diff --git a/2006/0xxx/CVE-2006-0191.json b/2006/0xxx/CVE-2006-0191.json index 80ade484196..2fde1ac67cb 100644 --- a/2006/0xxx/CVE-2006-0191.json +++ b/2006/0xxx/CVE-2006-0191.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0191", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Sun Solaris 10 allows local users to cause a denial of service (null dereference) via unspecified vectors involving the use of the find command on the \"/proc\" filesystem. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this is related to CVE-2005-3250." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0191", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-056.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-056.htm" - }, - { - "name" : "102108", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102108-1" - }, - { - "name" : "16222", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16222" - }, - { - "name" : "ADV-2006-0166", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0166" - }, - { - "name" : "22347", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22347" - }, - { - "name" : "oval:org.mitre.oval:def:1608", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1608" - }, - { - "name" : "1015479", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015479" - }, - { - "name" : "18420", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18420" - }, - { - "name" : "19087", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19087" - }, - { - "name" : "solaris-find-proc-dos(24085)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24085" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Sun Solaris 10 allows local users to cause a denial of service (null dereference) via unspecified vectors involving the use of the find command on the \"/proc\" filesystem. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this is related to CVE-2005-3250." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16222", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16222" + }, + { + "name": "18420", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18420" + }, + { + "name": "22347", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22347" + }, + { + "name": "solaris-find-proc-dos(24085)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24085" + }, + { + "name": "oval:org.mitre.oval:def:1608", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1608" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-056.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-056.htm" + }, + { + "name": "ADV-2006-0166", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0166" + }, + { + "name": "1015479", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015479" + }, + { + "name": "19087", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19087" + }, + { + "name": "102108", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102108-1" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1394.json b/2006/1xxx/CVE-2006-1394.json index 8fb34ff4c7e..a245fc82ac3 100644 --- a/2006/1xxx/CVE-2006-1394.json +++ b/2006/1xxx/CVE-2006-1394.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1394", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Microsoft IIS ISAPI filter (aka application server module) in University of Washington Pubcookie 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1394", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pubcookie.org/news/20060306-apps-secadv.html", - "refsource" : "CONFIRM", - "url" : "http://pubcookie.org/news/20060306-apps-secadv.html" - }, - { - "name" : "VU#314540", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/314540" - }, - { - "name" : "17221", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17221" - }, - { - "name" : "24520", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24520" - }, - { - "name" : "19348", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19348" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Microsoft IIS ISAPI filter (aka application server module) in University of Washington Pubcookie 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pubcookie.org/news/20060306-apps-secadv.html", + "refsource": "CONFIRM", + "url": "http://pubcookie.org/news/20060306-apps-secadv.html" + }, + { + "name": "24520", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24520" + }, + { + "name": "17221", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17221" + }, + { + "name": "VU#314540", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/314540" + }, + { + "name": "19348", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19348" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5325.json b/2006/5xxx/CVE-2006-5325.json index fdccbdaef50..cc107f48241 100644 --- a/2006/5xxx/CVE-2006-5325.json +++ b/2006/5xxx/CVE-2006-5325.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5325", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Dimitri Seitz Security Suite IP Logger in dwingmods for phpBB allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) mkb.php, (2) iplogger.php, (3) admin_board2.php, or (4) admin_logger.php in includes/, different vectors than CVE-2006-5224." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5325", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061012 Security Suite IP Logger Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/448447/100/0/threaded" - }, - { - "name" : "1736", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1736" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Dimitri Seitz Security Suite IP Logger in dwingmods for phpBB allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) mkb.php, (2) iplogger.php, (3) admin_board2.php, or (4) admin_logger.php in includes/, different vectors than CVE-2006-5224." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1736", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1736" + }, + { + "name": "20061012 Security Suite IP Logger Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/448447/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5420.json b/2006/5xxx/CVE-2006-5420.json index fc0d661e9ed..2496c584b16 100644 --- a/2006/5xxx/CVE-2006-5420.json +++ b/2006/5xxx/CVE-2006-5420.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5420", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Kerio WinRoute Firewall 6.2.2 and earlier allows remote attackers to cause a denial of service (crash) via malformed DNS responses." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5420", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kerio.com/kwf_history.html", - "refsource" : "CONFIRM", - "url" : "http://www.kerio.com/kwf_history.html" - }, - { - "name" : "20584", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20584" - }, - { - "name" : "ADV-2006-4056", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4056" - }, - { - "name" : "1017067", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017067" - }, - { - "name" : "22986", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22986" - }, - { - "name" : "kerio-dns-dos(29629)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29629" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Kerio WinRoute Firewall 6.2.2 and earlier allows remote attackers to cause a denial of service (crash) via malformed DNS responses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4056", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4056" + }, + { + "name": "1017067", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017067" + }, + { + "name": "22986", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22986" + }, + { + "name": "http://www.kerio.com/kwf_history.html", + "refsource": "CONFIRM", + "url": "http://www.kerio.com/kwf_history.html" + }, + { + "name": "kerio-dns-dos(29629)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29629" + }, + { + "name": "20584", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20584" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5490.json b/2006/5xxx/CVE-2006-5490.json index c4b067e1707..9c9e31dc60f 100644 --- a/2006/5xxx/CVE-2006-5490.json +++ b/2006/5xxx/CVE-2006-5490.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5490", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Segue Content Management System (CMS) before 1.5.8 allow remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5490", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?group_id=82171&release_id=456920", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?group_id=82171&release_id=456920" - }, - { - "name" : "20645", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20645" - }, - { - "name" : "ADV-2006-4123", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4123" - }, - { - "name" : "29903", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29903" - }, - { - "name" : "22514", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22514" - }, - { - "name" : "seguecms-unspecified-sql-injection(29691)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29691" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Segue Content Management System (CMS) before 1.5.8 allow remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?group_id=82171&release_id=456920", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?group_id=82171&release_id=456920" + }, + { + "name": "seguecms-unspecified-sql-injection(29691)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29691" + }, + { + "name": "ADV-2006-4123", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4123" + }, + { + "name": "22514", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22514" + }, + { + "name": "29903", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29903" + }, + { + "name": "20645", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20645" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5530.json b/2006/5xxx/CVE-2006-5530.json index 080188a021e..d3d0a55ac31 100644 --- a/2006/5xxx/CVE-2006-5530.json +++ b/2006/5xxx/CVE-2006-5530.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5530", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Boesch SimpNews before 2.34.01 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) admin/index.php, (2) admin/pwlost.php, and unspecified other files. NOTE: the provenance of this information is unknown; the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5530", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.boesch-it.de/sw/php-scripts/simpnews/english/index.php", - "refsource" : "MISC", - "url" : "http://www.boesch-it.de/sw/php-scripts/simpnews/english/index.php" - }, - { - "name" : "20714", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20714" - }, - { - "name" : "ADV-2006-4162", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4162" - }, - { - "name" : "22535", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22535" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Boesch SimpNews before 2.34.01 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) admin/index.php, (2) admin/pwlost.php, and unspecified other files. NOTE: the provenance of this information is unknown; the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20714", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20714" + }, + { + "name": "22535", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22535" + }, + { + "name": "ADV-2006-4162", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4162" + }, + { + "name": "http://www.boesch-it.de/sw/php-scripts/simpnews/english/index.php", + "refsource": "MISC", + "url": "http://www.boesch-it.de/sw/php-scripts/simpnews/english/index.php" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5624.json b/2006/5xxx/CVE-2006-5624.json index 45bf6c07c4e..8e8509b15fc 100644 --- a/2006/5xxx/CVE-2006-5624.json +++ b/2006/5xxx/CVE-2006-5624.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5624", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Multi-Page Comment System (MPCS) 1.0.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) include.php or (2) functions.