From 048abb552625ebac8da81b9341ac2bc06abc1caf Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 00:28:32 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0417.json | 190 ++++++------- 2006/0xxx/CVE-2006-0580.json | 170 ++++++------ 2006/0xxx/CVE-2006-0958.json | 180 ++++++------- 2006/1xxx/CVE-2006-1235.json | 150 +++++------ 2006/1xxx/CVE-2006-1342.json | 290 ++++++++++---------- 2006/1xxx/CVE-2006-1619.json | 150 +++++------ 2006/5xxx/CVE-2006-5121.json | 180 ++++++------- 2006/5xxx/CVE-2006-5303.json | 140 +++++----- 2006/5xxx/CVE-2006-5415.json | 180 ++++++------- 2006/5xxx/CVE-2006-5487.json | 200 +++++++------- 2006/5xxx/CVE-2006-5580.json | 34 +-- 2007/2xxx/CVE-2007-2486.json | 160 +++++------ 2007/2xxx/CVE-2007-2809.json | 190 ++++++------- 2007/2xxx/CVE-2007-2930.json | 400 ++++++++++++++-------------- 2010/0xxx/CVE-2010-0108.json | 180 ++++++------- 2010/0xxx/CVE-2010-0152.json | 130 ++++----- 2010/0xxx/CVE-2010-0160.json | 320 +++++++++++----------- 2010/0xxx/CVE-2010-0255.json | 230 ++++++++-------- 2010/1xxx/CVE-2010-1050.json | 140 +++++----- 2010/3xxx/CVE-2010-3212.json | 160 +++++------ 2010/3xxx/CVE-2010-3335.json | 190 ++++++------- 2010/3xxx/CVE-2010-3824.json | 220 +++++++-------- 2010/3xxx/CVE-2010-3940.json | 150 +++++------ 2010/4xxx/CVE-2010-4076.json | 180 ++++++------- 2010/4xxx/CVE-2010-4085.json | 140 +++++----- 2010/4xxx/CVE-2010-4240.json | 34 +-- 2010/4xxx/CVE-2010-4444.json | 180 ++++++------- 2010/4xxx/CVE-2010-4603.json | 160 +++++------ 2014/0xxx/CVE-2014-0054.json | 160 +++++------ 2014/0xxx/CVE-2014-0207.json | 310 +++++++++++----------- 2014/0xxx/CVE-2014-0265.json | 34 +-- 2014/0xxx/CVE-2014-0696.json | 34 +-- 2014/0xxx/CVE-2014-0898.json | 34 +-- 2014/4xxx/CVE-2014-4027.json | 250 +++++++++--------- 2014/4xxx/CVE-2014-4307.json | 130 ++++----- 2014/4xxx/CVE-2014-4489.json | 180 ++++++------- 2014/4xxx/CVE-2014-4633.json | 120 ++++----- 2014/8xxx/CVE-2014-8639.json | 500 +++++++++++++++++------------------ 2014/9xxx/CVE-2014-9157.json | 210 +++++++-------- 2014/9xxx/CVE-2014-9355.json | 130 ++++----- 2014/9xxx/CVE-2014-9557.json | 130 ++++----- 2014/9xxx/CVE-2014-9564.json | 130 ++++----- 2014/9xxx/CVE-2014-9735.json | 180 ++++++------- 2014/9xxx/CVE-2014-9848.json | 190 ++++++------- 2016/3xxx/CVE-2016-3409.json | 140 +++++----- 2016/3xxx/CVE-2016-3835.json | 140 +++++----- 2016/6xxx/CVE-2016-6127.json | 140 +++++----- 2016/6xxx/CVE-2016-6252.json | 200 +++++++------- 2016/6xxx/CVE-2016-6336.json | 140 +++++----- 2016/6xxx/CVE-2016-6466.json | 140 +++++----- 2016/6xxx/CVE-2016-6621.json | 140 +++++----- 2016/7xxx/CVE-2016-7013.json | 140 +++++----- 2016/7xxx/CVE-2016-7309.json | 34 +-- 2016/7xxx/CVE-2016-7632.json | 180 ++++++------- 2016/7xxx/CVE-2016-7691.json | 34 +-- 2016/7xxx/CVE-2016-7800.json | 190 ++++++------- 2016/8xxx/CVE-2016-8251.json | 34 +-- 2016/8xxx/CVE-2016-8470.json | 130 ++++----- 58 files changed, 4766 insertions(+), 4766 deletions(-) diff --git a/2006/0xxx/CVE-2006-0417.json b/2006/0xxx/CVE-2006-0417.json index 39d5a565df2..4d7e6bbf120 100644 --- a/2006/0xxx/CVE-2006-0417.json +++ b/2006/0xxx/CVE-2006-0417.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0417", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in login.php in miniBloggie 1.0 and earlier, when gpc_magic_quotes is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0417", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060124 [eVuln] miniBloggie Authentication Bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/423126/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/47/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/47/summary.html" - }, - { - "name" : "16367", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16367" - }, - { - "name" : "ADV-2006-0310", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0310" - }, - { - "name" : "22729", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22729" - }, - { - "name" : "1015534", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015534" - }, - { - "name" : "18604", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18604" - }, - { - "name" : "minibloggie-login-sql-injection(24280)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24280" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in login.php in miniBloggie 1.0 and earlier, when gpc_magic_quotes is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0310", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0310" + }, + { + "name": "16367", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16367" + }, + { + "name": "http://evuln.com/vulns/47/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/47/summary.html" + }, + { + "name": "22729", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22729" + }, + { + "name": "18604", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18604" + }, + { + "name": "1015534", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015534" + }, + { + "name": "minibloggie-login-sql-injection(24280)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24280" + }, + { + "name": "20060124 [eVuln] miniBloggie Authentication Bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/423126/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0580.json b/2006/0xxx/CVE-2006-0580.json index 5b3b5a7bf04..f864bbf7c31 100644 --- a/2006/0xxx/CVE-2006-0580.json +++ b/2006/0xxx/CVE-2006-0580.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0580", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Lotus Domino Server 7.0 allows remote attackers to cause a denial of service (segmentation fault) via a crafted packet to the LDAP port (389/TCP)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0580", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Dailydave] 20060203 ProtoVer vs Lotus Domino Server 7.0", - "refsource" : "MLIST", - "url" : "http://lists.immunitysec.com/pipermail/dailydave/2006-February/002896.html" - }, - { - "name" : "16523", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16523" - }, - { - "name" : "ADV-2006-0458", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0458" - }, - { - "name" : "1015592", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015592" - }, - { - "name" : "18738", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18738" - }, - { - "name" : "lotus-domino-ldap-dos(24518)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24518" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Lotus Domino Server 7.0 allows remote attackers to cause a denial of service (segmentation fault) via a crafted packet to the LDAP port (389/TCP)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16523", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16523" + }, + { + "name": "ADV-2006-0458", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0458" + }, + { + "name": "lotus-domino-ldap-dos(24518)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24518" + }, + { + "name": "18738", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18738" + }, + { + "name": "1015592", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015592" + }, + { + "name": "[Dailydave] 20060203 ProtoVer vs Lotus Domino Server 7.0", + "refsource": "MLIST", + "url": "http://lists.immunitysec.com/pipermail/dailydave/2006-February/002896.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0958.json b/2006/0xxx/CVE-2006-0958.json index 5d1a74831a5..2a46ba75f85 100644 --- a/2006/0xxx/CVE-2006-0958.json +++ b/2006/0xxx/CVE-2006-0958.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0958", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in func.inc.php in ZoneO-Soft freeForum before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) subject parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0958", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060310 [eVuln] FreeForum PHP Code Execution & Multiple XSS Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/427321/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/89/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/89/summary.html" - }, - { - "name" : "http://soft.zoneo.net/freeForum/changes.php", - "refsource" : "CONFIRM", - "url" : "http://soft.zoneo.net/freeForum/changes.php" - }, - { - "name" : "16877", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16877" - }, - { - "name" : "ADV-2006-0759", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0759" - }, - { - "name" : "19020", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19020" - }, - { - "name" : "freeforum-func-xss(24925)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24925" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in func.inc.php in ZoneO-Soft freeForum before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) subject parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060310 [eVuln] FreeForum PHP Code Execution & Multiple XSS Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/427321/100/0/threaded" + }, + { + "name": "ADV-2006-0759", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0759" + }, + { + "name": "freeforum-func-xss(24925)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24925" + }, + { + "name": "http://evuln.com/vulns/89/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/89/summary.html" + }, + { + "name": "16877", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16877" + }, + { + "name": "http://soft.zoneo.net/freeForum/changes.php", + "refsource": "CONFIRM", + "url": "http://soft.zoneo.net/freeForum/changes.php" + }, + { + "name": "19020", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19020" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1235.json b/2006/1xxx/CVE-2006-1235.json index 6481692c263..41ca1b07609 100644 --- a/2006/1xxx/CVE-2006-1235.json +++ b/2006/1xxx/CVE-2006-1235.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1235", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in admin/deleteuser.php in HitHost 1.0.0 might allow remote attackers to delete directories (possibly only empty directories) via the $deleteuser variable. NOTE: the initial disclosure for this issue indicated that the researcher was unable to prove this issue; however, this might have been due to certain behaviors of rmdir." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1235", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060306 histhost v1.0.0 xss and possible rmdir", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426931/100/0/threaded" - }, - { - "name" : "20060314 Re: histhost v1.0.0 xss and possible rmdir", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/427631/100/0/threaded" - }, - { - "name" : "19155", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19155" - }, - { - "name" : "hithost-deleteuser-directory-deletion(25106)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25106" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in admin/deleteuser.php in HitHost 1.0.0 might allow remote attackers to delete directories (possibly only empty directories) via the $deleteuser variable. NOTE: the initial disclosure for this issue indicated that the researcher was unable to prove this issue; however, this might have been due to certain behaviors of rmdir." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19155", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19155" + }, + { + "name": "hithost-deleteuser-directory-deletion(25106)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25106" + }, + { + "name": "20060306 histhost v1.0.0 xss and possible rmdir", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426931/100/0/threaded" + }, + { + "name": "20060314 Re: histhost v1.0.0 xss and possible rmdir", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/427631/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1342.json b/2006/1xxx/CVE-2006-1342.json index 1e071ecf884..e2d5e5e4603 100644 --- a/2006/1xxx/CVE-2006-1342.json +++ b/2006/1xxx/CVE-2006-1342.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1342", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the (1) getsockname, (2) getpeername, and (3) accept functions, which allows local users to obtain portions of potentially sensitive memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security-info@sgi.com", + "ID": "CVE-2006-1342", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451404/100/0/threaded" - }, - { - "name" : "20061113 VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451419/100/200/threaded" - }, - { - "name" : "20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451417/100/200/threaded" - }, - { - "name" : "20061113 VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451426/100/200/threaded" - }, - { - "name" : "[linux-netdev] 20060304 BUG: Small information leak in SO_ORIGINAL_DST (2.4 and 2.6) and", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=linux-netdev&m=114148078223594&w=2" - }, - { - "name" : "http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=09d3b3dcfa80c9094f1748c1be064b9326c9ef2b", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=09d3b3dcfa80c9094f1748c1be064b9326c9ef2b" - }, - { - "name" : "http://www.vmware.com/download/esx/esx-202-200610-patch.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/download/esx/esx-202-200610-patch.html" - }, - { - "name" : "http://www.vmware.com/download/esx/esx-213-200610-patch.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/download/esx/esx-213-200610-patch.html" - }, - { - "name" : "http://www.vmware.com/download/esx/esx-254-200610-patch.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/download/esx/esx-254-200610-patch.html" - }, - { - "name" : "RHSA-2006:0579", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0579.html" - }, - { - "name" : "RHSA-2006:0580", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0580.html" - }, - { - "name" : "SUSE-SA:2006:028", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006-05-31.html" - }, - { - "name" : "17203", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17203" - }, - { - "name" : "ADV-2006-4502", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4502" - }, - { - "name" : "19357", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19357" - }, - { - "name" : "21035", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21035" - }, - { - "name" : "20398", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20398" - }, - { - "name" : "22875", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22875" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the (1) getsockname, (2) getpeername, and (3) accept functions, which allows local users to obtain portions of potentially sensitive memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=09d3b3dcfa80c9094f1748c1be064b9326c9ef2b", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=09d3b3dcfa80c9094f1748c1be064b9326c9ef2b" + }, + { + "name": "ADV-2006-4502", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4502" + }, + { + "name": "RHSA-2006:0579", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0579.html" + }, + { + "name": "22875", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22875" + }, + { + "name": "http://www.vmware.com/download/esx/esx-202-200610-patch.