beauty Tips (aka com.ww100BeautyTipsApp) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#613121", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/613121" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7763.json b/2014/7xxx/CVE-2014-7763.json index c8c7901d872..67c0fb89ad9 100644 --- a/2014/7xxx/CVE-2014-7763.json +++ b/2014/7xxx/CVE-2014-7763.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7763", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Listen up! mirucho (aka jp.ameba.kiiteyo.android) application 1.1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7763", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#446977", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/446977" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Listen up! mirucho (aka jp.ameba.kiiteyo.android) application 1.1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#446977", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/446977" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8068.json b/2014/8xxx/CVE-2014-8068.json index 52eafc1db14..866784c1941 100644 --- a/2014/8xxx/CVE-2014-8068.json +++ b/2014/8xxx/CVE-2014-8068.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8068", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Digital Editions (DE) 4 does not use encryption for transmission of data to adelogs.adobe.com, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by book-navigation information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2014-8068", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://the-digital-reader.com/2014/10/06/adobe-spying-users-collecting-data-ebook-libraries/", - "refsource" : "MISC", - "url" : "http://the-digital-reader.com/2014/10/06/adobe-spying-users-collecting-data-ebook-libraries/" - }, - { - "name" : "http://arstechnica.com/security/2014/10/adobes-e-book-reader-sends-your-reading-logs-back-to-adobe-in-plain-text/", - "refsource" : "CONFIRM", - "url" : "http://arstechnica.com/security/2014/10/adobes-e-book-reader-sends-your-reading-logs-back-to-adobe-in-plain-text/" - }, - { - "name" : "http://twitter.com/AdobeSecurity/statuses/519826275008282624", - "refsource" : "CONFIRM", - "url" : "http://twitter.com/AdobeSecurity/statuses/519826275008282624" - }, - { - "name" : "61551", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61551" - }, - { - "name" : "adobe-digital-cve20148068-info-disc(97696)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97696" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Digital Editions (DE) 4 does not use encryption for transmission of data to adelogs.adobe.com, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by book-navigation information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "adobe-digital-cve20148068-info-disc(97696)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97696" + }, + { + "name": "http://the-digital-reader.com/2014/10/06/adobe-spying-users-collecting-data-ebook-libraries/", + "refsource": "MISC", + "url": "http://the-digital-reader.com/2014/10/06/adobe-spying-users-collecting-data-ebook-libraries/" + }, + { + "name": "http://twitter.com/AdobeSecurity/statuses/519826275008282624", + "refsource": "CONFIRM", + "url": "http://twitter.com/AdobeSecurity/statuses/519826275008282624" + }, + { + "name": "http://arstechnica.com/security/2014/10/adobes-e-book-reader-sends-your-reading-logs-back-to-adobe-in-plain-text/", + "refsource": "CONFIRM", + "url": "http://arstechnica.com/security/2014/10/adobes-e-book-reader-sends-your-reading-logs-back-to-adobe-in-plain-text/" + }, + { + "name": "61551", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61551" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8161.json b/2014/8xxx/CVE-2014-8161.json index 3ba7f2b6da3..ffaa622c9b8 100644 --- a/2014/8xxx/CVE-2014-8161.json +++ b/2014/8xxx/CVE-2014-8161.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8161", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8161", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8285.json b/2014/8xxx/CVE-2014-8285.json index ca627891942..381d7218b53 100644 --- a/2014/8xxx/CVE-2014-8285.json +++ b/2014/8xxx/CVE-2014-8285.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8285", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8285", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8322.json b/2014/8xxx/CVE-2014-8322.json index d40ab2d4c44..4e661d57b40 100644 --- a/2014/8xxx/CVE-2014-8322.json +++ b/2014/8xxx/CVE-2014-8322.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8322", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8322", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9080.json b/2014/9xxx/CVE-2014-9080.json index ea5d9082e31..c2a938e3733 100644 --- a/2014/9xxx/CVE-2014-9080.json +++ b/2014/9xxx/CVE-2014-9080.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9080", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9080", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9132.json b/2014/9xxx/CVE-2014-9132.json index d26a9b429f6..07a432ccccc 100644 --- a/2014/9xxx/CVE-2014-9132.json +++ b/2014/9xxx/CVE-2014-9132.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9132", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9132", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9214.json b/2014/9xxx/CVE-2014-9214.json index f265b4bd9af..c5a86b94c12 100644 --- a/2014/9xxx/CVE-2014-9214.json +++ b/2014/9xxx/CVE-2014-9214.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9214", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9214", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2239.json b/2016/2xxx/CVE-2016-2239.json index f0c3315ec07..a15d7add87f 100644 --- a/2016/2xxx/CVE-2016-2239.json +++ b/2016/2xxx/CVE-2016-2239.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2239", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2239", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2549.json b/2016/2xxx/CVE-2016-2549.json index 2029f1d295c..8282812383c 100644 --- a/2016/2xxx/CVE-2016-2549.json +++ b/2016/2xxx/CVE-2016-2549.