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tpvgames.co.uk/web/mpcs/", - "refsource" : "MISC", - "url" : "http://tpvgames.co.uk/web/mpcs/" - }, - { - "name" : "20751", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20751" - }, - { - "name" : "ADV-2006-4212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4212" - }, - { - "name" : "22578", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22578" - }, - { - "name" : "mpcs-path-file-include(29823)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29823" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Multi-Page Comment System (MPCS) 1.0.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) include.php or (2) functions.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22578", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22578" + }, + { + "name": "ADV-2006-4212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4212" + }, + { + "name": "20751", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20751" + }, + { + "name": "http://tpvgames.co.uk/web/mpcs/", + "refsource": "MISC", + "url": "http://tpvgames.co.uk/web/mpcs/" + }, + { + "name": "mpcs-path-file-include(29823)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29823" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5840.json b/2006/5xxx/CVE-2006-5840.json index 695fbe06de3..1ee0c1d0d7a 100644 --- a/2006/5xxx/CVE-2006-5840.json +++ b/2006/5xxx/CVE-2006-5840.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5840", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Multiple SQL injection vulnerabilities in Abarcar Realty Portal allow remote attackers to execute arbitrary SQL commands via the (1) neid parameter to newsdetails.php, or the (2) slid parameter to slistl.php. NOTE: the cat vector is already covered by CVE-2006-2853. NOTE: the vendor has notified CVE that the current version only creates static pages, and that slistl.php/slid never existed in any version." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5840", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061108 Abarcar Realty Portal [injection sql]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/450946/100/0/threaded" - }, - { - "name" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=7", - "refsource" : "MISC", - "url" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=7" - }, - { - "name" : "20061207 Vendor dispute - CVE-2006-5840 (abarcar Realty Portal)", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2006-December/001170.html" - }, - { - "name" : "20061219 abarcar vendor statement on CVE-2006-5840", - "refsource" : "VIM", - "url" : "http://attrition.org/pipermail/vim/2006-December/001190.html" - }, - { - "name" : "20970", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20970" - }, - { - "name" : "ADV-2006-4418", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4418" - }, - { - "name" : "30249", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30249" - }, - { - "name" : "30250", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30250" - }, - { - "name" : "22792", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22792" - }, - { - "name" : "1840", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1840" - }, - { - "name" : "abarcar-realty-newsdetails-sql-injection(30135)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30135" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Multiple SQL injection vulnerabilities in Abarcar Realty Portal allow remote attackers to execute arbitrary SQL commands via the (1) neid parameter to newsdetails.php, or the (2) slid parameter to slistl.php. NOTE: the cat vector is already covered by CVE-2006-2853. NOTE: the vendor has notified CVE that the current version only creates static pages, and that slistl.php/slid never existed in any version." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30249", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30249" + }, + { + "name": "1840", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1840" + }, + { + "name": "22792", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22792" + }, + { + "name": "20061219 abarcar vendor statement on CVE-2006-5840", + "refsource": "VIM", + "url": "http://attrition.org/pipermail/vim/2006-December/001190.html" + }, + { + "name": "20970", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20970" + }, + { + "name": "http://s-a-p.ca/index.php?page=OurAdvisories&id=7", + "refsource": "MISC", + "url": "http://s-a-p.ca/index.php?page=OurAdvisories&id=7" + }, + { + "name": "abarcar-realty-newsdetails-sql-injection(30135)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30135" + }, + { + "name": "ADV-2006-4418", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4418" + }, + { + "name": "30250", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30250" + }, + { + "name": "20061207 Vendor dispute - CVE-2006-5840 (abarcar Realty Portal)", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2006-December/001170.html" + }, + { + "name": "20061108 Abarcar Realty Portal [injection sql]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/450946/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2250.json b/2007/2xxx/CVE-2007-2250.json index d0284bcc7ae..56f4ca469f9 100644 --- a/2007/2xxx/CVE-2007-2250.json +++ b/2007/2xxx/CVE-2007-2250.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2250", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "admin.php in Phorum before 5.1.22 allows remote attackers to obtain the full path via the module[] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2250", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070419 [waraxe-2007-SA#049] - Multiple vulnerabilities in Phorum 5.1.20", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/466286/100/0/threaded" - }, - { - "name" : "http://www.waraxe.us/advisory-49.html", - "refsource" : "MISC", - "url" : "http://www.waraxe.us/advisory-49.html" - }, - { - "name" : "http://www.phorum.org/story.php?76", - "refsource" : "CONFIRM", - "url" : "http://www.phorum.org/story.php?76" - }, - { - "name" : "23616", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23616" - }, - { - "name" : "ADV-2007-1479", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1479" - }, - { - "name" : "35060", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35060" - }, - { - "name" : "1017936", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017936" - }, - { - "name" : "24932", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24932" - }, - { - "name" : "2617", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2617" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "admin.php in Phorum before 5.1.22 allows remote attackers to obtain the full path via the module[] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.waraxe.us/advisory-49.html", + "refsource": "MISC", + "url": "http://www.waraxe.us/advisory-49.html" + }, + { + "name": "http://www.phorum.org/story.php?76", + "refsource": "CONFIRM", + "url": "http://www.phorum.org/story.php?76" + }, + { + "name": "1017936", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017936" + }, + { + "name": "ADV-2007-1479", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1479" + }, + { + "name": "24932", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24932" + }, + { + "name": "20070419 [waraxe-2007-SA#049] - Multiple vulnerabilities in Phorum 5.1.20", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/466286/100/0/threaded" + }, + { + "name": "2617", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2617" + }, + { + "name": "23616", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23616" + }, + { + "name": "35060", + "refsource": "OSVDB", + "url": "http://osvdb.org/35060" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2269.json b/2007/2xxx/CVE-2007-2269.json index 9ccde41ac81..6f1e6bbfc0e 100644 --- a/2007/2xxx/CVE-2007-2269.json +++ b/2007/2xxx/CVE-2007-2269.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2269", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in top.php3 in SWsoft Plesk for Windows 8.1 and 8.1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2269", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://forum.swsoft.com/showthread.php?s=&postid=172761#post172761", - "refsource" : "MISC", - "url" : "http://forum.swsoft.com/showthread.php?s=&postid=172761#post172761" - }, - { - "name" : "35475", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35475" - }, - { - "name" : "25036", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25036" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in top.php3 in SWsoft Plesk for Windows 8.1 and 8.1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35475", + "refsource": "OSVDB", + "url": "http://osvdb.org/35475" + }, + { + "name": "http://forum.swsoft.com/showthread.php?s=&postid=172761#post172761", + "refsource": "MISC", + "url": "http://forum.swsoft.com/showthread.php?s=&postid=172761#post172761" + }, + { + "name": "25036", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25036" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2322.json b/2007/2xxx/CVE-2007-2322.json index 3125bdc4718..eeb85859ced 100644 --- a/2007/2xxx/CVE-2007-2322.json +++ b/2007/2xxx/CVE-2007-2322.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2322", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NMMediaServer.exe in Nero MediaHome 2.5.5.0 and CE 1.3.0.4 allows remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted packet that contains two CRLF sequences. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2322", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "23640", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23640" - }, - { - "name" : "35321", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35321" - }, - { - "name" : "24724", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24724" - }, - { - "name" : "nero-crlf-dos(33974)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33974" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NMMediaServer.exe in Nero MediaHome 2.5.5.0 and CE 1.3.0.4 allows remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted packet that contains two CRLF sequences. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35321", + "refsource": "OSVDB", + "url": "http://osvdb.org/35321" + }, + { + "name": "23640", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23640" + }, + { + "name": "24724", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24724" + }, + { + "name": "nero-crlf-dos(33974)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33974" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2429.json b/2007/2xxx/CVE-2007-2429.json index 92bb0c5ee43..8e5d466a090 100644 --- a/2007/2xxx/CVE-2007-2429.json +++ b/2007/2xxx/CVE-2007-2429.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2429", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ManageEngine PasswordManager Pro (PMP) allows remote attackers to obtain administrative access to a database by injecting a certain command line for the mysql program, as demonstrated by the \"-port 2345\" and \"-u root\" arguments. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2429", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "23693", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23693" - }, - { - "name" : "40188", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40188" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ManageEngine PasswordManager Pro (PMP) allows remote attackers to obtain administrative access to a database by injecting a certain command line for the mysql program, as demonstrated by the \"-port 2345\" and \"-u root\" arguments. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23693", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23693" + }, + { + "name": "40188", + "refsource": "OSVDB", + "url": "http://osvdb.org/40188" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2523.json b/2007/2xxx/CVE-2007-2523.json index 590298cbbb2..e960455e56e 100644 --- a/2007/2xxx/CVE-2007-2523.json +++ b/2007/2xxx/CVE-2007-2523.