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/download/esx/esx-202-200610-patch.html" + }, + { + "name": "20061113 VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451426/100/200/threaded" + }, + { + "name": "21035", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21035" + }, + { + "name": "http://www.vmware.com/download/esx/esx-213-200610-patch.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/download/esx/esx-213-200610-patch.html" + }, + { + "name": "SUSE-SA:2006:028", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006-05-31.html" + }, + { + "name": "RHSA-2006:0580", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0580.html" + }, + { + "name": "http://www.vmware.com/download/esx/esx-254-200610-patch.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/download/esx/esx-254-200610-patch.html" + }, + { + "name": "19357", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19357" + }, + { + "name": "20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451404/100/0/threaded" + }, + { + "name": "20398", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20398" + }, + { + "name": "20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451417/100/200/threaded" + }, + { + "name": "17203", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17203" + }, + { + "name": "20061113 VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451419/100/200/threaded" + }, + { + "name": "[linux-netdev] 20060304 BUG: Small information leak in SO_ORIGINAL_DST (2.4 and 2.6) and", + "refsource": "MLIST", + "url": "http://marc.info/?l=linux-netdev&m=114148078223594&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1619.json b/2006/1xxx/CVE-2006-1619.json index bb90997fdeb..b11aeb7189c 100644 --- a/2006/1xxx/CVE-2006-1619.json +++ b/2006/1xxx/CVE-2006-1619.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1619", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server 4.0.1 through 4.0.3 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a large header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1619", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "PQ62144", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21053738" - }, - { - "name" : "ADV-2006-1214", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1214" - }, - { - "name" : "1015857", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015857" - }, - { - "name" : "websphere-http-header-dos(25619)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25619" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server 4.0.1 through 4.0.3 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a large header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "websphere-http-header-dos(25619)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25619" + }, + { + "name": "ADV-2006-1214", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1214" + }, + { + "name": "1015857", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015857" + }, + { + "name": "PQ62144", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21053738" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5121.json b/2006/5xxx/CVE-2006-5121.json index 669f2446bb4..ea28170f5d7 100644 --- a/2006/5xxx/CVE-2006-5121.json +++ b/2006/5xxx/CVE-2006-5121.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5121", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in modules/Downloads/admin.php in the Admin section of PostNuke 0.762 allows remote attackers to execute arbitrary SQL commands via the hits parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5121", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060929 Sql injection in PostNuke [Admin section]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447361/100/0/threaded" - }, - { - "name" : "http://community.postnuke.com/index.php?name=News&file=article&sid=2783", - "refsource" : "CONFIRM", - "url" : "http://community.postnuke.com/index.php?name=News&file=article&sid=2783" - }, - { - "name" : "20317", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20317" - }, - { - "name" : "ADV-2006-3886", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3886" - }, - { - "name" : "22197", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22197" - }, - { - "name" : "1669", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1669" - }, - { - "name" : "postnuke-admin-sql-injection(29271)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29271" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in modules/Downloads/admin.php in the Admin section of PostNuke 0.762 allows remote attackers to execute arbitrary SQL commands via the hits parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "postnuke-admin-sql-injection(29271)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29271" + }, + { + "name": "1669", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1669" + }, + { + "name": "http://community.postnuke.com/index.php?name=News&file=article&sid=2783", + "refsource": "CONFIRM", + "url": "http://community.postnuke.com/index.php?name=News&file=article&sid=2783" + }, + { + "name": "22197", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22197" + }, + { + "name": "20317", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20317" + }, + { + "name": "20060929 Sql injection in PostNuke [Admin section]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447361/100/0/threaded" + }, + { + "name": "ADV-2006-3886", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3886" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5303.json b/2006/5xxx/CVE-2006-5303.json index 70c6efba6ef..c05bfbdf32f 100644 --- a/2006/5xxx/CVE-2006-5303.json +++ b/2006/5xxx/CVE-2006-5303.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5303", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Secure Computing SafeWord RemoteAccess 2.1 allows local users to obtain the UserCenter webportal password, database encryption keys, and signing keys by reading (1) base-64 encoded data in SERVERS\\Web\\Tomcat\\usercenter\\WEB-INF\\login.conf and (2) plaintext data in SERVERS\\Shared\\signers.cfg. NOTE: the provenance of this information is unknown; the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5303", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20509", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20509" - }, - { - "name" : "22081", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22081" - }, - { - "name" : "safeword-login-signer-information-disclosure(29515)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29515" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Secure Computing SafeWord RemoteAccess 2.1 allows local users to obtain the UserCenter webportal password, database encryption keys, and signing keys by reading (1) base-64 encoded data in SERVERS\\Web\\Tomcat\\usercenter\\WEB-INF\\login.conf and (2) plaintext data in SERVERS\\Shared\\signers.cfg. NOTE: the provenance of this information is unknown; the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22081", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22081" + }, + { + "name": "20509", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20509" + }, + { + "name": "safeword-login-signer-information-disclosure(29515)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29515" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5415.json b/2006/5xxx/CVE-2006-5415.json index d7a7cdc1291..6ae5cd71229 100644 --- a/2006/5xxx/CVE-2006-5415.json +++ b/2006/5xxx/CVE-2006-5415.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5415", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in includes/functions_newshr.php in the News Defilante Horizontale 4.1.1 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5415", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061012 news defilante horizontale <= 4.1.1 Remote File Include Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/448655/100/0/threaded" - }, - { - "name" : "2545", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2545" - }, - { - "name" : "20233", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20233" - }, - { - "name" : "ADV-2006-4079", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4079" - }, - { - "name" : "22434", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22434" - }, - { - "name" : "1749", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1749" - }, - { - "name" : "newsdefilante-functionsnewshr-file-include(29570)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29570" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in includes/functions_newshr.php in the News Defilante Horizontale 4.1.1 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2545", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2545" + }, + { + "name": "ADV-2006-4079", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4079" + }, + { + "name": "newsdefilante-functionsnewshr-file-include(29570)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29570" + }, + { + "name": "20233", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20233" + }, + { + "name": "22434", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22434" + }, + { + "name": "1749", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1749" + }, + { + "name": "20061012 news defilante horizontale <= 4.1.1 Remote File Include Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/448655/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5487.json b/2006/5xxx/CVE-2006-5487.json index 04340942510..e14adec3340 100644 --- a/2006/5xxx/CVE-2006-5487.json +++ b/2006/5xxx/CVE-2006-5487.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5487", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Marshal MailMarshal SMTP 5.x, 6.x, and 2006, and MailMarshal for Exchange 5.x, allows remote attackers to write arbitrary files via \"..\" sequences in filenames in an ARJ compressed archive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5487", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061110 ZDI-06-039: Marshal MailMarshal ARJ Extraction Directory Traversal Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451143/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-06-039.html", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-06-039.html" - }, - { - "name" : "http://www.marshal.com/kb/article.aspx?id=11450", - "refsource" : "CONFIRM", - "url" : "http://www.marshal.com/kb/article.aspx?id=11450" - }, - { - "name" : "20999", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20999" - }, - { - "name" : "ADV-2006-4457", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4457" - }, - { - "name" : "1017209", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017209" - }, - { - "name" : "22806", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22806" - }, - { - "name" : "1857", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1857" - }, - { - "name" : "mailmarshal-arj-code-execution(30188)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30188" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Marshal MailMarshal SMTP 5.x, 6.x, and 2006, and MailMarshal for Exchange 5.x, allows remote attackers to write arbitrary files via \"..\" sequences in filenames in an ARJ compressed archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1857", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1857" + }, + { + "name": "mailmarshal-arj-code-execution(30188)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30188" + }, + { + "name": "22806", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22806" + }, + { + "name": "20999", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20999" + }, + { + "name": "1017209", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017209" + }, + { + "name": "20061110 ZDI-06-039: Marshal MailMarshal ARJ Extraction Directory Traversal Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451143/100/0/threaded" + }, + { + "name": "ADV-2006-4457", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4457" + }, + { + "name": "http://www.marshal.com/kb/article.aspx?id=11450", + "refsource": "CONFIRM", + "url": "http://www.marshal.com/kb/article.aspx?id=11450" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-06-039.html", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-039.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5580.json b/2006/5xxx/CVE-2006-5580.json index 324e4110f7d..78b3c4dcc09 100644 --- a/2006/5xxx/CVE-2006-5580.json +++ b/2006/5xxx/CVE-2006-5580.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5580", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5580", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2486.json b/2007/2xxx/CVE-2007-2486.json index c42a10de0b3..2da50116a36 100644 --- a/2007/2xxx/CVE-2007-2486.json +++ b/2007/2xxx/CVE-2007-2486.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2486", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in download.asp in Motobit 1.3 and 1.5 (aka PStruh-CZ) allows remote attackers to read arbitrary files via a .. (dot dot) in the File parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2486", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3831", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3831" - }, - { - "name" : "23757", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23757" - }, - { - "name" : "ADV-2007-1629", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1629" - }, - { - "name" : "38458", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38458" - }, - { - "name" : "pstruhcz-download-directory-traversal(34005)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34005" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in download.asp in Motobit 1.3 and 1.5 (aka PStruh-CZ) allows remote attackers to read arbitrary files via a .. (dot dot) in the File parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "pstruhcz-download-directory-traversal(34005)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34005" + }, + { + "name": "ADV-2007-1629", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1629" + }, + { + "name": "23757", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23757" + }, + { + "name": "38458", + "refsource": "OSVDB", + "url": "http://osvdb.org/38458" + }, + { + "name": "3831", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3831" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2809.json b/2007/2xxx/CVE-2007-2809.json index 47fa9713457..35538245b20 100644 --- a/2007/2xxx/CVE-2007-2809.json +++ b/2007/2xxx/CVE-2007-2809.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2809", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the transfer manager in Opera before 9.21 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted torrent file. NOTE: due to the lack of details, it is not clear if this is the same issue as CVE-2007-2274." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2809", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://isc.sans.org/diary.html?storyid=2823", - "refsource" : "MISC", - "url" : "http://isc.sans.org/diary.html?storyid=2823" - }, - { - "name" : "http://www.opera.com/support/search/view/860/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/support/search/view/860/" - }, - { - "name" : "24080", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24080" - }, - { - "name" : "36229", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36229" - }, - { - "name" : "ADV-2007-1888", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1888" - }, - { - "name" : "1018089", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018089" - }, - { - "name" : "25278", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25278" - }, - { - "name" : "opera-bittorrent-bo(34470)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34470" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the transfer manager in Opera before 9.21 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted torrent file. NOTE: due to the lack of details, it is not clear if this is the same issue as CVE-2007-2274." