From 057255080995f8b7c8bed1022e5696f5d842fd75 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:57:40 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/5xxx/CVE-2006-5211.json | 190 +++++++++++------------ 2006/5xxx/CVE-2006-5309.json | 180 +++++++++++----------- 2006/5xxx/CVE-2006-5604.json | 130 ++++++++-------- 2006/5xxx/CVE-2006-5658.json | 180 +++++++++++----------- 2007/2xxx/CVE-2007-2010.json | 180 +++++++++++----------- 2007/2xxx/CVE-2007-2243.json | 170 ++++++++++----------- 2007/2xxx/CVE-2007-2262.json | 180 +++++++++++----------- 2007/2xxx/CVE-2007-2431.json | 170 ++++++++++----------- 2007/2xxx/CVE-2007-2619.json | 170 ++++++++++----------- 2007/3xxx/CVE-2007-3454.json | 190 +++++++++++------------ 2007/3xxx/CVE-2007-3712.json | 130 ++++++++-------- 2007/6xxx/CVE-2007-6292.json | 150 +++++++++--------- 2010/0xxx/CVE-2010-0202.json | 160 +++++++++---------- 2010/0xxx/CVE-2010-0260.json | 160 +++++++++---------- 2010/0xxx/CVE-2010-0803.json | 170 ++++++++++----------- 2010/0xxx/CVE-2010-0875.json | 140 ++++++++--------- 2010/1xxx/CVE-2010-1841.json | 150 +++++++++--------- 2010/5xxx/CVE-2010-5005.json | 130 ++++++++-------- 2010/5xxx/CVE-2010-5303.json | 120 +++++++-------- 2010/5xxx/CVE-2010-5311.json | 34 ++--- 2014/0xxx/CVE-2014-0066.json | 270 ++++++++++++++++----------------- 2014/0xxx/CVE-2014-0252.json | 34 ++--- 2014/0xxx/CVE-2014-0600.json | 150 +++++++++--------- 2014/0xxx/CVE-2014-0902.json | 34 ++--- 2014/1xxx/CVE-2014-1257.json | 120 +++++++-------- 2014/1xxx/CVE-2014-1338.json | 170 ++++++++++----------- 2014/1xxx/CVE-2014-1756.json | 120 +++++++-------- 2014/4xxx/CVE-2014-4124.json | 150 +++++++++--------- 2014/4xxx/CVE-2014-4225.json | 190 +++++++++++------------ 2014/4xxx/CVE-2014-4359.json | 34 ++--- 2014/4xxx/CVE-2014-4944.json | 130 ++++++++-------- 2014/5xxx/CVE-2014-5199.json | 130 ++++++++-------- 2014/5xxx/CVE-2014-5559.json | 140 ++++++++--------- 2016/10xxx/CVE-2016-10141.json | 140 ++++++++--------- 2016/10xxx/CVE-2016-10189.json | 170 ++++++++++----------- 2016/3xxx/CVE-2016-3209.json | 140 ++++++++--------- 2016/8xxx/CVE-2016-8416.json | 150 +++++++++--------- 2016/8xxx/CVE-2016-8533.json | 122 +++++++-------- 2016/8xxx/CVE-2016-8659.json | 150 +++++++++--------- 2016/9xxx/CVE-2016-9527.json | 34 ++--- 2016/9xxx/CVE-2016-9590.json | 186 +++++++++++------------ 2016/9xxx/CVE-2016-9773.json | 150 +++++++++--------- 2016/9xxx/CVE-2016-9794.json | 260 +++++++++++++++---------------- 2019/2xxx/CVE-2019-2323.json | 34 ++--- 2019/2xxx/CVE-2019-2412.json | 132 ++++++++-------- 2019/2xxx/CVE-2019-2526.json | 140 ++++++++--------- 2019/2xxx/CVE-2019-2606.json | 34 ++--- 2019/6xxx/CVE-2019-6718.json | 34 ++--- 2019/6xxx/CVE-2019-6905.json | 34 ++--- 49 files changed, 3333 insertions(+), 3333 deletions(-) diff --git a/2006/5xxx/CVE-2006-5211.json b/2006/5xxx/CVE-2006-5211.json index 4a0453a57fa..8e0214fb62c 100644 --- a/2006/5xxx/CVE-2006-5211.json +++ b/2006/5xxx/CVE-2006-5211.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to remove OfficeScan clients via a certain HTTP request that invokes the OfficeScan CGI program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.trendmicro.com/download/product.asp?productid=5", - "refsource" : "CONFIRM", - "url" : "http://www.trendmicro.com/download/product.asp?productid=5" - }, - { - "name" : "http://www.trendmicro.com/ftp/documentation/readme/csm_2.0_osce_6.0_win_en_securitypatch_1385_readme.txt", - "refsource" : "CONFIRM", - "url" : "http://www.trendmicro.com/ftp/documentation/readme/csm_2.0_osce_6.0_win_en_securitypatch_1385_readme.txt" - }, - { - "name" : "http://www.trendmicro.com/ftp/documentation/readme/osce_6.5_win_en_securitypatch_1418_readme.txt", - "refsource" : "CONFIRM", - "url" : "http://www.trendmicro.com/ftp/documentation/readme/osce_6.5_win_en_securitypatch_1418_readme.txt" - }, - { - "name" : "http://www.trendmicro.com/ftp/documentation/readme/osce_7.3_win_en_securitypatch_1053_readme.txt", - "refsource" : "CONFIRM", - "url" : "http://www.trendmicro.com/ftp/documentation/readme/osce_7.3_win_en_securitypatch_1053_readme.txt" - }, - { - "name" : "http://www.trendmicro.com/ftp/documentation/readme/osce_70_win_en_securitypatch_1257_readme.txt", - "refsource" : "CONFIRM", - "url" : "http://www.trendmicro.com/ftp/documentation/readme/osce_70_win_en_securitypatch_1257_readme.txt" - }, - { - "name" : "20330", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20330" - }, - { - "name" : "ADV-2006-3882", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3882" - }, - { - "name" : "22156", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22156" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to remove OfficeScan clients via a certain HTTP request that invokes the OfficeScan CGI