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2523", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions (NULL security descriptor) for the Task Service shared file mapping, which allows local users to modify this mapping and gain privileges by triggering a stack-based buffer overflow in InoCore.dll before 8.0.448.0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2523", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070509 Computer Associates eTrust InoTask.exe Antivirus Buffer Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=530" - }, - { - "name" : "20070511 Computer Associates eTrust InoTask.exe Antivirus Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/468306/100/0/threaded" - }, - { - "name" : "20050711 [CAID 35330, 35331]: CA Anti-Virus, CA Threat Manager, and CA Anti-Spyware Console Login and File Mapping Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063275.html" - }, - { - "name" : "http://blog.48bits.com/?p=103", - "refsource" : "MISC", - "url" : "http://blog.48bits.com/?p=103" - }, - { - "name" : "http://supportconnectw.ca.com/public/antivirus/infodocs/caav-secnotice050807.asp", - "refsource" : "CONFIRM", - "url" : "http://supportconnectw.ca.com/public/antivirus/infodocs/caav-secnotice050807.asp" - }, - { - "name" : "VU#788416", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/788416" - }, - { - "name" : "23906", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23906" - }, - { - "name" : "ADV-2007-1750", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1750" - }, - { - "name" : "34586", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/34586" - }, - { - "name" : "1018043", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018043" - }, - { - "name" : "25202", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25202" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions (NULL security descriptor) for the Task Service shared file mapping, which allows local users to modify this mapping and gain privileges by triggering a stack-based buffer overflow in InoCore.dll before 8.0.448.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://supportconnectw.ca.com/public/antivirus/infodocs/caav-secnotice050807.asp", + "refsource": "CONFIRM", + "url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caav-secnotice050807.asp" + }, + { + "name": "1018043", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018043" + }, + { + "name": "http://blog.48bits.com/?p=103", + "refsource": "MISC", + "url": "http://blog.48bits.com/?p=103" + }, + { + "name": "ADV-2007-1750", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1750" + }, + { + "name": "23906", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23906" + }, + { + "name": "VU#788416", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/788416" + }, + { + "name": "34586", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/34586" + }, + { + "name": "25202", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25202" + }, + { + "name": "20070511 Computer Associates eTrust InoTask.exe Antivirus Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/468306/100/0/threaded" + }, + { + "name": "20070509 Computer Associates eTrust InoTask.exe Antivirus Buffer Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=530" + }, + { + "name": "20050711 [CAID 35330, 35331]: CA Anti-Virus, CA Threat Manager, and CA Anti-Spyware Console Login and File Mapping Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063275.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2994.json b/2007/2xxx/CVE-2007-2994.json index c352e44efaa..b3189ae6a7c 100644 --- a/2007/2xxx/CVE-2007-2994.json +++ b/2007/2xxx/CVE-2007-2994.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2994", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a fullnews action, a different vector than CVE-2007-0693." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2994", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070529 Re: DGNews version 2.1 SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/469881/100/0/threaded" - }, - { - "name" : "24212", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24212" - }, - { - "name" : "25438", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25438" - }, - { - "name" : "2762", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2762" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a fullnews action, a different vector than CVE-2007-0693." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25438", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25438" + }, + { + "name": "24212", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24212" + }, + { + "name": "2762", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2762" + }, + { + "name": "20070529 Re: DGNews version 2.1 SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/469881/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0012.json b/2010/0xxx/CVE-2010-0012.json index 0a41b9fb64d..bc12d7cb06c 100644 --- a/2010/0xxx/CVE-2010-0012.json +++ b/2010/0xxx/CVE-2010-0012.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0012", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-0012", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-devel-changes] 20100105 Accepted transmission 1.77-1 (source all amd64)", - "refsource" : "MLIST", - "url" : "http://www.mail-archive.com/debian-devel-changes@lists.debian.org/msg264483.html" - }, - { - "name" : "[oss-security] 20100106 CVE Request: Transmission", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/01/06/2" - }, - { - "name" : "[oss-security] 20100106 Re: CVE Request: Transmission", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/01/06/4" - }, - { - "name" : "http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gz", - "refsource" : "CONFIRM", - "url" : "http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gz" - }, - { - "name" : "http://trac.transmissionbt.com/changeset/9829/", - "refsource" : "CONFIRM", - "url" : "http://trac.transmissionbt.com/changeset/9829/" - }, - { - "name" : "http://trac.transmissionbt.com/wiki/Changes#version-1.77", - "refsource" : "CONFIRM", - "url" : "http://trac.transmissionbt.com/wiki/Changes#version-1.77" - }, - { - "name" : "https://launchpad.net/bugs/500625", - "refsource" : "CONFIRM", - "url" : "https://launchpad.net/bugs/500625" - }, - { - "name" : "DSA-1967", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-1967" - }, - { - "name" : "SUSE-SA:2010:008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html" - }, - { - "name" : "37993", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37993" - }, - { - "name" : "38005", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38005" - }, - { - "name" : "ADV-2010-0071", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0071" - }, - { - "name" : "transmission-name-directory-traversal(55454)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55454" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://trac.transmissionbt.com/wiki/Changes#version-1.77", + "refsource": "CONFIRM", + "url": "http://trac.transmissionbt.com/wiki/Changes#version-1.77" + }, + { + "name": "[oss-security] 20100106 Re: CVE Request: Transmission", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/01/06/4" + }, + { + "name": "https://launchpad.net/bugs/500625", + "refsource": "CONFIRM", + "url": "https://launchpad.net/bugs/500625" + }, + { + "name": "http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gz", + "refsource": "CONFIRM", + "url": "http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gz" + }, + { + "name": "http://trac.transmissionbt.com/changeset/9829/", + "refsource": "CONFIRM", + "url": "http://trac.transmissionbt.com/changeset/9829/" + }, + { + "name": "38005", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38005" + }, + { + "name": "ADV-2010-0071", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0071" + }, + { + "name": "DSA-1967", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-1967" + }, + { + "name": "transmission-name-directory-traversal(55454)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55454" + }, + { + "name": "[oss-security] 20100106 CVE Request: Transmission", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/01/06/2" + }, + { + "name": "37993", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37993" + }, + { + "name": "SUSE-SA:2010:008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html" + }, + { + "name": "[debian-devel-changes] 20100105 Accepted transmission 1.77-1 (source all amd64)", + "refsource": "MLIST", + "url": "http://www.mail-archive.com/debian-devel-changes@lists.debian.org/msg264483.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0296.json b/2010/0xxx/CVE-2010-0296.json index cb843405989..54fd06868c2 100644 --- a/2010/0xxx/CVE-2010-0296.json +++ b/2010/0xxx/CVE-2010-0296.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0296", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-0296", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/520102/100/0/threaded" - }, - { - "name" : "http://frugalware.org/security/662", - "refsource" : "CONFIRM", - "url" : "http://frugalware.org/security/662" - }, - { - "name" : "http://sourceware.org/git/?p=glibc.git;a=commit;h=ab00f4eac8f4932211259ff87be83144f5211540", - "refsource" : "CONFIRM", - "url" : "http://sourceware.org/git/?p=glibc.git;a=commit;h=ab00f4eac8f4932211259ff87be83144f5211540" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=559579", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=559579" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" - }, - { - "name" : "DSA-2058", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2058" - }, - { - "name" : "GLSA-201011-01", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201011-01.xml" - }, - { - "name" : "MDVSA-2010:111", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:111" - }, - { - "name" : "MDVSA-2010:112", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:112" - }, - { - "name" : "RHSA-2011:0412", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0412.html" - }, - { - "name" : "SUSE-SA:2010:052", - "refsource" : "SUSE", - "url" : "https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html" - }, - { - "name" : "USN-944-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-944-1" - }, - { - "name" : "1024043", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024043" - }, - { - "name" : "39900", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39900" - }, - { - "name" : "43830", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43830" - }, - { - "name" : "46397", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46397" - }, - { - "name" : "ADV-2010-1246", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1246" - }, - { - "name" : "ADV-2011-0863", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0863" - }, - { - "name" : "gnuclibrary-encodenamemacro-dos(59240)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59240" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2010:111", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:111" + }, + { + "name": "GLSA-201011-01", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201011-01.xml" + }, + { + "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded" + }, + { + "name": "46397", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46397" + }, + { + "name": "http://sourceware.org/git/?p=glibc.git;a=commit;h=ab00f4eac8f4932211259ff87be83144f5211540", + "refsource": "CONFIRM", + "url": "http://sourceware.org/git/?p=glibc.git;a=commit;h=ab00f4eac8f4932211259ff87be83144f5211540" + }, + { + "name": "ADV-2010-1246", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1246" + }, + { + "name": "RHSA-2011:0412", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0412.html" + }, + { + "name": "ADV-2011-0863", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0863" + }, + { + "name": "USN-944-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-944-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=559579", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=559579" + }, + { + "name": "39900", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39900" + }, + { + "name": "SUSE-SA:2010:052", + "refsource": "SUSE", + "url": "https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html" + }, + { + "name": "43830", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43830" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" + }, + { + "name": "1024043", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024043" + }, + { + "name": "gnuclibrary-encodenamemacro-dos(59240)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59240" + }, + { + "name": "http://frugalware.org/security/662", + "refsource": "CONFIRM", + "url": "http://frugalware.org/security/662" + }, + { + "name": "MDVSA-2010:112", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:112" + }, + { + "name": "DSA-2058", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2058" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0702.json b/2010/0xxx/CVE-2010-0702.json index bd3587f4aef..d3f4b2dbfe7 100644 --- a/2010/0xxx/CVE-2010-0702.json +++ b/2010/0xxx/CVE-2010-0702.