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-1888", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1888" + }, + { + "name": "1018089", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018089" + }, + { + "name": "http://isc.sans.org/diary.html?storyid=2823", + "refsource": "MISC", + "url": "http://isc.sans.org/diary.html?storyid=2823" + }, + { + "name": "http://www.opera.com/support/search/view/860/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/support/search/view/860/" + }, + { + "name": "36229", + "refsource": "OSVDB", + "url": "http://osvdb.org/36229" + }, + { + "name": "25278", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25278" + }, + { + "name": "24080", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24080" + }, + { + "name": "opera-bittorrent-bo(34470)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34470" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2930.json b/2007/2xxx/CVE-2007-2930.json index 65f7a0b2c5c..1230fc8cb9e 100644 --- a/2007/2xxx/CVE-2007-2930.json +++ b/2007/2xxx/CVE-2007-2930.json @@ -1,202 +1,202 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2930", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors. NOTE: this issue is different from CVE-2007-2926." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2007-2930", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070827 BIND 8 EOL and BIND 8 DNS Cache Poisoning (Amit Klein, Trusteer)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/477870/100/100/threaded" - }, - { - "name" : "20071001 Re: BIND 8 EOL and BIND 8 DNS Cache Poisoning (Amit Klein, Trusteer)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/481424/100/0/threaded" - }, - { - "name" : "20071006 Re: BIND 8 EOL and BIND 8 DNS Cache Poisoning (Amit Klein, Trusteer)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/481659/100/0/threaded" - }, - { - "name" : "http://www.trusteer.com/docs/bind8dns.html", - "refsource" : "MISC", - "url" : "http://www.trusteer.com/docs/bind8dns.html" - }, - { - "name" : "http://www.isc.org/index.pl?/sw/bind/bind8-eol.php", - "refsource" : "CONFIRM", - "url" : "http://www.isc.org/index.pl?/sw/bind/bind8-eol.php" - }, - { - "name" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=653968", - "refsource" : "CONFIRM", - "url" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=653968" - }, - { - "name" : "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2007/43/022954-01.pdf", - "refsource" : "CONFIRM", - "url" : "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2007/43/022954-01.pdf" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-448.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-448.htm" - }, - { - "name" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3975", - "refsource" : "CONFIRM", - "url" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3975" - }, - { - "name" : "HPSBUX02289", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01283837" - }, - { - "name" : "SSRT071461", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01283837" - }, - { - "name" : "103063", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103063-1" - }, - { - "name" : "200859", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200859-1" - }, - { - "name" : "VU#927905", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/927905" - }, - { - "name" : "R-333", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/r-333.shtml" - }, - { - "name" : "25459", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25459" - }, - { - "name" : "ADV-2007-3192", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3192" - }, - { - "name" : "ADV-2007-2991", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2991" - }, - { - "name" : "ADV-2007-3639", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3639" - }, - { - "name" : "ADV-2007-3668", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3668" - }, - { - "name" : "ADV-2007-3936", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3936" - }, - { - "name" : "oval:org.mitre.oval:def:2154", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2154" - }, - { - "name" : "1018615", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018615" - }, - { - "name" : "26629", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26629" - }, - { - "name" : "26858", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26858" - }, - { - "name" : "27433", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27433" - }, - { - "name" : "27459", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27459" - }, - { - "name" : "27465", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27465" - }, - { - "name" : "27696", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27696" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors. NOTE: this issue is different from CVE-2007-2926." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-448.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-448.htm" + }, + { + "name": "200859", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200859-1" + }, + { + "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=653968", + "refsource": "CONFIRM", + "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=653968" + }, + { + "name": "ADV-2007-3936", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3936" + }, + { + "name": "27433", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27433" + }, + { + "name": "20071001 Re: BIND 8 EOL and BIND 8 DNS Cache Poisoning (Amit Klein, Trusteer)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/481424/100/0/threaded" + }, + { + "name": "ADV-2007-3192", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3192" + }, + { + "name": "ADV-2007-2991", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2991" + }, + { + "name": "HPSBUX02289", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01283837" + }, + { + "name": "26629", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26629" + }, + { + "name": "1018615", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018615" + }, + { + "name": "http://www.trusteer.com/docs/bind8dns.html", + "refsource": "MISC", + "url": "http://www.trusteer.com/docs/bind8dns.html" + }, + { + "name": "27459", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27459" + }, + { + "name": "25459", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25459" + }, + { + "name": "ADV-2007-3668", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3668" + }, + { + "name": "27696", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27696" + }, + { + "name": "http://www.isc.org/index.pl?/sw/bind/bind8-eol.php", + "refsource": "CONFIRM", + "url": "http://www.isc.org/index.pl?/sw/bind/bind8-eol.php" + }, + { + "name": "20070827 BIND 8 EOL and BIND 8 DNS Cache Poisoning (Amit Klein, Trusteer)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/477870/100/100/threaded" + }, + { + "name": "27465", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27465" + }, + { + "name": "ADV-2007-3639", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3639" + }, + { + "name": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2007/43/022954-01.pdf", + "refsource": "CONFIRM", + "url": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2007/43/022954-01.pdf" + }, + { + "name": "26858", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26858" + }, + { + "name": "oval:org.mitre.oval:def:2154", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2154" + }, + { + "name": "VU#927905", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/927905" + }, + { + "name": "103063", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103063-1" + }, + { + "name": "SSRT071461", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01283837" + }, + { + "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3975", + "refsource": "CONFIRM", + "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3975" + }, + { + "name": "R-333", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/r-333.shtml" + }, + { + "name": "20071006 Re: BIND 8 EOL and BIND 8 DNS Cache Poisoning (Amit Klein, Trusteer)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/481659/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0108.json b/2010/0xxx/CVE-2010-0108.json index 0720d330b23..c60417304ee 100644 --- a/2010/0xxx/CVE-2010-0108.json +++ b/2010/0xxx/CVE-2010-0108.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0108", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the cliproxy.objects.1 ActiveX control in the Symantec Client Proxy (CLIproxy.dll) in Symantec AntiVirus 10.0.x, 10.1.x before MR9, and 10.2.x before MR4; and Symantec Client Security 3.0.x and 3.1.x before MR9 allows remote attackers to execute arbitrary code via a long argument to the SetRemoteComputerName function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0108", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100219 [DSECRG-09-039] Symantec Antivirus 10.0 ActiveX - buffer Overflow.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/509681/100/0/threaded" - }, - { - "name" : "http://dsecrg.com/pages/vul/show.php?id=139", - "refsource" : "MISC", - "url" : "http://dsecrg.com/pages/vul/show.php?id=139" - }, - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_02", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_02" - }, - { - "name" : "38222", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38222" - }, - { - "name" : "38651", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38651" - }, - { - "name" : "ADV-2010-0412", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0412" - }, - { - "name" : "scp-cliproxy-activex-bo(56355)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56355" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the cliproxy.objects.1 ActiveX control in the Symantec Client Proxy (CLIproxy.dll) in Symantec AntiVirus 10.0.x, 10.1.x before MR9, and 10.2.x before MR4; and Symantec Client Security 3.0.x and 3.1.x before MR9 allows remote attackers to execute arbitrary code via a long argument to the SetRemoteComputerName function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "scp-cliproxy-activex-bo(56355)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56355" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_02", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_02" + }, + { + "name": "20100219 [DSECRG-09-039] Symantec Antivirus 10.0 ActiveX - buffer Overflow.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/509681/100/0/threaded" + }, + { + "name": "http://dsecrg.com/pages/vul/show.php?id=139", + "refsource": "MISC", + "url": "http://dsecrg.com/pages/vul/show.php?id=139" + }, + { + "name": "38651", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38651" + }, + { + "name": "38222", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38222" + }, + { + "name": "ADV-2010-0412", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0412" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0152.json b/2010/0xxx/CVE-2010-0152.json index 48baf343d24..d73e45ee1ab 100644 --- a/2010/0xxx/CVE-2010-0152.json +++ b/2010/0xxx/CVE-2010-0152.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0152", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via (1) the date1 parameter to pvm_messagestore.php, (2) the userfilter parameter to pvm_user_management.php, (3) the ping parameter to sys_tools.php in a sys_ping.php action, (4) the action parameter to pvm_cert_commaction.php, (5) the action parameter to pvm_cert_serveraction.php, (6) the action parameter to pvm_smtpstore.php, (7) the l parameter to sla/index.php, or (8) unspecified stored data; and allow remote authenticated users to inject arbitrary web script or HTML via (9) saved search filters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0152", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100912 MVSA-10-007 / CVE-2010-0152 - IBM Proventia Mail Security System - Multiple persistent and reflected XSS vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/513629/100/0/threaded" - }, - { - "name" : "http://www.ventuneac.net/security-advisories/MVSA-10-007", - "refsource" : "MISC", - "url" : "http://www.ventuneac.net/security-advisories/MVSA-10-007" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via (1) the date1 parameter to pvm_messagestore.php, (2) the userfilter parameter to pvm_user_management.php, (3) the ping parameter to sys_tools.php in a sys_ping.php action, (4) the action parameter to pvm_cert_commaction.php, (5) the action parameter to pvm_cert_serveraction.php, (6) the action parameter to pvm_smtpstore.php, (7) the l parameter to sla/index.php, or (8) unspecified stored data; and allow remote authenticated users to inject arbitrary web script or HTML via (9) saved search filters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ventuneac.net/security-advisories/MVSA-10-007", + "refsource": "MISC", + "url": "http://www.ventuneac.net/security-advisories/MVSA-10-007" + }, + { + "name": "20100912 MVSA-10-007 / CVE-2010-0152 - IBM Proventia Mail Security System - Multiple persistent and reflected XSS vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/513629/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0160.json b/2010/0xxx/CVE-2010-0160.json index f0646679d14..db7e25b7fed 100644 --- a/2010/0xxx/CVE-2010-0160.json +++ b/2010/0xxx/CVE-2010-0160.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0160", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0160", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100402 ZDI-10-046: Mozilla Firefox Web Worker Array Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/510533/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-046", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-046" - }, - { - "name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-02.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-02.