program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20330", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20330" + }, + { + "name": "http://www.trendmicro.com/ftp/documentation/readme/osce_70_win_en_securitypatch_1257_readme.txt", + "refsource": "CONFIRM", + "url": "http://www.trendmicro.com/ftp/documentation/readme/osce_70_win_en_securitypatch_1257_readme.txt" + }, + { + "name": "http://www.trendmicro.com/ftp/documentation/readme/osce_7.3_win_en_securitypatch_1053_readme.txt", + "refsource": "CONFIRM", + "url": "http://www.trendmicro.com/ftp/documentation/readme/osce_7.3_win_en_securitypatch_1053_readme.txt" + }, + { + "name": "http://www.trendmicro.com/ftp/documentation/readme/csm_2.0_osce_6.0_win_en_securitypatch_1385_readme.txt", + "refsource": "CONFIRM", + "url": "http://www.trendmicro.com/ftp/documentation/readme/csm_2.0_osce_6.0_win_en_securitypatch_1385_readme.txt" + }, + { + "name": "ADV-2006-3882", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3882" + }, + { + "name": "22156", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22156" + }, + { + "name": "http://www.trendmicro.com/download/product.asp?productid=5", + "refsource": "CONFIRM", + "url": "http://www.trendmicro.com/download/product.asp?productid=5" + }, + { + "name": "http://www.trendmicro.com/ftp/documentation/readme/osce_6.5_win_en_securitypatch_1418_readme.txt", + "refsource": "CONFIRM", + "url": "http://www.trendmicro.com/ftp/documentation/readme/osce_6.5_win_en_securitypatch_1418_readme.txt" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5309.json b/2006/5xxx/CVE-2006-5309.json index ee853ff90e2..aab57bbbe96 100644 --- a/2006/5xxx/CVE-2006-5309.json +++ b/2006/5xxx/CVE-2006-5309.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5309", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in language/lang_french/lang_prillian_faq.php in the Prillian French 0.8.0 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5309", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061012 PhpBB Prillian French Remote File Include Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/448663/100/0/threaded" - }, - { - "name" : "2550", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2550" - }, - { - "name" : "20520", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20520" - }, - { - "name" : "ADV-2006-4040", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4040" - }, - { - "name" : "22430", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22430" - }, - { - "name" : "1732", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1732" - }, - { - "name" : "phpbb-prillian-file-include(29565)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29565" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in language/lang_french/lang_prillian_faq.php in the Prillian French 0.8.0 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20520", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20520" + }, + { + "name": "22430", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22430" + }, + { + "name": "phpbb-prillian-file-include(29565)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29565" + }, + { + "name": "ADV-2006-4040", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4040" + }, + { + "name": "20061012 PhpBB Prillian French Remote File Include Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/448663/100/0/threaded" + }, + { + "name": "2550", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2550" + }, + { + "name": "1732", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1732" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5604.json b/2006/5xxx/CVE-2006-5604.json index e293ad8a77a..bda7f918766 100644 --- a/2006/5xxx/CVE-2006-5604.json +++ b/2006/5xxx/CVE-2006-5604.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5604", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in phpcards.header.php in phpCards 1.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the CardLanguageFile parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5604", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1017070", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017070" - }, - { - "name" : "phpcards-cardlanguage-file-include(29615)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29615" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in phpcards.header.php in phpCards 1.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the CardLanguageFile parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpcards-cardlanguage-file-include(29615)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29615" + }, + { + "name": "1017070", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017070" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5658.json b/2006/5xxx/CVE-2006-5658.json index 5fb5aa462d0..82aed06224b 100644 --- a/2006/5xxx/CVE-2006-5658.json +++ b/2006/5xxx/CVE-2006-5658.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5658", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BlooMooWeb ActiveX control (AidemATL.dll) allows remote attackers to (1) download arbitrary files via a URL in the bstrUrl parameter to the BW_DownloadFile method, (2) execute arbitrary local files via a file path in the bstrParams parameter to the BW_LaunchGame method, and (3) delete arbitrary files via a file path in the filePath parameter to the BW_DeleteTempFile method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5658", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061031 ActiveX security leaks in the TV owned web game