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0702", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in cisco/services/PhonecDirectory.php in Fonality Trixbox 2.2.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0702", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1002-exploits/tribox-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1002-exploits/tribox-sql.txt" - }, - { - "name" : "11508", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11508" - }, - { - "name" : "38323", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38323" - }, - { - "name" : "trixbox-phonedirectory-sql-injection(56407)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56407" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in cisco/services/PhonecDirectory.php in Fonality Trixbox 2.2.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11508", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11508" + }, + { + "name": "trixbox-phonedirectory-sql-injection(56407)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56407" + }, + { + "name": "http://packetstormsecurity.org/1002-exploits/tribox-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1002-exploits/tribox-sql.txt" + }, + { + "name": "38323", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38323" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1437.json b/2010/1xxx/CVE-2010-1437.json index 4faaa8838fb..02aa9a07439 100644 --- a/2010/1xxx/CVE-2010-1437.json +++ b/2010/1xxx/CVE-2010-1437.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1437", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via keyctl session commands that trigger access to a dead keyring that is undergoing deletion by the key_cleanup function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-1437", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded" - }, - { - "name" : "[linux-kernel] 20100422 [PATCH 0/1][BUG][IMPORTANT] KEYRINGS: find_keyring_by_name() can gain the freed keyring", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=linux-kernel&m=127192182917857&w=2" - }, - { - "name" : "[linux-kernel] 20100430 [PATCH 2/7] KEYS: find_keyring_by_name() can gain access to a freed keyring", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=linux-kernel&m=127274294622730&w=2" - }, - { - "name" : "[linux-kernel] 20100503 Re: [PATCH 2/7] KEYS: find_keyring_by_name() can gain access to a freed keyring", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=linux-kernel&m=127292492727029&w=2" - }, - { - "name" : "[oss-security] 20100427 CVE request - kernel: find_keyring_by_name() can gain the freed keyring", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/04/27/2" - }, - { - "name" : "[oss-security] 20100427 Re: CVE request - kernel: find_keyring_by_name() can gain the freed keyring", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/04/28/2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=585094", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=585094" - }, - { - "name" : "https://patchwork.kernel.org/patch/94038/", - "refsource" : "CONFIRM", - "url" : "https://patchwork.kernel.org/patch/94038/" - }, - { - "name" : "https://patchwork.kernel.org/patch/94664/", - "refsource" : "CONFIRM", - "url" : "https://patchwork.kernel.org/patch/94664/" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" - }, - { - "name" : "DSA-2053", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2053" - }, - { - "name" : "RHSA-2010:0474", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0474.html" - }, - { - "name" : "SUSE-SA:2010:031", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html" - }, - { - "name" : "39719", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39719" - }, - { - "name" : "oval:org.mitre.oval:def:9715", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9715" - }, - { - "name" : "39830", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39830" - }, - { - "name" : "40218", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40218" - }, - { - "name" : "40645", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40645" - }, - { - "name" : "43315", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43315" - }, - { - "name" : "ADV-2010-1857", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1857" - }, - { - "name" : "kernel-findkeyringbyname-dos(58254)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58254" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via keyctl session commands that trigger access to a dead keyring that is undergoing deletion by the key_cleanup function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20100427 CVE request - kernel: find_keyring_by_name() can gain the freed keyring", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/04/27/2" + }, + { + "name": "SUSE-SA:2010:031", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html" + }, + { + "name": "[linux-kernel] 20100503 Re: [PATCH 2/7] KEYS: find_keyring_by_name() can gain access to a freed keyring", + "refsource": "MLIST", + "url": "http://marc.info/?l=linux-kernel&m=127292492727029&w=2" + }, + { + "name": "oval:org.mitre.oval:def:9715", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9715" + }, + { + "name": "https://patchwork.kernel.org/patch/94664/", + "refsource": "CONFIRM", + "url": "https://patchwork.kernel.org/patch/94664/" + }, + { + "name": "kernel-findkeyringbyname-dos(58254)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58254" + }, + { + "name": "[linux-kernel] 20100422 [PATCH 0/1][BUG][IMPORTANT] KEYRINGS: find_keyring_by_name() can gain the freed keyring", + "refsource": "MLIST", + "url": "http://marc.info/?l=linux-kernel&m=127192182917857&w=2" + }, + { + "name": "RHSA-2010:0474", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0474.html" + }, + { + "name": "40645", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40645" + }, + { + "name": "43315", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43315" + }, + { + "name": "[linux-kernel] 20100430 [PATCH 2/7] KEYS: find_keyring_by_name() can gain access to a freed keyring", + "refsource": "MLIST", + "url": "http://marc.info/?l=linux-kernel&m=127274294622730&w=2" + }, + { + "name": "https://patchwork.kernel.org/patch/94038/", + "refsource": "CONFIRM", + "url": "https://patchwork.kernel.org/patch/94038/" + }, + { + "name": "[oss-security] 20100427 Re: CVE request - kernel: find_keyring_by_name() can gain the freed keyring", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/04/28/2" + }, + { + "name": "40218", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40218" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=585094", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=585094" + }, + { + "name": "DSA-2053", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2053" + }, + { + "name": "39719", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39719" + }, + { + "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" + }, + { + "name": "39830", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39830" + }, + { + "name": "ADV-2010-1857", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1857" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3166.json b/2010/3xxx/CVE-2010-3166.json index a2838f89431..4a3683cae7d 100644 --- a/2010/3xxx/CVE-2010-3166.json +++ b/2010/3xxx/CVE-2010-3166.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3166", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the nsTextFrameUtils::TransformText function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a bidirectional text run." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3166", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-53.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-53.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=579655", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=579655" - }, - { - "name" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", - "refsource" : "CONFIRM", - "url" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100112690", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100112690" - }, - { - "name" : "FEDORA-2010-14362", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html" - }, - { - "name" : "MDVSA-2010:173", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:173" - }, - { - "name" : "SUSE-SA:2010:049", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html" - }, - { - "name" : "43102", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43102" - }, - { - "name" : "oval:org.mitre.oval:def:12186", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12186" - }, - { - "name" : "42867", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42867" - }, - { - "name" : "ADV-2010-2323", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2323" - }, - { - "name" : "ADV-2011-0061", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0061" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the nsTextFrameUtils::TransformText function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a bidirectional text run." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2010:049", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html" + }, + { + "name": "oval:org.mitre.oval:def:12186", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12186" + }, + { + "name": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", + "refsource": "CONFIRM", + "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox" + }, + { + "name": "FEDORA-2010-14362", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-53.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-53.html" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100112690", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100112690" + }, + { + "name": "42867", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42867" + }, + { + "name": "ADV-2011-0061", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0061" + }, + { + "name": "MDVSA-2010:173", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:173" + }, + { + "name": "ADV-2010-2323", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2323" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=579655", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=579655" + }, + { + "name": "43102", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43102" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3901.json b/2010/3xxx/CVE-2010-3901.json index fd2b516a0f6..622caf69659 100644 --- a/2010/3xxx/CVE-2010-3901.json +++ b/2010/3xxx/CVE-2010-3901.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3901", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenConnect before 2.25 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary AnyConnect SSL VPN servers via a crafted server certificate that (1) does not correspond to the server hostname or (2) is presented in circumstances involving a missing --cafile configuration option." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3901", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100801 CVE Request -- OpenConnect < v2.25 did not verify SSL server certificates", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/08/01/1" - }, - { - "name" : "[oss-security] 20100802 Re: CVE Request -- OpenConnect < v2.25 did not verify SSL server certificates", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/08/02/7" - }, - { - "name" : "http://www.infradead.org/openconnect.html", - "refsource" : "CONFIRM", - "url" : "http://www.infradead.org/openconnect.