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=531222", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=531222" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=533000", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=533000" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=534051", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=534051" - }, - { - "name" : "DSA-1999", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-1999" - }, - { - "name" : "FEDORA-2010-1727", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html" - }, - { - "name" : "FEDORA-2010-1932", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html" - }, - { - "name" : "FEDORA-2010-1936", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html" - }, - { - "name" : "MDVSA-2010:042", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:042" - }, - { - "name" : "RHSA-2010:0112", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0112.html" - }, - { - "name" : "SUSE-SA:2010:015", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html" - }, - { - "name" : "USN-895-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-895-1" - }, - { - "name" : "USN-896-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-896-1" - }, - { - "name" : "oval:org.mitre.oval:def:11166", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11166" - }, - { - "name" : "oval:org.mitre.oval:def:8465", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8465" - }, - { - "name" : "37242", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37242" - }, - { - "name" : "38847", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38847" - }, - { - "name" : "ADV-2010-0405", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0405" - }, - { - "name" : "mozilla-webworkers-code-execution(56360)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56360" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-895-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-895-1" + }, + { + "name": "mozilla-webworkers-code-execution(56360)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56360" + }, + { + "name": "38847", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38847" + }, + { + "name": "SUSE-SA:2010:015", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html" + }, + { + "name": "MDVSA-2010:042", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:042" + }, + { + "name": "FEDORA-2010-1936", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html" + }, + { + "name": "RHSA-2010:0112", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0112.html" + }, + { + "name": "FEDORA-2010-1932", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html" + }, + { + "name": "oval:org.mitre.oval:def:8465", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8465" + }, + { + "name": "DSA-1999", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-1999" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=534051", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=534051" + }, + { + "name": "FEDORA-2010-1727", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-02.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-02.html" + }, + { + "name": "USN-896-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-896-1" + }, + { + "name": "ADV-2010-0405", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0405" + }, + { + "name": "37242", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37242" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=533000", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=533000" + }, + { + "name": "oval:org.mitre.oval:def:11166", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11166" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=531222", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=531222" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-046", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-046" + }, + { + "name": "20100402 ZDI-10-046: Mozilla Firefox Web Worker Array Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/510533/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0255.json b/2010/0xxx/CVE-2010-0255.json index 7c8aa36c139..757203a65f0 100644 --- a/2010/0xxx/CVE-2010-0255.json +++ b/2010/0xxx/CVE-2010-0255.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0255", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to a file://127.0.0.1 URL, aka the dynamic OBJECT tag vulnerability, as demonstrated by obtaining the data from an index.dat file, a variant of CVE-2009-1140 and related to CVE-2008-1448." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-0255", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100203 CORE-2009-0625: Internet Explorer Dynamic OBJECT tag and URLMON sniffing vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/509345/100/0/threaded" - }, - { - "name" : "http://isc.sans.org/diary.html?n&storyid=8152", - "refsource" : "MISC", - "url" : "http://isc.sans.org/diary.html?n&storyid=8152" - }, - { - "name" : "http://www.coresecurity.com/content/internet-explorer-dynamic-object-tag", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/content/internet-explorer-dynamic-object-tag" - }, - { - "name" : "http://blogs.technet.com/msrc/archive/2010/02/03/security-advisory-980088-released.aspx", - "refsource" : "CONFIRM", - "url" : "http://blogs.technet.com/msrc/archive/2010/02/03/security-advisory-980088-released.aspx" - }, - { - "name" : "http://www.microsoft.com/technet/security/advisory/980088.mspx", - "refsource" : "CONFIRM", - "url" : "http://www.microsoft.com/technet/security/advisory/980088.mspx" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100089747", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100089747" - }, - { - "name" : "MS10-035", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-035" - }, - { - "name" : "TA10-159B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-159B.html" - }, - { - "name" : "38055", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38055" - }, - { - "name" : "38056", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38056" - }, - { - "name" : "62156", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/62156" - }, - { - "name" : "oval:org.mitre.oval:def:7145", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7145" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to a file://127.0.0.1 URL, aka the dynamic OBJECT tag vulnerability, as demonstrated by obtaining the data from an index.dat file, a variant of CVE-2009-1140 and related to CVE-2008-1448." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100203 CORE-2009-0625: Internet Explorer Dynamic OBJECT tag and URLMON sniffing vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/509345/100/0/threaded" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100089747", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100089747" + }, + { + "name": "62156", + "refsource": "OSVDB", + "url": "http://osvdb.org/62156" + }, + { + "name": "38055", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38055" + }, + { + "name": "http://www.microsoft.com/technet/security/advisory/980088.mspx", + "refsource": "CONFIRM", + "url": "http://www.microsoft.com/technet/security/advisory/980088.mspx" + }, + { + "name": "MS10-035", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-035" + }, + { + "name": "http://www.coresecurity.com/content/internet-explorer-dynamic-object-tag", + "refsource": "MISC", + "url": "http://www.coresecurity.com/content/internet-explorer-dynamic-object-tag" + }, + { + "name": "TA10-159B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html" + }, + { + "name": "http://isc.sans.org/diary.html?n&storyid=8152", + "refsource": "MISC", + "url": "http://isc.sans.org/diary.html?n&storyid=8152" + }, + { + "name": "http://blogs.technet.com/msrc/archive/2010/02/03/security-advisory-980088-released.aspx", + "refsource": "CONFIRM", + "url": "http://blogs.technet.com/msrc/archive/2010/02/03/security-advisory-980088-released.aspx" + }, + { + "name": "oval:org.mitre.oval:def:7145", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7145" + }, + { + "name": "38056", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38056" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1050.json b/2010/1xxx/CVE-2010-1050.json index 3069cea0545..f30ba90ac68 100644 --- a/2010/1xxx/CVE-2010-1050.json +++ b/2010/1xxx/CVE-2010-1050.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1050", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in AudiStat 1.3 allows remote attackers to execute arbitrary SQL commands via the mday parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1050", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1002-exploits/audistats-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1002-exploits/audistats-sql.txt" - }, - { - "name" : "11334", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11334" - }, - { - "name" : "38494", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38494" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in AudiStat 1.3 allows remote attackers to execute arbitrary SQL commands via the mday parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38494", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38494" + }, + { + "name": "http://packetstormsecurity.org/1002-exploits/audistats-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1002-exploits/audistats-sql.txt" + }, + { + "name": "11334", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11334" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3212.json b/2010/3xxx/CVE-2010-3212.json index af2784ac980..2b29e810bbe 100644 --- a/2010/3xxx/CVE-2010-3212.json +++ b/2010/3xxx/CVE-2010-3212.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3212", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Seagull 0.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via the frmQuestion parameter in a retrieve action, in conjunction with a user/password PATH_INFO." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3212", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14838", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14838" - }, - { - "name" : "http://packetstormsecurity.org/1008-exploits/seagull-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1008-exploits/seagull-sql.txt" - }, - { - "name" : "67689", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/67689" - }, - { - "name" : "41169", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41169" - }, - { - "name" : "seagull-index-sql-injection(61469)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Seagull 0.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via the frmQuestion parameter in a retrieve action, in conjunction with a user/password PATH_INFO." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "67689", + "refsource": "OSVDB", + "url": "http://osvdb.org/67689" + }, + { + "name": "14838", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14838" + }, + { + "name": "http://packetstormsecurity.org/1008-exploits/seagull-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1008-exploits/seagull-sql.txt" + }, + { + "name": "seagull-index-sql-injection(61469)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61469" + }, + { + "name": "41169", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41169" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3335.json b/2010/3xxx/CVE-2010-3335.json index e2579f8544b..7f208f2214b 100644 --- a/2010/3xxx/CVE-2010-3335.json +++ b/2010/3xxx/CVE-2010-3335.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3335", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka \"Drawing Exception Handling Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-3335", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-087", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-087" - }, - { - "name" : "TA10-313A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-313A.html" - }, - { - "name" : "44659", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44659" - }, - { - "name" : "oval:org.mitre.oval:def:11739", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11739" - }, - { - "name" : "1024705", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024705" - }, - { - "name" : "38521", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38521" - }, - { - "name" : "42144", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42144" - }, - { - "name" : "ADV-2010-2923", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2923" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka \"Drawing Exception Handling Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024705", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024705" + }, + { + "name": "oval:org.mitre.oval:def:11739", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11739" + }, + { + "name": "42144", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42144" + }, + { + "name": "44659", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44659" + }, + { + "name": "38521", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38521" + }, + { + "name": "ADV-2010-2923", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2923" + }, + { + "name": "MS10-087", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-087" + }, + { + "name": "TA10-313A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-313A.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3824.json b/2010/3xxx/CVE-2010-3824.json index 1711e4e065c..4b6b16e20e0 100644 --- a/2010/3xxx/CVE-2010-3824.json +++ b/2010/3xxx/CVE-2010-3824.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3824", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving SVG use elements." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-3824", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4455", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4455" - }, - { - "name" : "http://support.apple.com/kb/HT4456", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4456" - }, - { - "name" : "APPLE-SA-2010-11-18-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html" - }, - { - "name" : "APPLE-SA-2010-11-22-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "oval:org.mitre.oval:def:12300", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12300" - }, - { - "name" : "42314", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42314" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2010-3046", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3046" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - }, - { - "name" : "safari-use-elements-code-execution(63363)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/63363" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving SVG use elements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:12300", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12300" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "http://support.apple.com/kb/HT4455", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4455" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "ADV-2010-3046", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3046" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "APPLE-SA-2010-11-18-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html" + }, + { + "name": "42314", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42314" + }, + { + "name": "http://support.apple.com/kb/HT4456", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4456" + }, + { + "name": "safari-use-elements-code-execution(63363)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63363" + }, + { + "name": "APPLE-SA-2010-11-22-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3940.json b/2010/3xxx/CVE-2010-3940.json index 90fa08fbef4..450c819b124 100644 --- a/2010/3xxx/CVE-2010-3940.json +++ b/2010/3xxx/CVE-2010-3940.