platform", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/450144/100/0/threaded" - }, - { - "name" : "20827", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20827" - }, - { - "name" : "ADV-2006-4294", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4294" - }, - { - "name" : "22666", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22666" - }, - { - "name" : "1808", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1808" - }, - { - "name" : "bloomooweb-activex-command-execution(29968)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29968" - }, - { - "name" : "bloomooweb-bwdeletetempfile-dos(29997)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29997" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BlooMooWeb ActiveX control (AidemATL.dll) allows remote attackers to (1) download arbitrary files via a URL in the bstrUrl parameter to the BW_DownloadFile method, (2) execute arbitrary local files via a file path in the bstrParams parameter to the BW_LaunchGame method, and (3) delete arbitrary files via a file path in the filePath parameter to the BW_DeleteTempFile method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "bloomooweb-activex-command-execution(29968)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29968" + }, + { + "name": "bloomooweb-bwdeletetempfile-dos(29997)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29997" + }, + { + "name": "22666", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22666" + }, + { + "name": "20827", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20827" + }, + { + "name": "ADV-2006-4294", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4294" + }, + { + "name": "20061031 ActiveX security leaks in the TV owned web game platform", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/450144/100/0/threaded" + }, + { + "name": "1808", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1808" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2010.json b/2007/2xxx/CVE-2007-2010.json index 27863032dfb..58e8669d204 100644 --- a/2007/2xxx/CVE-2007-2010.json +++ b/2007/2xxx/CVE-2007-2010.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2010", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in bftpd before 1.8 allows remote authenticated users to cause a denial of service (daemon crash) via a (1) get or (2) mget command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2010", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bftpd.sourceforge.net/downloads/CHANGELOG", - "refsource" : "CONFIRM", - "url" : "http://bftpd.sourceforge.net/downloads/CHANGELOG" - }, - { - "name" : "http://bftpd.sourceforge.net/", - "refsource" : "CONFIRM", - "url" : "http://bftpd.sourceforge.net/" - }, - { - "name" : "23406", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23406" - }, - { - "name" : "ADV-2007-1347", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1347" - }, - { - "name" : "34889", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34889" - }, - { - "name" : "24864", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24864" - }, - { - "name" : "bftpd-getmget-dos(33594)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33594" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in bftpd before 1.8 allows remote authenticated users to cause a denial of service (daemon crash) via a (1) get or (2) mget command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23406", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23406" + }, + { + "name": "34889", + "refsource": "OSVDB", + "url": "http://osvdb.org/34889" + }, + { + "name": "24864", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24864" + }, + { + "name": "http://bftpd.sourceforge.net/downloads/CHANGELOG", + "refsource": "CONFIRM", + "url": "http://bftpd.sourceforge.net/downloads/CHANGELOG" + }, + { + "name": "ADV-2007-1347", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1347" + }, + { + "name": "http://bftpd.sourceforge.net/", + "refsource": "CONFIRM", + "url": "http://bftpd.sourceforge.net/" + }, + { + "name": "bftpd-getmget-dos(33594)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33594" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2243.json b/2007/2xxx/CVE-2007-2243.json index e4fef4c9ed0..ef18103d255 100644 --- a/2007/2xxx/CVE-2007-2243.json +++ b/2007/2xxx/CVE-2007-2243.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2243", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070421 OpenSSH - System Account Enumeration if S/Key is used", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053906.html" - }, - { - "name" : "20070424 OpenSSH - System Account Enumeration if S/Key is used", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053951.html" - }, - { - "name" : "23601", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23601" - }, - { - "name" : "34600", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/34600" - }, - { - "name" : "2631", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2631" - }, - { - "name" : "openssh-challenge-information-disclosure(33794)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33794" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070421 OpenSSH - System Account Enumeration if S/Key is used", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053906.html" + }, + { + "name": "23601", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23601" + }, + { + "name": "2631", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2631" + }, + { + "name": "34600", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/34600" + }, + { + "name": "openssh-challenge-information-disclosure(33794)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33794" + }, + { + "name": "20070424 OpenSSH - System Account Enumeration if S/Key is used", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053951.