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenConnect before 2.25 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary AnyConnect SSL VPN servers via a crafted server certificate that (1) does not correspond to the server hostname or (2) is presented in circumstances involving a missing --cafile configuration option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.infradead.org/openconnect.html", + "refsource": "CONFIRM", + "url": "http://www.infradead.org/openconnect.html" + }, + { + "name": "[oss-security] 20100801 CVE Request -- OpenConnect < v2.25 did not verify SSL server certificates", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/08/01/1" + }, + { + "name": "[oss-security] 20100802 Re: CVE Request -- OpenConnect < v2.25 did not verify SSL server certificates", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/08/02/7" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4201.json b/2010/4xxx/CVE-2010-4201.json index 2a38def51d1..d9cd80967ac 100644 --- a/2010/4xxx/CVE-2010-4201.json +++ b/2010/4xxx/CVE-2010-4201.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4201", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text control selections." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4201", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=58741", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=58741" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html" - }, - { - "name" : "oval:org.mitre.oval:def:12137", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12137" - }, - { - "name" : "42109", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42109" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text control selections." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html" + }, + { + "name": "oval:org.mitre.oval:def:12137", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12137" + }, + { + "name": "42109", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42109" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=58741", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=58741" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4661.json b/2010/4xxx/CVE-2010-4661.json index 3b34bf118b0..3f844ebd550 100644 --- a/2010/4xxx/CVE-2010-4661.json +++ b/2010/4xxx/CVE-2010-4661.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4661", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4661", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0017.json b/2014/0xxx/CVE-2014-0017.json index feb0dc08ec8..675fa5a46ab 100644 --- a/2014/0xxx/CVE-2014-0017.json +++ b/2014/0xxx/CVE-2014-0017.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0017", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid collision." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0017", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140305 libssh and stunnel PRNG flaws", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/03/05/1" - }, - { - "name" : "http://www.libssh.org/2014/03/04/libssh-0-6-3-security-release/", - "refsource" : "CONFIRM", - "url" : "http://www.libssh.org/2014/03/04/libssh-0-6-3-security-release/" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1072191", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1072191" - }, - { - "name" : "DSA-2879", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2879" - }, - { - "name" : "openSUSE-SU-2014:0366", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00036.html" - }, - { - "name" : "openSUSE-SU-2014:0370", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00040.html" - }, - { - "name" : "USN-2145-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2145-1" - }, - { - "name" : "57407", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57407" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid collision." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2145-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2145-1" + }, + { + "name": "DSA-2879", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2879" + }, + { + "name": "openSUSE-SU-2014:0366", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00036.html" + }, + { + "name": "57407", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57407" + }, + { + "name": "[oss-security] 20140305 libssh and stunnel PRNG flaws", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/03/05/1" + }, + { + "name": "http://www.libssh.org/2014/03/04/libssh-0-6-3-security-release/", + "refsource": "CONFIRM", + "url": "http://www.libssh.org/2014/03/04/libssh-0-6-3-security-release/" + }, + { + "name": "openSUSE-SU-2014:0370", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00040.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1072191", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1072191" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0309.json b/2014/0xxx/CVE-2014-0309.json index 6ef22b3c56e..bee325665e5 100644 --- a/2014/0xxx/CVE-2014-0309.json +++ b/2014/0xxx/CVE-2014-0309.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0309", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-0309", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-012", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-012" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS14-012", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-012" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0381.json b/2014/0xxx/CVE-2014-0381.json index 69b88ff7b90..c201069ef35 100644 --- a/2014/0xxx/CVE-2014-0381.json +++ b/2014/0xxx/CVE-2014-0381.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0381", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Technology, a different vulnerability than CVE-2014-0445." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-0381", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" - }, - { - "name" : "64758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64758" - }, - { - "name" : "64892", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64892" - }, - { - "name" : "102045", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102045" - }, - { - "name" : "1029623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029623" - }, - { - "name" : "56478", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56478" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Technology, a different vulnerability than CVE-2014-0445." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102045", + "refsource": "OSVDB", + "url": "http://osvdb.org/102045" + }, + { + "name": "64892", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64892" + }, + { + "name": "56478", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56478" + }, + { + "name": "1029623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029623" + }, + { + "name": "64758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64758" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0420.json b/2014/0xxx/CVE-2014-0420.json index e2618de5760..377f491dce1 100644 --- a/2014/0xxx/CVE-2014-0420.json +++ b/2014/0xxx/CVE-2014-0420.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0420", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Replication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-0420", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "DSA-2848", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2848" - }, - { - "name" : "GLSA-201409-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201409-04.xml" - }, - { - "name" : "RHSA-2014:0173", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0173.html" - }, - { - "name" : "RHSA-2014:0186", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0186.html" - }, - { - "name" : "RHSA-2014:0189", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0189.html" - }, - { - "name" : "USN-2086-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-2086-1" - }, - { - "name" : "64758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64758" - }, - { - "name" : "64888", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64888" - }, - { - "name" : "102077", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102077" - }, - { - "name" : "56491", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56491" - }, - { - "name" : "56580", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56580" - }, - { - "name" : "oracle-cpujan2014-cve20140420(90388)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90388" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Replication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2086-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-2086-1" + }, + { + "name": "56491", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56491" + }, + { + "name": "RHSA-2014:0186", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0186.html" + }, + { + "name": "DSA-2848", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2848" + }, + { + "name": "64888", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64888" + }, + { + "name": "oracle-cpujan2014-cve20140420(90388)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90388" + }, + { + "name": "56580", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56580" + }, + { + "name": "102077", + "refsource": "OSVDB", + "url": "http://osvdb.org/102077" + }, + { + "name": "RHSA-2014:0173", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0173.html" + }, + { + "name": "RHSA-2014:0189", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0189.html" + }, + { + "name": "64758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64758" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + }, + { + "name": "GLSA-201409-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201409-04.xml" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0444.json b/2014/0xxx/CVE-2014-0444.json index 4e707fe2e45..497afecc516 100644 --- a/2014/0xxx/CVE-2014-0444.json +++ b/2014/0xxx/CVE-2014-0444.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0444", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle AutoVue Electro-Mechanical Professional component in Oracle Supply Chain Products Suite 20.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Web General, a different vulnerability than CVE-2013-5868 and CVE-2013-5871." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-0444", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" - }, - { - "name" : "64758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64758" - }, - { - "name" : "64883", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64883" - }, - { - "name" : "102089", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102089" - }, - { - "name" : "1029620", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029620" - }, - { - "name" : "56473", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56473" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle AutoVue Electro-Mechanical Professional component in Oracle Supply Chain Products Suite 20.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Web General, a different vulnerability than CVE-2013-5868 and CVE-2013-5871." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "64883", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64883" + }, + { + "name": "102089", + "refsource": "OSVDB", + "url": "http://osvdb.org/102089" + }, + { + "name": "1029620", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029620" + }, + { + "name": "56473", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56473" + }, + { + "name": "64758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64758" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4349.json b/2014/4xxx/CVE-2014-4349.json index 1a0e1056c3d..513b0f98dc4 100644 --- a/2014/4xxx/CVE-2014-4349.json +++ b/2014/4xxx/CVE-2014-4349.