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3940", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka \"Win32k PFE Pointer Double Free Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-3940", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-098", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-098" - }, - { - "name" : "TA10-348A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-348A.html" - }, - { - "name" : "oval:org.mitre.oval:def:12194", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12194" - }, - { - "name" : "1024880", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024880" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka \"Win32k PFE Pointer Double Free Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-348A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html" + }, + { + "name": "MS10-098", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-098" + }, + { + "name": "1024880", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024880" + }, + { + "name": "oval:org.mitre.oval:def:12194", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12194" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4076.json b/2010/4xxx/CVE-2010-4076.json index e20552f0809..89c5bf7d21f 100644 --- a/2010/4xxx/CVE-2010-4076.json +++ b/2010/4xxx/CVE-2010-4076.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4076", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The rs_ioctl function in drivers/char/amiserial.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4076", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20100915 [PATCH] drivers/char/amiserial.c: prevent reading uninitialized stack memory", - "refsource" : "MLIST", - "url" : "http://lkml.org/lkml/2010/9/15/389" - }, - { - "name" : "[oss-security] 20100925 CVE request: multiple kernel stack memory disclosures", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/25/2" - }, - { - "name" : "[oss-security] 20101006 Re: CVE request: multiple kernel stack memory disclosures", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/10/07/1" - }, - { - "name" : "[oss-security] 20101006 Re: CVE request: multiple kernel stack memory disclosures", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/10/06/6" - }, - { - "name" : "[oss-security] 20101025 Re: CVE request: multiple kernel stack memory disclosures", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/10/25/3" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d281da7ff6f70efca0553c288bb883e8605b3862", - "refsource" : "MISC", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d281da7ff6f70efca0553c288bb883e8605b3862" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=648661", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=648661" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The rs_ioctl function in drivers/char/amiserial.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20100925 CVE request: multiple kernel stack memory disclosures", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/25/2" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d281da7ff6f70efca0553c288bb883e8605b3862", + "refsource": "MISC", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d281da7ff6f70efca0553c288bb883e8605b3862" + }, + { + "name": "[oss-security] 20101006 Re: CVE request: multiple kernel stack memory disclosures", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/10/06/6" + }, + { + "name": "[linux-kernel] 20100915 [PATCH] drivers/char/amiserial.c: prevent reading uninitialized stack memory", + "refsource": "MLIST", + "url": "http://lkml.org/lkml/2010/9/15/389" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=648661", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=648661" + }, + { + "name": "[oss-security] 20101006 Re: CVE request: multiple kernel stack memory disclosures", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/10/07/1" + }, + { + "name": "[oss-security] 20101025 Re: CVE request: multiple kernel stack memory disclosures", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/10/25/3" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4085.json b/2010/4xxx/CVE-2010-4085.json index b15b2b705ea..3b108396ef4 100644 --- a/2010/4xxx/CVE-2010-4085.json +++ b/2010/4xxx/CVE-2010-4085.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4085", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2581, CVE-2010-4084, CVE-2010-4086, and CVE-2010-4088." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-4085", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-25.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-25.html" - }, - { - "name" : "oval:org.mitre.oval:def:11518", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11518" - }, - { - "name" : "1024664", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024664" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2581, CVE-2010-4084, CVE-2010-4086, and CVE-2010-4088." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024664", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024664" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-25.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-25.html" + }, + { + "name": "oval:org.mitre.oval:def:11518", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11518" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4240.json b/2010/4xxx/CVE-2010-4240.json index 6d372da302d..e6513103fb5 100644 --- a/2010/4xxx/CVE-2010-4240.json +++ b/2010/4xxx/CVE-2010-4240.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4240", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4240", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4444.json b/2010/4xxx/CVE-2010-4444.json index 105e7cc80d5..78ac010193a 100644 --- a/2010/4xxx/CVE-2010-4444.json +++ b/2010/4xxx/CVE-2010-4444.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4444", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Sun Java System Access Manager and Oracle OpenSSO 7, 7.1, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-4444", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" - }, - { - "name" : "45884", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45884" - }, - { - "name" : "70579", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70579" - }, - { - "name" : "70580", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70580" - }, - { - "name" : "42986", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42986" - }, - { - "name" : "ADV-2011-0153", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0153" - }, - { - "name" : "oracle-sso-java-unauth-access(64811)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64811" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Sun Java System Access Manager and Oracle OpenSSO 7, 7.1, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45884", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45884" + }, + { + "name": "70580", + "refsource": "OSVDB", + "url": "http://osvdb.org/70580" + }, + { + "name": "42986", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42986" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" + }, + { + "name": "oracle-sso-java-unauth-access(64811)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64811" + }, + { + "name": "ADV-2011-0153", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0153" + }, + { + "name": "70579", + "refsource": "OSVDB", + "url": "http://osvdb.org/70579" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4603.json b/2010/4xxx/CVE-2010-4603.json index 6b89b9ffbde..13c27fe2fa7 100644 --- a/2010/4xxx/CVE-2010-4603.json +++ b/2010/4xxx/CVE-2010-4603.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4603", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 does not prevent modification of back-reference fields, which allows remote authenticated users to interfere with intended record relationships, and possibly cause a denial of service (loop) or have unspecified other impact, by (1) adding or (2) removing a back reference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4603", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme", - "refsource" : "CONFIRM", - "url" : "ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21125139", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21125139" - }, - { - "name" : "PM22186", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM22186" - }, - { - "name" : "45648", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45648" - }, - { - "name" : "clearquest-back-reference-sec-bypass(64439)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64439" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 does not prevent modification of back-reference fields, which allows remote authenticated users to interfere with intended record relationships, and possibly cause a denial of service (loop) or have unspecified other impact, by (1) adding or (2) removing a back reference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "clearquest-back-reference-sec-bypass(64439)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64439" + }, + { + "name": "PM22186", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM22186" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21125139", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21125139" + }, + { + "name": "ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme", + "refsource": "CONFIRM", + "url": "ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme" + }, + { + "name": "45648", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45648" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0054.json b/2014/0xxx/CVE-2014-0054.json index 58a8338e818..66288774dc9 100644 --- a/2014/0xxx/CVE-2014-0054.json +++ b/2014/0xxx/CVE-2014-0054.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0054", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0054", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jira.spring.io/browse/SPR-11376", - "refsource" : "CONFIRM", - "url" : "https://jira.spring.io/browse/SPR-11376" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "RHSA-2014:0400", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0400.html" - }, - { - "name" : "66148", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66148" - }, - { - "name" : "57915", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57915" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "66148", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66148" + }, + { + "name": "https://jira.spring.io/browse/SPR-11376", + "refsource": "CONFIRM", + "url": "https://jira.spring.io/browse/SPR-11376" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + }, + { + "name": "RHSA-2014:0400", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0400.html" + }, + { + "name": "57915", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57915" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0207.json b/2014/0xxx/CVE-2014-0207.json index 4e7f108382a..83eb44bfd5c 100644 --- a/2014/0xxx/CVE-2014-0207.json +++ b/2014/0xxx/CVE-2014-0207.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0207", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0207", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[file] 20140612 file-5.19 is now available", - "refsource" : "MLIST", - "url" : "http://mx.gw.com/pipermail/file/2014/001553.html" - }, - { - "name" : "http://www.php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php" - }, - { - "name" : "https://bugs.php.net/bug.php?id=67326", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=67326" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1091842", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1091842" - }, - { - "name" : "https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391", - "refsource" : "CONFIRM", - "url" : "https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391" - }, - { - "name" : "http://support.apple.com/kb/HT6443", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6443" - }, - { - "name" : "https://support.apple.com/HT204659", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204659" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" - }, - { - "name" : "APPLE-SA-2015-04-08-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" - }, - { - "name" : "DSA-2974", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2974" - }, - { - "name" : "DSA-3021", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3021" - }, - { - "name" : "HPSBUX03102", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141017844705317&w=2" - }, - { - "name" : "SSRT101681", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141017844705317&w=2" - }, - { - "name" : "RHSA-2014:1765", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1765.html" - }, - { - "name" : "RHSA-2014:1766", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1766.html" - }, - { - "name" : "openSUSE-SU-2014:1236", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html" - }, - { - "name" : "68243", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68243" - }, - { - "name" : "59794", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59794" - }, - { - "name" : "59831", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59831" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1091842", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091842" + }, + { + "name": "https://support.apple.com/HT204659", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204659" + }, + { + "name": "68243", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68243" + }, + { + "name": "RHSA-2014:1766", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html" + }, + { + "name": "DSA-3021", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3021" + }, + { + "name": "HPSBUX03102", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141017844705317&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" + }, + { + "name": "DSA-2974", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2974" + }, + { + "name": "59794", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59794" + }, + { + "name": "http://www.php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php" + }, + { + "name": "[file] 20140612 file-5.19 is now available", + "refsource": "MLIST", + "url": "http://mx.gw.com/pipermail/file/2014/001553.html" + }, + { + "name": "https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391", + "refsource": "CONFIRM", + "url": "https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391" + }, + { + "name": "https://bugs.php.net/bug.php?id=67326", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=67326" + }, + { + "name": "APPLE-SA-2015-04-08-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" + }, + { + "name": "http://support.apple.com/kb/HT6443", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6443" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" + }, + { + "name": "RHSA-2014:1765", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html" + }, + { + "name": "SSRT101681", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141017844705317&w=2" + }, + { + "name": "59831", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59831" + }, + { + "name": "openSUSE-SU-2014:1236", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0265.json b/2014/0xxx/CVE-2014-0265.json index 666d5cfd7db..58ae8fa5732 100644 --- a/2014/0xxx/CVE-2014-0265.json +++ b/2014/0xxx/CVE-2014-0265.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0265", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-0265", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0696.json b/2014/0xxx/CVE-2014-0696.json index 2d0aa76c68f..00e21bec367 100644 --- a/2014/0xxx/CVE-2014-0696.json +++ b/2014/0xxx/CVE-2014-0696.