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2262.json b/2007/2xxx/CVE-2007-2262.json index 85b00033d23..809f924d353 100644 --- a/2007/2xxx/CVE-2007-2262.json +++ b/2007/2xxx/CVE-2007-2262.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2262", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in html/php/detail.php in Sinato jmuffin allow remote attackers to execute arbitrary PHP code via a URL in the (1) relPath and (2) folder parameters. NOTE: this product was originally reported as \"File117\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2262", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070422 File117 Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/466675/100/0/threaded" - }, - { - "name" : "23600", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23600" - }, - { - "name" : "23655", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23655" - }, - { - "name" : "ADV-2007-1520", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1520" - }, - { - "name" : "35612", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35612" - }, - { - "name" : "2626", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2626" - }, - { - "name" : "file117-detail-file-include(33815)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33815" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in html/php/detail.php in Sinato jmuffin allow remote attackers to execute arbitrary PHP code via a URL in the (1) relPath and (2) folder parameters. NOTE: this product was originally reported as \"File117\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35612", + "refsource": "OSVDB", + "url": "http://osvdb.org/35612" + }, + { + "name": "20070422 File117 Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/466675/100/0/threaded" + }, + { + "name": "2626", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2626" + }, + { + "name": "23600", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23600" + }, + { + "name": "23655", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23655" + }, + { + "name": "ADV-2007-1520", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1520" + }, + { + "name": "file117-detail-file-include(33815)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33815" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2431.json b/2007/2xxx/CVE-2007-2431.json index 8eb40c0e749..b398ff6f4b8 100644 --- a/2007/2xxx/CVE-2007-2431.json +++ b/2007/2xxx/CVE-2007-2431.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2431", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dynamic variable evaluation vulnerability in shared/config/tce_config.php in TCExam 4.0.011 and earlier allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks by modifying critical variables such as $_SERVER, as demonstrated by injecting web script via the _SERVER[SCRIPT_NAME] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2431", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3816", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3816" - }, - { - "name" : "http://sourceforge.net/forum/forum.php?forum_id=690912", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/forum/forum.php?forum_id=690912" - }, - { - "name" : "20070501 TCExam - 'XSS' is dynamic variable evaluation; vendor patch", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2007-May/001572.html" - }, - { - "name" : "23704", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23704" - }, - { - "name" : "25008", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25008" - }, - { - "name" : "tcexam-server-xss(33957)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33957" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dynamic variable evaluation vulnerability in shared/config/tce_config.php in TCExam 4.0.011 and earlier allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks by modifying critical variables such as $_SERVER, as demonstrated by injecting web script via the _SERVER[SCRIPT_NAME] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25008", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25008" + }, + { + "name": "http://sourceforge.net/forum/forum.php?forum_id=690912", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/forum/forum.php?forum_id=690912" + }, + { + "name": "23704", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23704" + }, + { + "name": "20070501 TCExam - 'XSS' is dynamic variable evaluation; vendor patch", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2007-May/001572.html" + }, + { + "name": "tcexam-server-xss(33957)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33957" + }, + { + "name": "3816", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3816" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2619.json b/2007/2xxx/CVE-2007-2619.json index fd11419d310..79c94755616 100644 --- a/2007/2xxx/CVE-2007-2619.json +++ b/2007/2xxx/CVE-2007-2619.