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4349", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a (1) hide or (2) unhide action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4349", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://phpmyadmin.net/home_page/security/PMASA-2014-3.php", - "refsource" : "CONFIRM", - "url" : "http://phpmyadmin.net/home_page/security/PMASA-2014-3.php" - }, - { - "name" : "https://github.com/phpmyadmin/phpmyadmin/commit/d4f754c937f9e2c0beadff5b2e38215dde1d6a79", - "refsource" : "CONFIRM", - "url" : "https://github.com/phpmyadmin/phpmyadmin/commit/d4f754c937f9e2c0beadff5b2e38215dde1d6a79" - }, - { - "name" : "https://github.com/phpmyadmin/phpmyadmin/commit/daa98d0c7ed24b529dc5df0d5905873acd0b00be", - "refsource" : "CONFIRM", - "url" : "https://github.com/phpmyadmin/phpmyadmin/commit/daa98d0c7ed24b529dc5df0d5905873acd0b00be" - }, - { - "name" : "openSUSE-SU-2014:1069", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html" - }, - { - "name" : "68205", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68205" - }, - { - "name" : "60397", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60397" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a (1) hide or (2) unhide action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2014:1069", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html" + }, + { + "name": "https://github.com/phpmyadmin/phpmyadmin/commit/daa98d0c7ed24b529dc5df0d5905873acd0b00be", + "refsource": "CONFIRM", + "url": "https://github.com/phpmyadmin/phpmyadmin/commit/daa98d0c7ed24b529dc5df0d5905873acd0b00be" + }, + { + "name": "http://phpmyadmin.net/home_page/security/PMASA-2014-3.php", + "refsource": "CONFIRM", + "url": "http://phpmyadmin.net/home_page/security/PMASA-2014-3.php" + }, + { + "name": "68205", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68205" + }, + { + "name": "60397", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60397" + }, + { + "name": "https://github.com/phpmyadmin/phpmyadmin/commit/d4f754c937f9e2c0beadff5b2e38215dde1d6a79", + "refsource": "CONFIRM", + "url": "https://github.com/phpmyadmin/phpmyadmin/commit/d4f754c937f9e2c0beadff5b2e38215dde1d6a79" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4452.json b/2014/4xxx/CVE-2014-4452.json index 41abbe864d4..d82892f2b99 100644 --- a/2014/4xxx/CVE-2014-4452.json +++ b/2014/4xxx/CVE-2014-4452.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4452", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4452", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT6596", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6596" - }, - { - "name" : "https://support.apple.com/en-us/HT6590", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/en-us/HT6590" - }, - { - "name" : "https://support.apple.com/en-us/HT6592", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/en-us/HT6592" - }, - { - "name" : "https://support.apple.com/kb/HT204949", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT204949" - }, - { - "name" : "https://support.apple.com/en-us/HT204418", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/en-us/HT204418" - }, - { - "name" : "https://support.apple.com/en-us/HT204420", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/en-us/HT204420" - }, - { - "name" : "APPLE-SA-2014-11-17-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html" - }, - { - "name" : "APPLE-SA-2014-11-17-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2014/Nov/msg00002.html" - }, - { - "name" : "APPLE-SA-2014-12-2-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html" - }, - { - "name" : "APPLE-SA-2015-06-30-6", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html" - }, - { - "name" : "71137", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71137" - }, - { - "name" : "1031231", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031231" - }, - { - "name" : "62504", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62504" - }, - { - "name" : "62505", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62505" - }, - { - "name" : "appletv-cve20144452-code-exec(98771)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98771" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2014-11-17-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html" + }, + { + "name": "APPLE-SA-2014-11-17-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2014/Nov/msg00002.html" + }, + { + "name": "62505", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62505" + }, + { + "name": "APPLE-SA-2015-06-30-6", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html" + }, + { + "name": "https://support.apple.com/en-us/HT6590", + "refsource": "CONFIRM", + "url": "https://support.apple.com/en-us/HT6590" + }, + { + "name": "1031231", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031231" + }, + { + "name": "62504", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62504" + }, + { + "name": "https://support.apple.com/kb/HT204949", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT204949" + }, + { + "name": "appletv-cve20144452-code-exec(98771)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98771" + }, + { + "name": "71137", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71137" + }, + { + "name": "http://support.apple.com/kb/HT6596", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6596" + }, + { + "name": "APPLE-SA-2014-12-2-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html" + }, + { + "name": "https://support.apple.com/en-us/HT204420", + "refsource": "CONFIRM", + "url": "https://support.apple.com/en-us/HT204420" + }, + { + "name": "https://support.apple.com/en-us/HT204418", + "refsource": "CONFIRM", + "url": "https://support.apple.com/en-us/HT204418" + }, + { + "name": "https://support.apple.com/en-us/HT6592", + "refsource": "CONFIRM", + "url": "https://support.apple.com/en-us/HT6592" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4609.json b/2014/4xxx/CVE-2014-4609.json index 4a5b0e4fa2f..ab47a9df339 100644 --- a/2014/4xxx/CVE-2014-4609.json +++ b/2014/4xxx/CVE-2014-4609.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4609", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4609", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4623.json b/2014/4xxx/CVE-2014-4623.json index 24a09ba574e..c9fb27f5a12 100644 --- a/2014/4xxx/CVE-2014-4623.json +++ b/2014/4xxx/CVE-2014-4623.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4623", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2014-4623", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141022 ESA-2014-094: EMC Avamar Weak Password Storage Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-10/0146.html" - }, - { - "name" : "http://packetstormsecurity.com/files/128842/EMC-Avamar-Weak-Password-Storage.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128842/EMC-Avamar-Weak-Password-Storage.html" - }, - { - "name" : "70732", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70732" - }, - { - "name" : "1031117", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031117" - }, - { - "name" : "emc-avamar-cve20144623-info-disc(97757)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97757" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70732", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70732" + }, + { + "name": "emc-avamar-cve20144623-info-disc(97757)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97757" + }, + { + "name": "1031117", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031117" + }, + { + "name": "20141022 ESA-2014-094: EMC Avamar Weak Password Storage Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0146.html" + }, + { + "name": "http://packetstormsecurity.com/files/128842/EMC-Avamar-Weak-Password-Storage.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128842/EMC-Avamar-Weak-Password-Storage.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4817.json b/2014/4xxx/CVE-2014-4817.json index 16376f29c50..2f7c61eef2a 100644 --- a/2014/4xxx/CVE-2014-4817.json +++ b/2014/4xxx/CVE-2014-4817.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4817", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The server in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.3.5.10 and 7.x before 7.1.1.100 allows remote attackers to bypass intended access restrictions and replace file backups by using a certain backup option in conjunction with a filename that matches a previously used filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-4817", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686874", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686874" - }, - { - "name" : "IT04884", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04884" - }, - { - "name" : "ibm-tsm-cve20144817-file-overwrite(95444)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95444" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The server in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.3.5.10 and 7.x before 7.1.1.100 allows remote attackers to bypass intended access restrictions and replace file backups by using a certain backup option in conjunction with a filename that matches a previously used filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-tsm-cve20144817-file-overwrite(95444)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95444" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686874", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686874" + }, + { + "name": "IT04884", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04884" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8519.json b/2014/8xxx/CVE-2014-8519.json index b7aac4ac791..74ee0f75558 100644 --- a/2014/8xxx/CVE-2014-8519.json +++ b/2014/8xxx/CVE-2014-8519.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8519", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to read arbitrary files via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8519", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10044", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10044" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to read arbitrary files via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10044", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10044" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9567.json b/2014/9xxx/CVE-2014-9567.json index 74943a88bc4..0caec75bb6e 100644 --- a/2014/9xxx/CVE-2014-9567.json +++ b/2014/9xxx/CVE-2014-9567.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9567", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the upload/files/ or upload/temp/ directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9567", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35424", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35424" - }, - { - "name" : "35660", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35660" - }, - { - "name" : "http://packetstormsecurity.com/files/129759/ProjectSend-Arbitrary-File-Upload.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129759/ProjectSend-Arbitrary-File-Upload.html" - }, - { - "name" : "116469", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/116469" - }, - { - "name" : "projectsend-processupload-file-upload(99548)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99548" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the upload/files/ or upload/temp/ directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35424", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35424" + }, + { + "name": "http://packetstormsecurity.com/files/129759/ProjectSend-Arbitrary-File-Upload.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129759/ProjectSend-Arbitrary-File-Upload.html" + }, + { + "name": "35660", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35660" + }, + { + "name": "116469", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/116469" + }, + { + "name": "projectsend-processupload-file-upload(99548)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99548" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3476.json b/2016/3xxx/CVE-2016-3476.json index 2cfd6135130..b33b5e5a06a 100644 --- a/2016/3xxx/CVE-2016-3476.json +++ b/2016/3xxx/CVE-2016-3476.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3476", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote attackers to affect confidentiality and integrity via vectors related to Information Manager Console." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3476", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "91948", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91948" - }, - { - "name" : "1036400", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036400" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote attackers to affect confidentiality and integrity via vectors related to Information Manager Console." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036400", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036400" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "91948", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91948" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3612.json b/2016/3xxx/CVE-2016-3612.json index 7272834351a..8b59a48f30b 100644 --- a/2016/3xxx/CVE-2016-3612.json +++ b/2016/3xxx/CVE-2016-3612.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3612", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.22 allows remote attackers to affect confidentiality via vectors related to Core." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "91860", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91860" - }, - { - "name" : "1036384", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036384" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.22 allows remote attackers to affect confidentiality via vectors related to Core." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "91860", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91860" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "1036384", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036384" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3816.json b/2016/3xxx/CVE-2016-3816.json index c2f1d00e940..b6e82550da0 100644 --- a/2016/3xxx/CVE-2016-3816.json +++ b/2016/3xxx/CVE-2016-3816.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3816", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MediaTek display driver in Android before 2016-07-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28402240." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3816", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-07-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-07-01.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MediaTek display driver in Android before 2016-07-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28402240." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-07-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-07-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3938.json b/2016/3xxx/CVE-2016-3938.json index bc12a113445..4121cdb8cfa 100644 --- a/2016/3xxx/CVE-2016-3938.json +++ b/2016/3xxx/CVE-2016-3938.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3938", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "drivers/video/msm/mdss/mdss_mdp_overlay.c in the Qualcomm video driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 30019716 and Qualcomm internal bug CR 1049232." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3938", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-10-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-10-01.html" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=467c81f9736b1ebc8d4ba70f9221bba02425ca10", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=467c81f9736b1ebc8d4ba70f9221bba02425ca10" - }, - { - "name" : "93336", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93336" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "drivers/video/msm/mdss/mdss_mdp_overlay.c in the Qualcomm video driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 30019716 and Qualcomm internal bug CR 1049232." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93336", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93336" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=467c81f9736b1ebc8d4ba70f9221bba02425ca10", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=467c81f9736b1ebc8d4ba70f9221bba02425ca10" + }, + { + "name": "http://source.android.com/security/bulletin/2016-10-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-10-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6456.json b/2016/6xxx/CVE-2016-6456.json index 1a5ce4c9f9a..7ea6dc0c5e1 100644 --- a/2016/6xxx/CVE-2016-6456.json +++ b/2016/6xxx/CVE-2016-6456.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6456", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6456", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6555.json b/2016/6xxx/CVE-2016-6555.json index c24d6ac387c..120652f5f04 100644 --- a/2016/6xxx/CVE-2016-6555.json +++ b/2016/6xxx/CVE-2016-6555.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6555", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6555", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6861.json b/2016/6xxx/CVE-2016-6861.json index 9084b792c29..fc47aa19248 100644 --- a/2016/6xxx/CVE-2016-6861.json +++ b/2016/6xxx/CVE-2016-6861.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6861", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6861", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7167.json b/2016/7xxx/CVE-2016-7167.json index 15a6f6c61e6..636cfb33113 100644 --- a/2016/7xxx/CVE-2016-7167.json +++ b/2016/7xxx/CVE-2016-7167.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7167", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7167", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181106 [SECURITY] [DLA 1568-1] curl security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html" - }, - { - "name" : "https://curl.haxx.se/docs/adv_20160914.html", - "refsource" : "CONFIRM", - "url" : "https://curl.haxx.se/docs/adv_20160914.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "FEDORA-2016-08533fc59c", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B3IU2FRXQNU6UJIQT4NGLWWTP2GJQXO7/" - }, - { - "name" : "FEDORA-2016-7a2ed52d41", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTH54DFOS4TSYPG5XKJDGAG4XPAR4T7M/" - }, - { - "name" : "FEDORA-2016-80f4f71eff", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZMRWVISG7VUCYRMF23A2UHMYD72VQWAK/" - }, - { - "name" : "GLSA-201701-47", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-47" - }, - { - "name" : "RHSA-2017:2016", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2016" - }, - { - "name" : "RHSA-2018:2486", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2486" - }, - { - "name" : "RHSA-2018:3558", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3558" - }, - { - "name" : "SSA:2016-259-01", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.538632" - }, - { - "name" : "92975", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92975" - }, - { - "name" : "1036813", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036813" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2016-80f4f71eff", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZMRWVISG7VUCYRMF23A2UHMYD72VQWAK/" + }, + { + "name": "SSA:2016-259-01", + "refsource": "SLACKWARE", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.538632" + }, + { + "name": "RHSA-2018:3558", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3558" + }, + { + "name": "FEDORA-2016-08533fc59c", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B3IU2FRXQNU6UJIQT4NGLWWTP2GJQXO7/" + }, + { + "name": "92975", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92975" + }, + { + "name": "[debian-lts-announce] 20181106 [SECURITY] [DLA 1568-1] curl security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html" + }, + { + "name": "1036813", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036813" + }, + { + "name": "https://curl.haxx.se/docs/adv_20160914.html", + "refsource": "CONFIRM", + "url": "https://curl.haxx.se/docs/adv_20160914.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "RHSA-2017:2016", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2016" + }, + { + "name": "RHSA-2018:2486", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2486" + }, + { + "name": "GLSA-201701-47", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-47" + }, + { + "name": "FEDORA-2016-7a2ed52d41", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTH54DFOS4TSYPG5XKJDGAG4XPAR4T7M/" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7175.json b/2016/7xxx/CVE-2016-7175.json index 6c4b591542b..ac60b8af16e 100644 --- a/2016/7xxx/CVE-2016-7175.json +++ b/2016/7xxx/CVE-2016-7175.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7175", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector in Wireshark 2.x before 2.0.6 mishandles MAC address data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7175", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11850", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11850" - }, - { - "name" : "https://code.wireshark.org/review/16965", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/16965" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1396f6ad555178f6b81cc1a65f9cb37b2d99aebf", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1396f6ad555178f6b81cc1a65f9cb37b2d99aebf" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2016-50.html", - "refsource" : "CONFIRM", - "url" : "https://www.wireshark.org/security/wnpa-sec-2016-50.html" - }, - { - "name" : "1036760", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036760" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector in Wireshark 2.x before 2.0.6 mishandles MAC address data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.wireshark.org/security/wnpa-sec-2016-50.html", + "refsource": "CONFIRM", + "url": "https://www.wireshark.org/security/wnpa-sec-2016-50.html" + }, + { + "name": "https://code.wireshark.org/review/16965", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/16965" + }, + { + "name": "1036760", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036760" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1396f6ad555178f6b81cc1a65f9cb37b2d99aebf", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1396f6ad555178f6b81cc1a65f9cb37b2d99aebf" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11850", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11850" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7442.json b/2016/7xxx/CVE-2016-7442.json index 79ed4c4906c..e02f75328c7 100644 --- a/2016/7xxx/CVE-2016-7442.json +++ b/2016/7xxx/CVE-2016-7442.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7442", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the \"value\" field of the proxy user settings in \"system settings / scan settings / anti spam\" configuration tab." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7442", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160930 Multiple exposures in Sophos UTM", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/539518/100/0/threaded" - }, - { - "name" : "93266", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93266" - }, - { - "name" : "1036931", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036931" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the \"value\" field of the proxy user settings in \"system settings / scan settings / anti spam\" configuration tab." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036931", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036931" + }, + { + "name": "93266", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93266" + }, + { + "name": "20160930 Multiple exposures in Sophos UTM", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/539518/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7775.json b/2016/7xxx/CVE-2016-7775.json index f1036415d22..16b483de805 100644 --- a/2016/7xxx/CVE-2016-7775.json +++ b/2016/7xxx/CVE-2016-7775.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7775", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7775", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7875.json b/2016/7xxx/CVE-2016-7875.json index ad6e1404e02..ad9f4b8d156 100644 --- a/2016/7xxx/CVE-2016-7875.json +++ b/2016/7xxx/CVE-2016-7875.