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0696", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-0696", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0898.json b/2014/0xxx/CVE-2014-0898.json index 5ab133c352d..79463ce5439 100644 --- a/2014/0xxx/CVE-2014-0898.json +++ b/2014/0xxx/CVE-2014-0898.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0898", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-0898", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4027.json b/2014/4xxx/CVE-2014-4027.json index 2d4952ef29b..555a1881881 100644 --- a/2014/4xxx/CVE-2014-4027.json +++ b/2014/4xxx/CVE-2014-4027.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4027", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4027", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140611 Re: CVE request: Linux kernel / target information leak", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/06/11/1" - }, - { - "name" : "[target-devel] 20140616 [PATCH] target: Explicitly clear ramdisk_mcp backend pages", - "refsource" : "MLIST", - "url" : "http://permalink.gmane.org/gmane.linux.scsi.target.devel/6618" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1108744", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1108744" - }, - { - "name" : "https://github.com/torvalds/linux/commit/4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc" - }, - { - "name" : "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html" - }, - { - "name" : "SUSE-SU-2014:1316", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html" - }, - { - "name" : "SUSE-SU-2014:1319", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html" - }, - { - "name" : "USN-2334-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2334-1" - }, - { - "name" : "USN-2335-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2335-1" - }, - { - "name" : "59777", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59777" - }, - { - "name" : "60564", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60564" - }, - { - "name" : "61310", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61310" - }, - { - "name" : "59134", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59134" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2014:1316", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html" + }, + { + "name": "59134", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59134" + }, + { + "name": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html", + "refsource": "CONFIRM", + "url": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1108744", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1108744" + }, + { + "name": "USN-2335-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2335-1" + }, + { + "name": "USN-2334-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2334-1" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc" + }, + { + "name": "SUSE-SU-2014:1319", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html" + }, + { + "name": "60564", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60564" + }, + { + "name": "https://github.com/torvalds/linux/commit/4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc" + }, + { + "name": "59777", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59777" + }, + { + "name": "61310", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61310" + }, + { + "name": "[oss-security] 20140611 Re: CVE request: Linux kernel / target information leak", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/06/11/1" + }, + { + "name": "[target-devel] 20140616 [PATCH] target: Explicitly clear ramdisk_mcp backend pages", + "refsource": "MLIST", + "url": "http://permalink.gmane.org/gmane.linux.scsi.target.devel/6618" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4307.json b/2014/4xxx/CVE-2014-4307.json index e1d870303da..191b57bfb2f 100644 --- a/2014/4xxx/CVE-2014-4307.json +++ b/2014/4xxx/CVE-2014-4307.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4307", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in categories-x.php in WebTitan before 4.04 allows remote attackers to execute arbitrary SQL commands via the sortkey parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4307", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/126984/WebTitan-4.01-Build-68-SQL-Injection-Command-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/126984/WebTitan-4.01-Build-68-SQL-Injection-Command-Execution.html" - }, - { - "name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140606-0_WebTitan_Multiple_Vulnerabilities_v10.txt", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140606-0_WebTitan_Multiple_Vulnerabilities_v10.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in categories-x.php in WebTitan before 4.04 allows remote attackers to execute arbitrary SQL commands via the sortkey parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140606-0_WebTitan_Multiple_Vulnerabilities_v10.txt", + "refsource": "MISC", + "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140606-0_WebTitan_Multiple_Vulnerabilities_v10.txt" + }, + { + "name": "http://packetstormsecurity.com/files/126984/WebTitan-4.01-Build-68-SQL-Injection-Command-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/126984/WebTitan-4.01-Build-68-SQL-Injection-Command-Execution.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4489.json b/2014/4xxx/CVE-2014-4489.json index f603d0fab21..e91a2b57c9e 100644 --- a/2014/4xxx/CVE-2014-4489.json +++ b/2014/4xxx/CVE-2014-4489.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4489", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/HT204244", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204244" - }, - { - "name" : "http://support.apple.com/HT204245", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204245" - }, - { - "name" : "http://support.apple.com/HT204246", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204246" - }, - { - "name" : "APPLE-SA-2015-01-27-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html" - }, - { - "name" : "APPLE-SA-2015-01-27-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-01-27-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" - }, - { - "name" : "1031650", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031650" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/HT204245", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204245" + }, + { + "name": "http://support.apple.com/HT204246", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204246" + }, + { + "name": "1031650", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031650" + }, + { + "name": "APPLE-SA-2015-01-27-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html" + }, + { + "name": "http://support.apple.com/HT204244", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204244" + }, + { + "name": "APPLE-SA-2015-01-27-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html" + }, + { + "name": "APPLE-SA-2015-01-27-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4633.json b/2014/4xxx/CVE-2014-4633.json index efc223b1c2d..7439ed6787a 100644 --- a/2014/4xxx/CVE-2014-4633.json +++ b/2014/4xxx/CVE-2014-4633.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4633", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2014-4633", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141212 ESA-2014-163: RSA Archer GRC Platform Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-12/0073.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141212 ESA-2014-163: RSA Archer GRC Platform Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-12/0073.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8639.json b/2014/8xxx/CVE-2014-8639.json index 028fa50945f..5d5b40ca7a1 100644 --- a/2014/8xxx/CVE-2014-8639.json +++ b/2014/8xxx/CVE-2014-8639.json @@ -1,252 +1,252 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8639", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2014-8639", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2014/mfsa2015-04.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2014/mfsa2015-04.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1095859", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1095859" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2015-0046.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2015-0046.html" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2015-0047.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2015-0047.html" - }, - { - "name" : "DSA-3127", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3127" - }, - { - "name" : "DSA-3132", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3132" - }, - { - "name" : "GLSA-201504-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-01" - }, - { - "name" : "RHSA-2015:0046", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0046.html" - }, - { - "name" : "RHSA-2015:0047", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0047.html" - }, - { - "name" : "openSUSE-SU-2015:0133", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-01/msg00071.html" - }, - { - "name" : "openSUSE-SU-2015:0077", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html" - }, - { - "name" : "openSUSE-SU-2015:0192", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html" - }, - { - "name" : "SUSE-SU-2015:0171", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html" - }, - { - "name" : "SUSE-SU-2015:0173", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html" - }, - { - "name" : "SUSE-SU-2015:0180", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html" - }, - { - "name" : "openSUSE-SU-2015:1266", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" - }, - { - "name" : "USN-2460-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2460-1" - }, - { - "name" : "72046", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72046" - }, - { - "name" : "1031533", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031533" - }, - { - "name" : "1031534", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031534" - }, - { - "name" : "62237", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62237" - }, - { - "name" : "62242", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62242" - }, - { - "name" : "62250", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62250" - }, - { - "name" : "62446", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62446" - }, - { - "name" : "62657", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62657" - }, - { - "name" : "62790", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62790" - }, - { - "name" : "62253", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62253" - }, - { - "name" : "62273", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62273" - }, - { - "name" : "62274", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62274" - }, - { - "name" : "62293", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62293" - }, - { - "name" : "62304", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62304" - }, - { - "name" : "62313", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62313" - }, - { - "name" : "62315", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62315" - }, - { - "name" : "62316", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62316" - }, - { - "name" : "62259", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62259" - }, - { - "name" : "62283", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62283" - }, - { - "name" : "62418", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62418" - }, - { - "name" : "firefox-cve20148639-session-hijacking(99959)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99959" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:0046", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0046.html" + }, + { + "name": "62242", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62242" + }, + { + "name": "1031533", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031533" + }, + { + "name": "USN-2460-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2460-1" + }, + { + "name": "openSUSE-SU-2015:0192", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html" + }, + { + "name": "62304", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62304" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2015-0047.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2015-0047.html" + }, + { + "name": "62259", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62259" + }, + { + "name": "62250", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62250" + }, + { + "name": "SUSE-SU-2015:0173", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html" + }, + { + "name": "62237", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62237" + }, + { + "name": "openSUSE-SU-2015:0077", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html" + }, + { + "name": "62418", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62418" + }, + { + "name": "SUSE-SU-2015:0171", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html" + }, + { + "name": "62316", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62316" + }, + { + "name": "DSA-3132", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3132" + }, + { + "name": "62274", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62274" + }, + { + "name": "firefox-cve20148639-session-hijacking(99959)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99959" + }, + { + "name": "GLSA-201504-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-01" + }, + { + "name": "62313", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62313" + }, + { + "name": "RHSA-2015:0047", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0047.html" + }, + { + "name": "62790", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62790" + }, + { + "name": "62293", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62293" + }, + { + "name": "62283", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62283" + }, + { + "name": "62446", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62446" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" + }, + { + "name": "62657", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62657" + }, + { + "name": "62273", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62273" + }, + { + "name": "http://www.mozilla.org/security/announce/2014/mfsa2015-04.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2014/mfsa2015-04.html" + }, + { + "name": "openSUSE-SU-2015:0133", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00071.html" + }, + { + "name": "openSUSE-SU-2015:1266", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" + }, + { + "name": "DSA-3127", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3127" + }, + { + "name": "SUSE-SU-2015:0180", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html" + }, + { + "name": "62315", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62315" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2015-0046.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2015-0046.html" + }, + { + "name": "62253", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62253" + }, + { + "name": "1031534", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031534" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1095859", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1095859" + }, + { + "name": "72046", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72046" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9157.json b/2014/9xxx/CVE-2014-9157.json index 608f48078d3..c6475488540 100644 --- a/2014/9xxx/CVE-2014-9157.json +++ b/2014/9xxx/CVE-2014-9157.