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2619", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Symantec pcAnywhere 11.5.x and 12.0.x retains unencrypted login credentials for the most recent login within process memory, which allows local administrators to obtain the credentials by reading process memory, a different vulnerability than CVE-2006-3785." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2619", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://securityresponse.symantec.com/avcenter/security/Content/2007.05.09b.html", - "refsource" : "CONFIRM", - "url" : "http://securityresponse.symantec.com/avcenter/security/Content/2007.05.09b.html" - }, - { - "name" : "23875", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23875" - }, - { - "name" : "ADV-2007-1753", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1753" - }, - { - "name" : "41982", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41982" - }, - { - "name" : "1018032", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018032" - }, - { - "name" : "pcanywhere-memory-information-disclosure(34203)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34203" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Symantec pcAnywhere 11.5.x and 12.0.x retains unencrypted login credentials for the most recent login within process memory, which allows local administrators to obtain the credentials by reading process memory, a different vulnerability than CVE-2006-3785." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "pcanywhere-memory-information-disclosure(34203)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34203" + }, + { + "name": "ADV-2007-1753", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1753" + }, + { + "name": "41982", + "refsource": "OSVDB", + "url": "http://osvdb.org/41982" + }, + { + "name": "http://securityresponse.symantec.com/avcenter/security/Content/2007.05.09b.html", + "refsource": "CONFIRM", + "url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.05.09b.html" + }, + { + "name": "1018032", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018032" + }, + { + "name": "23875", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23875" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3454.json b/2007/3xxx/CVE-2007-3454.json index c0b1705126a..640ce8ebc83 100644 --- a/2007/3xxx/CVE-2007-3454.json +++ b/2007/3xxx/CVE-2007-3454.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3454", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to execute arbitrary code via long crafted requests, as demonstrated using a long session cookie to unspecified CGI programs that use this library." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3454", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070716 Trend Micro OfficeScan Session Cookie Buffer Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=559" - }, - { - "name" : "http://www.trendmicro.com/ftp/documentation/readme/osce_80_win_en_securitypatch_b1042_readme.txt", - "refsource" : "CONFIRM", - "url" : "http://www.trendmicro.com/ftp/documentation/readme/osce_80_win_en_securitypatch_b1042_readme.txt" - }, - { - "name" : "24641", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24641" - }, - { - "name" : "36629", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36629" - }, - { - "name" : "ADV-2007-2330", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2330" - }, - { - "name" : "1018320", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018320" - }, - { - "name" : "25778", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25778" - }, - { - "name" : "officescan-cgiocommon-bo(35051)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35051" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to execute arbitrary code via long crafted requests, as demonstrated using a long session cookie to unspecified CGI programs that use this library." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24641", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24641" + }, + { + "name": "36629", + "refsource": "OSVDB", + "url": "http://osvdb.org/36629" + }, + { + "name": "http://www.trendmicro.com/ftp/documentation/readme/osce_80_win_en_securitypatch_b1042_readme.txt", + "refsource": "CONFIRM", + "url": "http://www.trendmicro.com/ftp/documentation/readme/osce_80_win_en_securitypatch_b1042_readme.txt" + }, + { + "name": "officescan-cgiocommon-bo(35051)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35051" + }, + { + "name": "20070716 Trend Micro OfficeScan Session Cookie Buffer Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=559" + }, + { + "name": "1018320", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018320" + }, + { + "name": "ADV-2007-2330", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2330" + }, + { + "name": "25778", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25778" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3712.json b/2007/3xxx/CVE-2007-3712.json index edda19408c6..92db1d0f3ae 100644 --- a/2007/3xxx/CVE-2007-3712.json +++ b/2007/3xxx/CVE-2007-3712.