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2016-7875", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable integer overflow vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Integer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-7875", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier", + "version": { + "version_data": [ + { + "version_value": "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-621", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-621" - }, - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html" - }, - { - "name" : "GLSA-201701-17", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-17" - }, - { - "name" : "MS16-154", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154" - }, - { - "name" : "RHSA-2016:2947", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2947.html" - }, - { - "name" : "SUSE-SU-2016:3148", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html" - }, - { - "name" : "openSUSE-SU-2016:3160", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html" - }, - { - "name" : "94866", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94866" - }, - { - "name" : "1037442", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037442" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable integer overflow vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2016:3148", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html" + }, + { + "name": "MS16-154", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154" + }, + { + "name": "GLSA-201701-17", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-17" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-621", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-621" + }, + { + "name": "1037442", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037442" + }, + { + "name": "94866", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94866" + }, + { + "name": "RHSA-2016:2947", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2947.html" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html" + }, + { + "name": "openSUSE-SU-2016:3160", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8016.json b/2016/8xxx/CVE-2016-8016.json index 92e260242d0..80b701074d1 100644 --- a/2016/8xxx/CVE-2016-8016.json +++ b/2016/8xxx/CVE-2016-8016.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "ID" : "CVE-2016-8016", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "VirusScan Enterprise Linux (VSEL)", - "version" : { - "version_data" : [ - { - "version_value" : "2.0.3 (and earlier)" - } - ] - } - } - ] - }, - "vendor_name" : "Intel" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Information exposure in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to obtain the existence of unauthorized files on the system via a URL parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information exposure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "ID": "CVE-2016-8016", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VirusScan Enterprise Linux (VSEL)", + "version": { + "version_data": [ + { + "version_value": "2.0.3 (and earlier)" + } + ] + } + } + ] + }, + "vendor_name": "Intel" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40911", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40911/" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10181", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10181" - }, - { - "name" : "94823", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94823" - }, - { - "name" : "1037433", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037433" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Information exposure in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to obtain the existence of unauthorized files on the system via a URL parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94823", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94823" + }, + { + "name": "1037433", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037433" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10181", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10181" + }, + { + "name": "40911", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40911/" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8154.json b/2016/8xxx/CVE-2016-8154.json index f53486c77a0..633e6ab673c 100644 --- a/2016/8xxx/CVE-2016-8154.json +++ b/2016/8xxx/CVE-2016-8154.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8154", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8154", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8649.json b/2016/8xxx/CVE-2016-8649.json index f1f4b88ba6b..670bc0f734c 100644 --- a/2016/8xxx/CVE-2016-8649.json +++ b/2016/8xxx/CVE-2016-8649.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-8649", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "LXC before 1.0.9 and 2.x before 2.0.6", - "version" : { - "version_data" : [ - { - "version_value" : "LXC before 1.0.9 and 2.x before 2.0.6" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "container bypass" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-8649", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LXC before 1.0.9 and 2.x before 2.0.6", + "version": { + "version_data": [ + { + "version_value": "LXC before 1.0.9 and 2.x before 2.0.6" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845465", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845465" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1639345", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1639345" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1398242", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1398242" - }, - { - "name" : "https://github.com/lxc/lxc/commit/81f466d05f2a89cb4f122ef7f593ff3f279b165c", - "refsource" : "CONFIRM", - "url" : "https://github.com/lxc/lxc/commit/81f466d05f2a89cb4f122ef7f593ff3f279b165c" - }, - { - "name" : "https://security-tracker.debian.org/tracker/CVE-2016-8649", - "refsource" : "CONFIRM", - "url" : "https://security-tracker.debian.org/tracker/CVE-2016-8649" - }, - { - "name" : "94498", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94498" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "container bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1398242", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1398242" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1639345", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1639345" + }, + { + "name": "https://github.com/lxc/lxc/commit/81f466d05f2a89cb4f122ef7f593ff3f279b165c", + "refsource": "CONFIRM", + "url": "https://github.com/lxc/lxc/commit/81f466d05f2a89cb4f122ef7f593ff3f279b165c" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845465", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845465" + }, + { + "name": "https://security-tracker.debian.org/tracker/CVE-2016-8649", + "refsource": "CONFIRM", + "url": "https://security-tracker.debian.org/tracker/CVE-2016-8649" + }, + { + "name": "94498", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94498" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8730.json b/2016/8xxx/CVE-2016-8730.json index f8c5ef9085b..d440cd9e434 100644 --- a/2016/8xxx/CVE-2016-8730.json +++ b/2016/8xxx/CVE-2016-8730.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2017-07-20T00:00:00", - "ID" : "CVE-2016-8730", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Corel PHOTO-PAINT", - "version" : { - "version_data" : [ - { - "version_value" : "X8 (Corel Import/Export Filter (64-Bit) - 18.1.0.661) - x64 version" - } - ] - } - } - ] - }, - "vendor_name" : "Corel" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An of bound write / memory corruption vulnerability exists in the GIF parsing functionality of Core PHOTO-PAINT X8 18.1.0.661. A specially crafted GIF file can cause a vulnerability resulting in potential memory corruption resulting in code execution. An attacker can send the victim a specific GIF file to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out of bounds Write" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2017-07-20T00:00:00", + "ID": "CVE-2016-8730", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Corel PHOTO-PAINT", + "version": { + "version_data": [ + { + "version_value": "X8 (Corel Import/Export Filter (64-Bit) - 18.1.0.661) - x64 version" + } + ] + } + } + ] + }, + "vendor_name": "Corel" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0244", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0244" - }, - { - "name" : "99900", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99900" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An of bound write / memory corruption vulnerability exists in the GIF parsing functionality of Core PHOTO-PAINT X8 18.1.0.661. A specially crafted GIF file can cause a vulnerability resulting in potential memory corruption resulting in code execution. An attacker can send the victim a specific GIF file to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out of bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0244", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0244" + }, + { + "name": "99900", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99900" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8793.json b/2016/8xxx/CVE-2016-8793.json index 91a235f6219..8d0acb9853e 100644 --- a/2016/8xxx/CVE-2016-8793.json +++ b/2016/8xxx/CVE-2016-8793.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2016-8793", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Mate 8,Mate S,P8 Versions before NXT-AL10C00B386,Versions before NXT-CL00C92B386,Versions before NXT-DL00C17B386,Versions before NXT-TL00C01B386,Versions before CRR-CL00C92B368,Versions before CRR-CL20C92B368,Versions before CRR-TL00C01B368,Versions before CRR-UL00C00B368,Versions before CRR-UL20C00B368,Versions before GRA-TL00C01B366,Versions before GRA-CL00C92B366,Versions before GRA-CL10C92B366,Versions before GRA-UL00C00B366,Versions before GRA-UL10C00B366", - "version" : { - "version_data" : [ - { - "version_value" : "Mate 8,Mate S,P8 Versions before NXT-AL10C00B386,Versions before NXT-CL00C92B386,Versions before NXT-DL00C17B386,Versions before NXT-TL00C01B386,Versions before CRR-CL00C92B368,Versions before CRR-CL20C92B368,Versions before CRR-TL00C01B368,Versions before CRR-UL00C00B368,Versions before CRR-UL20C00B368,Versions before GRA-TL00C01B366,Versions before GRA-CL00C92B366,Versions before GRA-CL10C92B366,Versions before GRA-UL00C00B366,Versions before GRA-UL10C00B366" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "input validation" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2016-8793", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Mate 8,Mate S,P8 Versions before NXT-AL10C00B386,Versions before NXT-CL00C92B386,Versions before NXT-DL00C17B386,Versions before NXT-TL00C01B386,Versions before CRR-CL00C92B368,Versions before CRR-CL20C92B368,Versions before CRR-TL00C01B368,Versions before CRR-UL00C00B368,Versions before CRR-UL20C00B368,Versions before GRA-TL00C01B366,Versions before GRA-CL00C92B366,Versions before GRA-CL10C92B366,Versions before GRA-UL00C00B366,Versions before GRA-UL10C00B366", + "version": { + "version_data": [ + { + "version_value": "Mate 8,Mate S,P8 Versions before NXT-AL10C00B386,Versions before NXT-CL00C92B386,Versions before NXT-DL00C17B386,Versions before NXT-TL00C01B386,Versions before CRR-CL00C92B368,Versions before CRR-CL20C92B368,Versions before CRR-TL00C01B368,Versions before CRR-UL00C00B368,Versions before CRR-UL20C00B368,Versions before GRA-TL00C01B366,Versions before GRA-CL00C92B366,Versions before GRA-CL10C92B366,Versions before GRA-UL00C00B366,Versions before GRA-UL10C00B366" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-smartphone-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-smartphone-en" - }, - { - "name" : "94404", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94404" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "input validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-smartphone-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-smartphone-en" + }, + { + "name": "94404", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94404" + } + ] + } +} \ No newline at end of file