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9157", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9157", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141125 CVE Request: Graphviz format string vuln", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q4/784" - }, - { - "name" : "[oss-security] 20141201 Re: Re: CVE Request: Graphviz format string vuln", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q4/872" - }, - { - "name" : "https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081", - "refsource" : "CONFIRM", - "url" : "https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0520.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0520.html" - }, - { - "name" : "DSA-3098", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3098" - }, - { - "name" : "MDVSA-2014:248", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:248" - }, - { - "name" : "MDVSA-2015:187", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:187" - }, - { - "name" : "71283", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71283" - }, - { - "name" : "60166", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60166" - }, - { - "name" : "graphviz-format-sting(98949)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98949" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2014:248", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:248" + }, + { + "name": "graphviz-format-sting(98949)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98949" + }, + { + "name": "MDVSA-2015:187", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:187" + }, + { + "name": "[oss-security] 20141201 Re: Re: CVE Request: Graphviz format string vuln", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q4/872" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0520.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0520.html" + }, + { + "name": "71283", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71283" + }, + { + "name": "https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081", + "refsource": "CONFIRM", + "url": "https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081" + }, + { + "name": "DSA-3098", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3098" + }, + { + "name": "60166", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60166" + }, + { + "name": "[oss-security] 20141125 CVE Request: Graphviz format string vuln", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q4/784" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9355.json b/2014/9xxx/CVE-2014-9355.json index e9f26f13b13..dad2e9f7bed 100644 --- a/2014/9xxx/CVE-2014-9355.json +++ b/2014/9xxx/CVE-2014-9355.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9355", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Puppet Enterprise before 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information by leveraging access to an unspecified API endpoint." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9355", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://puppetlabs.com/security/cve/cve-2014-9355", - "refsource" : "CONFIRM", - "url" : "http://puppetlabs.com/security/cve/cve-2014-9355" - }, - { - "name" : "61265", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61265" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Puppet Enterprise before 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information by leveraging access to an unspecified API endpoint." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://puppetlabs.com/security/cve/cve-2014-9355", + "refsource": "CONFIRM", + "url": "http://puppetlabs.com/security/cve/cve-2014-9355" + }, + { + "name": "61265", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61265" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9557.json b/2014/9xxx/CVE-2014-9557.json index 62b23a97dcf..f368dd6261c 100644 --- a/2014/9xxx/CVE-2014-9557.json +++ b/2014/9xxx/CVE-2014-9557.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9557", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in SmartCMS v.2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9557", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150122 CVE-2014-9557 SmartCMS Multiple XSS (Cross-Site Scripting) Security Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jan/97" - }, - { - "name" : "http://packetstormsecurity.com/files/130076/SmartCMS-2-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130076/SmartCMS-2-Cross-Site-Scripting.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in SmartCMS v.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150122 CVE-2014-9557 SmartCMS Multiple XSS (Cross-Site Scripting) Security Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jan/97" + }, + { + "name": "http://packetstormsecurity.com/files/130076/SmartCMS-2-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130076/SmartCMS-2-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9564.json b/2014/9xxx/CVE-2014-9564.json index 4533d9114c8..a21ee9b7b80 100644 --- a/2014/9xxx/CVE-2014-9564.json +++ b/2014/9xxx/CVE-2014-9564.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9564", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware before 3.4.1110 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks and resulting web cache poisoning or cross-site scripting (XSS) attacks, or obtain sensitive information via multiple unspecified parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5098173", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5098173" - }, - { - "name" : "74931", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74931" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware before 3.4.1110 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks and resulting web cache poisoning or cross-site scripting (XSS) attacks, or obtain sensitive information via multiple unspecified parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5098173", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5098173" + }, + { + "name": "74931", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74931" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9735.json b/2014/9xxx/CVE-2014-9735.json index 74970c024e8..2a9528ba3b6 100644 --- a/2014/9xxx/CVE-2014-9735.json +++ b/2014/9xxx/CVE-2014-9735.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9735", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to (1) upload and execute arbitrary files via an update_plugin action; (2) delete arbitrary sliders via a delete_slider action; and (3) create, (4) update, (5) import, or (6) export arbitrary sliders via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9735", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20151125 Slider Revolution/Showbiz Pro shell upload exploit", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Nov/78" - }, - { - "name" : "https://blog.sucuri.net/2014/12/revslider-vulnerability-leads-to-massive-wordpress-soaksoak-compromise.html", - "refsource" : "MISC", - "url" : "https://blog.sucuri.net/2014/12/revslider-vulnerability-leads-to-massive-wordpress-soaksoak-compromise.html" - }, - { - "name" : "https://plugins.trac.wordpress.org/browser/patch-for-revolution-slider/trunk/revsliderpatch.php", - "refsource" : "MISC", - "url" : "https://plugins.trac.wordpress.org/browser/patch-for-revolution-slider/trunk/revsliderpatch.php" - }, - { - "name" : "https://whatisgon.wordpress.com/2014/11/30/another-revslider-vulnerability/", - "refsource" : "MISC", - "url" : "https://whatisgon.wordpress.com/2014/11/30/another-revslider-vulnerability/" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/7954", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/7954" - }, - { - "name" : "http://www.themepunch.com/products/old-revolution-slider-pre-4-2-vulnerabilty-explained/", - "refsource" : "CONFIRM", - "url" : "http://www.themepunch.com/products/old-revolution-slider-pre-4-2-vulnerabilty-explained/" - }, - { - "name" : "71306", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71306" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to (1) upload and execute arbitrary files via an update_plugin action; (2) delete arbitrary sliders via a delete_slider action; and (3) create, (4) update, (5) import, or (6) export arbitrary sliders via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wpvulndb.com/vulnerabilities/7954", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/7954" + }, + { + "name": "https://blog.sucuri.net/2014/12/revslider-vulnerability-leads-to-massive-wordpress-soaksoak-compromise.html", + "refsource": "MISC", + "url": "https://blog.sucuri.net/2014/12/revslider-vulnerability-leads-to-massive-wordpress-soaksoak-compromise.html" + }, + { + "name": "http://www.themepunch.com/products/old-revolution-slider-pre-4-2-vulnerabilty-explained/", + "refsource": "CONFIRM", + "url": "http://www.themepunch.com/products/old-revolution-slider-pre-4-2-vulnerabilty-explained/" + }, + { + "name": "20151125 Slider Revolution/Showbiz Pro shell upload exploit", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Nov/78" + }, + { + "name": "71306", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71306" + }, + { + "name": "https://plugins.trac.wordpress.org/browser/patch-for-revolution-slider/trunk/revsliderpatch.php", + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/patch-for-revolution-slider/trunk/revsliderpatch.php" + }, + { + "name": "https://whatisgon.wordpress.com/2014/11/30/another-revslider-vulnerability/", + "refsource": "MISC", + "url": "https://whatisgon.wordpress.com/2014/11/30/another-revslider-vulnerability/" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9848.json b/2014/9xxx/CVE-2014-9848.json index c2261ed681b..097ce60f963 100644 --- a/2014/9xxx/CVE-2014-9848.json +++ b/2014/9xxx/CVE-2014-9848.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9848", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9848", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160602 Re: ImageMagick CVEs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/02/13" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343507", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343507" - }, - { - "name" : "SUSE-SU-2016:1784", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html" - }, - { - "name" : "SUSE-SU-2016:3258", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00093.html" - }, - { - "name" : "openSUSE-SU-2016:1748", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html" - }, - { - "name" : "openSUSE-SU-2016:1833", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html" - }, - { - "name" : "openSUSE-SU-2017:0023", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00006.html" - }, - { - "name" : "USN-3131-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3131-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2016:1833", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html" + }, + { + "name": "openSUSE-SU-2017:0023", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00006.html" + }, + { + "name": "[oss-security] 20160602 Re: ImageMagick CVEs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" + }, + { + "name": "openSUSE-SU-2016:1748", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html" + }, + { + "name": "SUSE-SU-2016:1784", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html" + }, + { + "name": "SUSE-SU-2016:3258", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00093.html" + }, + { + "name": "USN-3131-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3131-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343507", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343507" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3409.json b/2016/3xxx/CVE-2016-3409.json index 989bf501b0d..fed62d6bcaf 100644 --- a/2016/3xxx/CVE-2016-3409.json +++ b/2016/3xxx/CVE-2016-3409.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3409", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 102637." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3409", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0", - "refsource" : "CONFIRM", - "url" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0" - }, - { - "name" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", - "refsource" : "CONFIRM", - "url" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" - }, - { - "name" : "95896", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95896" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 102637." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0", + "refsource": "CONFIRM", + "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0" + }, + { + "name": "95896", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95896" + }, + { + "name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", + "refsource": "CONFIRM", + "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3835.json b/2016/3xxx/CVE-2016-3835.json index 928627d8156..5142092ac56 100644 --- a/2016/3xxx/CVE-2016-3835.json +++ b/2016/3xxx/CVE-2016-3835.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3835", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 28920116." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3835", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-08-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-08-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/hardware/qcom/media/+/7558d03e6498e970b761aa44fff6b2c659202d95", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/hardware/qcom/media/+/7558d03e6498e970b761aa44fff6b2c659202d95" - }, - { - "name" : "92233", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92233" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 28920116." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-08-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-08-01.html" + }, + { + "name": "https://android.googlesource.com/platform/hardware/qcom/media/+/7558d03e6498e970b761aa44fff6b2c659202d95", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/hardware/qcom/media/+/7558d03e6498e970b761aa44fff6b2c659202d95" + }, + { + "name": "92233", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92233" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6127.json b/2016/6xxx/CVE-2016-6127.json index a95ceffeaac..a451d84fd49 100644 --- a/2016/6xxx/CVE-2016-6127.json +++ b/2016/6xxx/CVE-2016-6127.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6127", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2, when the AlwaysDownloadAttachments config setting is not in use, allows remote attackers to inject arbitrary web script or HTML via a file upload with an unspecified content type." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6127", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016", - "refsource" : "CONFIRM", - "url" : "https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016" - }, - { - "name" : "DSA-3882", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3882" - }, - { - "name" : "99375", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99375" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2, when the AlwaysDownloadAttachments config setting is not in use, allows remote attackers to inject arbitrary web script or HTML via a file upload with an unspecified content type." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016", + "refsource": "CONFIRM", + "url": "https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016" + }, + { + "name": "99375", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99375" + }, + { + "name": "DSA-3882", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3882" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6252.json b/2016/6xxx/CVE-2016-6252.json index fbddcbc15d4..a74f981fea1 100644 --- a/2016/6xxx/CVE-2016-6252.json +++ b/2016/6xxx/CVE-2016-6252.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6252", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6252", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160719 Re: subuid security patches for shadow package", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/19/7" - }, - { - "name" : "[oss-security] 20160719 subuid security patches for shadow package", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/19/6" - }, - { - "name" : "[oss-security] 20160720 Re: subuid security patches for shadow package", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/20/2" - }, - { - "name" : "[oss-security] 20160725 Re: Re: [Pkg-shadow-devel] subuid security patches for shadow package", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/25/7" - }, - { - "name" : "https://bugzilla.suse.com/show_bug.cgi?id=979282", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.suse.com/show_bug.cgi?id=979282" - }, - { - "name" : "https://github.com/shadow-maint/shadow/issues/27", - "refsource" : "CONFIRM", - "url" : "https://github.com/shadow-maint/shadow/issues/27" - }, - { - "name" : "DSA-3793", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3793" - }, - { - "name" : "GLSA-201706-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-02" - }, - { - "name" : "92055", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92055" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160719 Re: subuid security patches for shadow package", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/19/7" + }, + { + "name": "92055", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92055" + }, + { + "name": "GLSA-201706-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-02" + }, + { + "name": "https://github.com/shadow-maint/shadow/issues/27", + "refsource": "CONFIRM", + "url": "https://github.com/shadow-maint/shadow/issues/27" + }, + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=979282", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=979282" + }, + { + "name": "[oss-security] 20160725 Re: Re: [Pkg-shadow-devel] subuid security patches for shadow package", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/25/7" + }, + { + "name": "[oss-security] 20160719 subuid security patches for shadow package", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/19/6" + }, + { + "name": "[oss-security] 20160720 Re: subuid security patches for shadow package", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/20/2" + }, + { + "name": "DSA-3793", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3793" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6336.json b/2016/6xxx/CVE-2016-6336.json index 2495c06e8ac..09f8cb57883 100644 --- a/2016/6xxx/CVE-2016-6336.json +++ b/2016/6xxx/CVE-2016-6336.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-6336", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-6336", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[MediaWiki-announce] 20160823 Security Release - 1.27.1, 1.26.4, 1.23.15", - "refsource" : "MLIST", - "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1369613", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1369613" - }, - { - "name" : "https://phabricator.wikimedia.org/T132926", - "refsource" : "CONFIRM", - "url" : "https://phabricator.wikimedia.org/T132926" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[MediaWiki-announce] 20160823 Security Release - 1.27.1, 1.26.4, 1.23.15", + "refsource": "MLIST", + "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613" + }, + { + "name": "https://phabricator.wikimedia.org/T132926", + "refsource": "CONFIRM", + "url": "https://phabricator.wikimedia.org/T132926" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6466.json b/2016/6xxx/CVE-2016-6466.json index 280a6c22ff2..800355c3f2a 100644 --- a/2016/6xxx/CVE-2016-6466.json +++ b/2016/6xxx/CVE-2016-6466.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2016-6466", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco StarOS 20.0.0 through 21.0.M0.64246", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco StarOS 20.0.0 through 21.0.M0.64246" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 Series routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service (DoS) condition. This vulnerability affects the following Cisco products: Cisco ASR 5000/5500 Series routers, Cisco Virtualized Packet Core (VPC). More Information: CSCva13631. Known Affected Releases: 20.0.0 20.1.0 20.2.0 20.2.3 20.2.v1 21.0.0 21.0.M0.64246. Known Fixed Releases: 20.2.3 20.2.3.65026 20.2.a4.65307 20.2.v1 20.2.v1.65353 20.3.M0.65037 20.3.T0.65043 21.0.0 21.0.0.65256 21.0.M0.64595 21.0.M0.64860 21.0.M0.65140 21.0.V0.65052 21.0.V0.65150 21.0.V0.65366 21.0.VC0.64639 21.1.A0.64861 21.1.A0.65145 21.1.PP0.65270 21.1.R0.65130 21.1.R0.65135 21.1.R0.65154 21.1.VC0.64898 21.1.VC0.65203 21.2.A0.65147." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unspecified" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6466", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco StarOS 20.0.0 through 21.0.M0.64246", + "version": { + "version_data": [ + { + "version_value": "Cisco StarOS 20.0.0 through 21.0.M0.64246" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-asr", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-asr" - }, - { - "name" : "94361", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94361" - }, - { - "name" : "1037308", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037308" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 Series routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service (DoS) condition. This vulnerability affects the following Cisco products: Cisco ASR 5000/5500 Series routers, Cisco Virtualized Packet Core (VPC). More Information: CSCva13631. Known Affected Releases: 20.0.0 20.1.0 20.2.0 20.2.3 20.2.v1 21.0.0 21.0.M0.64246. Known Fixed Releases: 20.2.3 20.2.3.65026 20.2.a4.65307 20.2.v1 20.2.v1.65353 20.3.M0.65037 20.3.T0.65043 21.0.0 21.0.0.65256 21.0.M0.64595 21.0.M0.64860 21.0.M0.65140 21.0.V0.65052 21.0.V0.65150 21.0.V0.65366 21.0.VC0.64639 21.1.A0.64861 21.1.A0.65145 21.1.PP0.65270 21.1.R0.65130 21.1.R0.65135 21.1.R0.65154 21.1.VC0.64898 21.1.VC0.65203 21.2.A0.65147." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-asr", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-asr" + }, + { + "name": "1037308", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037308" + }, + { + "name": "94361", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94361" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6621.json b/2016/6xxx/CVE-2016-6621.json index 18e4af937f3..2f9e24c275f 100644 --- a/2016/6xxx/CVE-2016-6621.json +++ b/2016/6xxx/CVE-2016-6621.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6621", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6621", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180706 [SECURITY] [DLA 1415-1] phpmyadmin security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html" - }, - { - "name" : "https://www.phpmyadmin.net/security/PMASA-2016-44/", - "refsource" : "CONFIRM", - "url" : "https://www.phpmyadmin.net/security/PMASA-2016-44/" - }, - { - "name" : "95914", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95914" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.phpmyadmin.net/security/PMASA-2016-44/", + "refsource": "CONFIRM", + "url": "https://www.phpmyadmin.net/security/PMASA-2016-44/" + }, + { + "name": "[debian-lts-announce] 20180706 [SECURITY] [DLA 1415-1] phpmyadmin security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html" + }, + { + "name": "95914", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95914" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7013.json b/2016/7xxx/CVE-2016-7013.json index 1654101fff5..edd8543579e 100644 --- a/2016/7xxx/CVE-2016-7013.json +++ b/2016/7xxx/CVE-2016-7013.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7013", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-7013", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" - }, - { - "name" : "93496", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93496" - }, - { - "name" : "1036986", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036986", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036986" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" + }, + { + "name": "93496", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93496" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7309.json b/2016/7xxx/CVE-2016-7309.json index bb38a104379..ae256910438 100644 --- a/2016/7xxx/CVE-2016-7309.json +++ b/2016/7xxx/CVE-2016-7309.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7309", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7309", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7632.json b/2016/7xxx/CVE-2016-7632.json index d6ed6b81fbf..971f1cef2aa 100644 --- a/2016/7xxx/CVE-2016-7632.json +++ b/2016/7xxx/CVE-2016-7632.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-7632", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-7632", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207421", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207421" - }, - { - "name" : "https://support.apple.com/HT207422", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207422" - }, - { - "name" : "https://support.apple.com/HT207424", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207424" - }, - { - "name" : "https://support.apple.com/HT207427", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207427" - }, - { - "name" : "GLSA-201706-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-15" - }, - { - "name" : "94907", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94907" - }, - { - "name" : "1037459", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037459" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT207427", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207427" + }, + { + "name": "94907", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94907" + }, + { + "name": "https://support.apple.com/HT207421", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207421" + }, + { + "name": "1037459", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037459" + }, + { + "name": "https://support.apple.com/HT207422", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207422" + }, + { + "name": "GLSA-201706-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-15" + }, + { + "name": "https://support.apple.com/HT207424", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207424" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7691.json b/2016/7xxx/CVE-2016-7691.json index 03c05a58edc..383e83877ca 100644 --- a/2016/7xxx/CVE-2016-7691.json +++ b/2016/7xxx/CVE-2016-7691.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7691", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7691", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7800.json b/2016/7xxx/CVE-2016-7800.json index 2bad78b2ef6..4609884471d 100644 --- a/2016/7xxx/CVE-2016-7800.json +++ b/2016/7xxx/CVE-2016-7800.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7800", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7800", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161001 Re: GraphicsMagick CVE request: 8BIM/8BIMW unsigned underflow leads to heap overflow", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/01/7" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1381148", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1381148" - }, - { - "name" : "https://sourceforge.net/p/graphicsmagick/code/ci/5c7b6d6094a25e99c57f8b18343914ebfd8213ef/", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/p/graphicsmagick/code/ci/5c7b6d6094a25e99c57f8b18343914ebfd8213ef/" - }, - { - "name" : "DSA-3746", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3746" - }, - { - "name" : "openSUSE-SU-2016:2641", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html" - }, - { - "name" : "openSUSE-SU-2016:2644", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-10/msg00097.html" - }, - { - "name" : "96135", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96135" - }, - { - "name" : "93262", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93262" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceforge.net/p/graphicsmagick/code/ci/5c7b6d6094a25e99c57f8b18343914ebfd8213ef/", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/p/graphicsmagick/code/ci/5c7b6d6094a25e99c57f8b18343914ebfd8213ef/" + }, + { + "name": "openSUSE-SU-2016:2641", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html" + }, + { + "name": "[oss-security] 20161001 Re: GraphicsMagick CVE request: 8BIM/8BIMW unsigned underflow leads to heap overflow", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/01/7" + }, + { + "name": "93262", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93262" + }, + { + "name": "DSA-3746", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3746" + }, + { + "name": "openSUSE-SU-2016:2644", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-10/msg00097.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1381148", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381148" + }, + { + "name": "96135", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96135" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8251.json b/2016/8xxx/CVE-2016-8251.json index 42197d252cf..488eba17712 100644 --- a/2016/8xxx/CVE-2016-8251.json +++ b/2016/8xxx/CVE-2016-8251.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8251", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8251", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8470.json b/2016/8xxx/CVE-2016-8470.json index d28c2fa5f75..f7698f67cbd 100644 --- a/2016/8xxx/CVE-2016-8470.json +++ b/2016/8xxx/CVE-2016-8470.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-8470", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31528889. References: MT-ALPS02961395." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-8470", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-01-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-01-01.html" - }, - { - "name" : "95235", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95235" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31528889. References: MT-ALPS02961395." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-01-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-01-01.html" + }, + { + "name": "95235", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95235" + } + ] + } +} \ No newline at end of file