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3712", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in HiddenChest \"is ve Bayi Basvuru Formu\" (Yb ve Bayi Babvuru Formu) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3712", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "24812", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24812" - }, - { - "name" : "36873", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36873" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in HiddenChest \"is ve Bayi Basvuru Formu\" (Yb ve Bayi Babvuru Formu) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36873", + "refsource": "OSVDB", + "url": "http://osvdb.org/36873" + }, + { + "name": "24812", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24812" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6292.json b/2007/6xxx/CVE-2007-6292.json index 8cb475e24e2..264c7132af8 100644 --- a/2007/6xxx/CVE-2007-6292.json +++ b/2007/6xxx/CVE-2007-6292.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6292", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in leggi_commenti.asp in MWOpen 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6292", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4697", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4697" - }, - { - "name" : "26746", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26746" - }, - { - "name" : "27956", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27956" - }, - { - "name" : "mwopen-ecommerce-leggicommenti-sql-injection(38905)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38905" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in leggi_commenti.asp in MWOpen 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4697", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4697" + }, + { + "name": "26746", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26746" + }, + { + "name": "mwopen-ecommerce-leggicommenti-sql-injection(38905)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38905" + }, + { + "name": "27956", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27956" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0202.json b/2010/0xxx/CVE-2010-0202.json index d733f2da779..49fdde6a957 100644 --- a/2010/0xxx/CVE-2010-0202.json +++ b/2010/0xxx/CVE-2010-0202.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0202", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0199, and CVE-2010-0203." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-0202", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-09.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-09.html" - }, - { - "name" : "TA10-103C", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-103C.html" - }, - { - "name" : "39329", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39329" - }, - { - "name" : "oval:org.mitre.oval:def:6733", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6733" - }, - { - "name" : "ADV-2010-0873", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0873" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0199, and CVE-2010-0203." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-0873", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0873" + }, + { + "name": "TA10-103C", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-103C.html" + }, + { + "name": "39329", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39329" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-09.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-09.html" + }, + { + "name": "oval:org.mitre.oval:def:6733", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6733" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0260.json b/2010/0xxx/CVE-2010-0260.json index d3925b2a42a..493d06b4a5b 100644 --- a/2010/0xxx/CVE-2010-0260.json +++ b/2010/0xxx/CVE-2010-0260.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0260", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which \"a MDXTUPLE record is broken up into several records,\" aka \"Microsoft Office Excel MDXTUPLE Record Heap Overflow Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-0260", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100309 Microsoft Excel MDXTUPLE Record Heap Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=862" - }, - { - "name" : "MS10-017", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017" - }, - { - "name" : "TA10-068A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-068A.html" - }, - { - "name" : "oval:org.mitre.oval:def:7862", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7862" - }, - { - "name" : "1023698", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023698" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which \"a MDXTUPLE record is broken up into several records,\" aka \"Microsoft Office Excel MDXTUPLE Record Heap Overflow Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS10-017", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017" + }, + { + "name": "TA10-068A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html" + }, + { + "name": "1023698", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023698" + }, + { + "name": "oval:org.mitre.oval:def:7862", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7862" + }, + { + "name": "20100309 Microsoft Excel MDXTUPLE Record Heap Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=862" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0803.json b/2010/0xxx/CVE-2010-0803.json index 5acd4ae309b..8720b754feb 100644 --- a/2010/0xxx/CVE-2010-0803.json +++ b/2010/0xxx/CVE-2010-0803.