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2549", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service (deadlock) via a crafted ioctl call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2549", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160119 Security bugs in Linux kernel sound subsystem", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/01/19/1" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2ba1fe7a06d3624f9a7586d672b55f08f7c670f3", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2ba1fe7a06d3624f9a7586d672b55f08f7c670f3" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1311570", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1311570" - }, - { - "name" : "https://github.com/torvalds/linux/commit/2ba1fe7a06d3624f9a7586d672b55f08f7c670f3", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/2ba1fe7a06d3624f9a7586d672b55f08f7c670f3" - }, - { - "name" : "DSA-3503", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3503" - }, - { - "name" : "SUSE-SU-2016:2074", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" - }, - { - "name" : "SUSE-SU-2016:0911", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" - }, - { - "name" : "SUSE-SU-2016:1102", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" - }, - { - "name" : "USN-2967-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2967-1" - }, - { - "name" : "USN-2967-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2967-2" - }, - { - "name" : "USN-2929-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2929-1" - }, - { - "name" : "USN-2929-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2929-2" - }, - { - "name" : "USN-2930-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2930-1" - }, - { - "name" : "USN-2930-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2930-2" - }, - { - "name" : "USN-2930-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2930-3" - }, - { - "name" : "USN-2931-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2931-1" - }, - { - "name" : "USN-2932-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2932-1" - }, - { - "name" : "83382", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/83382" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service (deadlock) via a crafted ioctl call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2930-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2930-1" + }, + { + "name": "83382", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/83382" + }, + { + "name": "USN-2967-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2967-1" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1" + }, + { + "name": "USN-2930-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2930-2" + }, + { + "name": "https://github.com/torvalds/linux/commit/2ba1fe7a06d3624f9a7586d672b55f08f7c670f3", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/2ba1fe7a06d3624f9a7586d672b55f08f7c670f3" + }, + { + "name": "DSA-3503", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3503" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1311570", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311570" + }, + { + "name": "USN-2967-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2967-2" + }, + { + "name": "[oss-security] 20160119 Security bugs in Linux kernel sound subsystem", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/01/19/1" + }, + { + "name": "USN-2930-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2930-3" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2ba1fe7a06d3624f9a7586d672b55f08f7c670f3", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2ba1fe7a06d3624f9a7586d672b55f08f7c670f3" + }, + { + "name": "SUSE-SU-2016:1102", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" + }, + { + "name": "USN-2929-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2929-1" + }, + { + "name": "USN-2932-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2932-1" + }, + { + "name": "SUSE-SU-2016:2074", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" + }, + { + "name": "USN-2931-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2931-1" + }, + { + "name": "USN-2929-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2929-2" + }, + { + "name": "SUSE-SU-2016:0911", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2602.json b/2016/2xxx/CVE-2016-2602.json index 90febbced9f..b13439ae6f9 100644 --- a/2016/2xxx/CVE-2016-2602.json +++ b/2016/2xxx/CVE-2016-2602.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2602", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2602", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6196.json b/2016/6xxx/CVE-2016-6196.json index b0aa80fccde..a1920739225 100644 --- a/2016/6xxx/CVE-2016-6196.json +++ b/2016/6xxx/CVE-2016-6196.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6196", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6196", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6867.json b/2016/6xxx/CVE-2016-6867.json index 56e589eb260..afccd12fc86 100644 --- a/2016/6xxx/CVE-2016-6867.json +++ b/2016/6xxx/CVE-2016-6867.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6867", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6867", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7078.json b/2016/7xxx/CVE-2016-7078.json index ef4e446ccdd..9438e65b005 100644 --- a/2016/7xxx/CVE-2016-7078.json +++ b/2016/7xxx/CVE-2016-7078.json @@ -1,103 +1,103 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "anemec@redhat.com", - "ID" : "CVE-2016-7078", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "foreman", - "version" : { - "version_data" : [ - { - "version_value" : "1.15.0" - } - ] - } - } - ] - }, - "vendor_name" : "Foreman" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. When a user is assigned _no_ organizations/locations, they are able to view all resources instead of none (mirroring an administrator's view). The user's actions are still limited by their assigned permissions, e.g. to control viewing, editing and deletion." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "version" : "3.0" - } - ], - [ - { - "vectorString" : "3.5/AV:N/AC:M/Au:S/C:P/I:N/A:N", - "version" : "2.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-285" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-7078", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "foreman", + "version": { + "version_data": [ + { + "version_value": "1.15.0" + } + ] + } + } + ] + }, + "vendor_name": "Foreman" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170222 CVE-2016-7078: Foreman organization/location authorization vulnerability", - "refsource" : "MLIST", - "url" : "https://seclists.org/oss-sec/2017/q1/470" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7078", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7078" - }, - { - "name" : "https://github.com/theforeman/foreman/commit/5f606e11cf39719bf62f8b1f3396861b32387905", - "refsource" : "CONFIRM", - "url" : "https://github.com/theforeman/foreman/commit/5f606e11cf39719bf62f8b1f3396861b32387905" - }, - { - "name" : "https://projects.theforeman.org/issues/16982", - "refsource" : "CONFIRM", - "url" : "https://projects.theforeman.org/issues/16982" - }, - { - "name" : "https://theforeman.org/security.html#2016-7078", - "refsource" : "CONFIRM", - "url" : "https://theforeman.org/security.html#2016-7078" - }, - { - "name" : "96385", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96385" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. When a user is assigned _no_ organizations/locations, they are able to view all resources instead of none (mirroring an administrator's view). The user's actions are still limited by their assigned permissions, e.g. to control viewing, editing and deletion." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + } + ], + [ + { + "vectorString": "3.5/AV:N/AC:M/Au:S/C:P/I:N/A:N", + "version": "2.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/theforeman/foreman/commit/5f606e11cf39719bf62f8b1f3396861b32387905", + "refsource": "CONFIRM", + "url": "https://github.com/theforeman/foreman/commit/5f606e11cf39719bf62f8b1f3396861b32387905" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7078", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7078" + }, + { + "name": "96385", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96385" + }, + { + "name": "https://theforeman.org/security.html#2016-7078", + "refsource": "CONFIRM", + "url": "https://theforeman.org/security.html#2016-7078" + }, + { + "name": "https://projects.theforeman.org/issues/16982", + "refsource": "CONFIRM", + "url": "https://projects.theforeman.org/issues/16982" + }, + { + "name": "[oss-security] 20170222 CVE-2016-7078: Foreman organization/location authorization vulnerability", + "refsource": "MLIST", + "url": "https://seclists.org/oss-sec/2017/q1/470" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7233.json b/2016/7xxx/CVE-2016-7233.json index 8afaac13406..a7783beebc9 100644 --- a/2016/7xxx/CVE-2016-7233.json +++ b/2016/7xxx/CVE-2016-7233.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2016-7233", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted Office document, aka \"Microsoft Office Information Disclosure Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-7233", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20161108 Microsoft Office Out-of-Bounds Read Information Leak Vulnerability", - "refsource" : "IDEFENSE", - "url" : "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1232" - }, - { - "name" : "MS16-133", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133" - }, - { - "name" : "94031", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94031" - }, - { - "name" : "1037246", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037246" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted Office document, aka \"Microsoft Office Information Disclosure Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20161108 Microsoft Office Out-of-Bounds Read Information Leak Vulnerability", + "refsource": "IDEFENSE", + "url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1232" + }, + { + "name": "MS16-133", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133" + }, + { + "name": "94031", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94031" + }, + { + "name": "1037246", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037246" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7468.json b/2016/7xxx/CVE-2016-7468.json index 6ea75b428a5..4034e92e99d 100644 --- a/2016/7xxx/CVE-2016-7468.json +++ b/2016/7xxx/CVE-2016-7468.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "ID" : "CVE-2016-7468", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, PEM, PSM,", - "version" : { - "version_data" : [ - { - "version_value" : "11.4.1 - 11.5.4" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An unauthenticated remote attacker may be able to disrupt services on F5 BIG-IP 11.4.1 - 11.5.4 devices with maliciously crafted network traffic. This vulnerability affects virtual servers associated with TCP profiles when the BIG-IP system's tm.tcpprogressive db variable value is set to non-default setting \"enabled\". The default value for the tm.tcpprogressive db variable is \"negotiate\". An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "ID": "CVE-2016-7468", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, PEM, PSM,", + "version": { + "version_data": [ + { + "version_value": "11.4.1 - 11.5.4" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/article/K13053402", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K13053402" - }, - { - "name" : "97119", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97119" - }, - { - "name" : "1038121", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038121" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An unauthenticated remote attacker may be able to disrupt services on F5 BIG-IP 11.4.1 - 11.5.4 devices with maliciously crafted network traffic. This vulnerability affects virtual servers associated with TCP profiles when the BIG-IP system's tm.tcpprogressive db variable value is set to non-default setting \"enabled\". The default value for the tm.tcpprogressive db variable is \"negotiate\". An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97119", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97119" + }, + { + "name": "1038121", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038121" + }, + { + "name": "https://support.f5.com/csp/article/K13053402", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K13053402" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7843.json b/2016/7xxx/CVE-2016-7843.json index 9cf079ab313..1074d06b6eb 100644 --- a/2016/7xxx/CVE-2016-7843.json +++ b/2016/7xxx/CVE-2016-7843.