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0803", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the jVideoDirect (com_jvideodirect) component 1.1 RC3b for Joomla! allows remote attackers to execute arbitrary SQL commands via the v parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0803", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1001-exploits/joomlajvideodirect-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1001-exploits/joomlajvideodirect-sql.txt" - }, - { - "name" : "11280", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11280" - }, - { - "name" : "37990", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37990" - }, - { - "name" : "62042", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/62042" - }, - { - "name" : "38436", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38436" - }, - { - "name" : "jvideo-v-sql-injection(55957)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55957" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the jVideoDirect (com_jvideodirect) component 1.1 RC3b for Joomla! allows remote attackers to execute arbitrary SQL commands via the v parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11280", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11280" + }, + { + "name": "62042", + "refsource": "OSVDB", + "url": "http://osvdb.org/62042" + }, + { + "name": "http://packetstormsecurity.org/1001-exploits/joomlajvideodirect-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1001-exploits/joomlajvideodirect-sql.txt" + }, + { + "name": "37990", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37990" + }, + { + "name": "jvideo-v-sql-injection(55957)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55957" + }, + { + "name": "38436", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38436" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0875.json b/2010/0xxx/CVE-2010-0875.json index a05ac14c2e9..0cdf5144098 100644 --- a/2010/0xxx/CVE-2010-0875.json +++ b/2010/0xxx/CVE-2010-0875.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0875", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Life Sciences - Oracle Thesaurus Management System component in Oracle Industry Product Suite 4.5.2, 4.6, and 4.6.1 allows remote attackers to affect integrity, related to TMS Browser." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-0875", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html" - }, - { - "name" : "TA10-103B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-103B.html" - }, - { - "name" : "1023872", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023872" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Life Sciences - Oracle Thesaurus Management System component in Oracle Industry Product Suite 4.5.2, 4.6, and 4.6.1 allows remote attackers to affect integrity, related to TMS Browser." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-103B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-103B.html" + }, + { + "name": "1023872", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023872" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1841.json b/2010/1xxx/CVE-2010-1841.json index da62a1f9ee3..68626c1c120 100644 --- a/2010/1xxx/CVE-2010-1841.json +++ b/2010/1xxx/CVE-2010-1841.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1841", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Disk Images in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted UDIF image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-1841", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4435", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4435" - }, - { - "name" : "APPLE-SA-2010-11-10-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" - }, - { - "name" : "44815", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44815" - }, - { - "name" : "1024723", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024723" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Disk Images in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted UDIF image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024723", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024723" + }, + { + "name": "http://support.apple.com/kb/HT4435", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4435" + }, + { + "name": "APPLE-SA-2010-11-10-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" + }, + { + "name": "44815", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44815" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5005.json b/2010/5xxx/CVE-2010-5005.json index 9068927f1db..ff56c918d96 100644 --- a/2010/5xxx/CVE-2010-5005.json +++ b/2010/5xxx/CVE-2010-5005.