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2016-7843", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "AttacheCase for Java", - "version" : { - "version_data" : [ - { - "version_value" : "Ver0.60 and earlier" - } - ] - } - }, - { - "product_name" : "AttacheCase Lite", - "version" : { - "version_data" : [ - { - "version_value" : "Ver1.4.6 and earlier" - } - ] - } - }, - { - "product_name" : "AttacheCase Pro", - "version" : { - "version_data" : [ - { - "version_value" : "Ver1.5.7 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "MaruUo Factory" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in AttacheCase for Java 0.60 and earlier, AttacheCase Lite 1.4.6 and earlier, and AttacheCase Pro 1.5.7 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Directory traversal" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2016-7843", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AttacheCase for Java", + "version": { + "version_data": [ + { + "version_value": "Ver0.60 and earlier" + } + ] + } + }, + { + "product_name": "AttacheCase Lite", + "version": { + "version_data": [ + { + "version_value": "Ver1.4.6 and earlier" + } + ] + } + }, + { + "product_name": "AttacheCase Pro", + "version": { + "version_data": [ + { + "version_value": "Ver1.5.7 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "MaruUo Factory" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://maruuofactory.life.coocan.jp/attachecase/#pathTraversal", - "refsource" : "MISC", - "url" : "http://maruuofactory.life.coocan.jp/attachecase/#pathTraversal" - }, - { - "name" : "JVN#28331227", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN28331227/index.html" - }, - { - "name" : "95445", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95445" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in AttacheCase for Java 0.60 and earlier, AttacheCase Lite 1.4.6 and earlier, and AttacheCase Pro 1.5.7 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#28331227", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN28331227/index.html" + }, + { + "name": "95445", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95445" + }, + { + "name": "http://maruuofactory.life.coocan.jp/attachecase/#pathTraversal", + "refsource": "MISC", + "url": "http://maruuofactory.life.coocan.jp/attachecase/#pathTraversal" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5650.json b/2017/5xxx/CVE-2017-5650.json index 536c8d2f046..698e02ceff5 100644 --- a/2017/5xxx/CVE-2017-5650.json +++ b/2017/5xxx/CVE-2017-5650.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "ID" : "CVE-2017-5650", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Tomcat", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.0.M1 to 9.0.0.M18" - }, - { - "version_value" : "8.5.0 to 8.5.12" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE before allowing the application to write more data. These waiting streams each consumed a thread. A malicious client could therefore construct a series of HTTP/2 requests that would consume all available processing threads." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "ID": "CVE-2017-5650", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Tomcat", + "version": { + "version_data": [ + { + "version_value": "9.0.0.M1 to 9.0.0.M18" + }, + { + "version_value": "8.5.0 to 8.5.12" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[users] 20170410 [SECURITY] CVE-2017-5650 Apache Tomcat Denial of Service", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/d24303fb095db072740d8154b0f0db3f2b8f67bc91a0562dbe89c738@%3Cannounce.tomcat.apache.org%3E" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180614-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180614-0001/" - }, - { - "name" : "GLSA-201705-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-09" - }, - { - "name" : "97531", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97531" - }, - { - "name" : "1038217", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038217" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE before allowing the application to write more data. These waiting streams each consumed a thread. A malicious client could therefore construct a series of HTTP/2 requests that would consume all available processing threads." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97531", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97531" + }, + { + "name": "GLSA-201705-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-09" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180614-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180614-0001/" + }, + { + "name": "1038217", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038217" + }, + { + "name": "[users] 20170410 [SECURITY] CVE-2017-5650 Apache Tomcat Denial of Service", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/d24303fb095db072740d8154b0f0db3f2b8f67bc91a0562dbe89c738@%3Cannounce.tomcat.apache.org%3E" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5724.json b/2017/5xxx/CVE-2017-5724.json index 5b4e36ad40e..e88e8e60c1b 100644 --- a/2017/5xxx/CVE-2017-5724.json +++ b/2017/5xxx/CVE-2017-5724.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5724", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5724", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file