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5005", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in members/profileCommentsResponse.php in Rayzz Photoz allows remote attackers to inject arbitrary web script or HTML via the profileCommentTextArea parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40627", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40627" - }, - { - "name" : "40113", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40113" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in members/profileCommentsResponse.php in Rayzz Photoz allows remote attackers to inject arbitrary web script or HTML via the profileCommentTextArea parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40627", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40627" + }, + { + "name": "40113", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40113" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5303.json b/2010/5xxx/CVE-2010-5303.json index b67a4def010..752413a4b5b 100644 --- a/2010/5xxx/CVE-2010-5303.json +++ b/2010/5xxx/CVE-2010-5303.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5303", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the displayError function in timthumb.php in TimThumb before 1.15 (r85), as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to $errorString." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5303", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://code.google.com/p/timthumb/source/detail?r=88", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/timthumb/source/detail?r=88" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the displayError function in timthumb.php in TimThumb before 1.15 (r85), as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to $errorString." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.google.com/p/timthumb/source/detail?r=88", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/timthumb/source/detail?r=88" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5311.json b/2010/5xxx/CVE-2010-5311.json index 24d8b374718..9f84e6f24d0 100644 --- a/2010/5xxx/CVE-2010-5311.json +++ b/2010/5xxx/CVE-2010-5311.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5311", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5311", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0066.json b/2014/0xxx/CVE-2014-0066.json index 9e053e943a2..82feb778e84 100644 --- a/2014/0xxx/CVE-2014-0066.json +++ b/2014/0xxx/CVE-2014-0066.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0066", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0066", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://wiki.postgresql.org/wiki/20140220securityrelease", - "refsource" : "CONFIRM", - "url" : "http://wiki.postgresql.org/wiki/20140220securityrelease" - }, - { - "name" : "http://www.postgresql.org/about/news/1506/", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/about/news/1506/" - }, - { - "name" : "http://support.apple.com/kb/HT6448", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6448" - }, - { - "name" : "https://support.apple.com/kb/HT6536", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT6536" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "APPLE-SA-2014-10-16-3", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html" - }, - { - "name" : "DSA-2864", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2864" - }, - { - "name" : "DSA-2865", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2865" - }, - { - "name" : "RHSA-2014:0469", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0469.html" - }, - { - "name" : "RHSA-2014:0211", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0211.html" - }, - { - "name" : "RHSA-2014:0221", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0221.html" - }, - { - "name" : "RHSA-2014:0249", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0249.html" - }, - { - "name" : "openSUSE-SU-2014:0345", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00018.html" - }, - { - "name" : "openSUSE-SU-2014:0368", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00038.html" - }, - { - "name" : "USN-2120-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2120-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:0211", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0211.html" + }, + { + "name": "RHSA-2014:0221", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0221.html" + }, + { + "name": "http://support.apple.com/kb/HT6448", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6448" + }, + { + "name": "RHSA-2014:0469", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0469.html" + }, + { + "name": "APPLE-SA-2014-10-16-3", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html" + }, + { + "name": "http://wiki.postgresql.org/wiki/20140220securityrelease", + "refsource": "CONFIRM", + "url": "http://wiki.postgresql.org/wiki/20140220securityrelease" + }, + { + "name": "DSA-2864", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2864" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "RHSA-2014:0249", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0249.html" + }, + { + "name": "http://www.postgresql.org/about/news/1506/", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/about/news/1506/" + }, + { + "name": "USN-2120-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2120-1" + }, + { + "name": "https://support.apple.com/kb/HT6536", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT6536" + }, + { + "name": "DSA-2865", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2865" + }, + { + "name": "openSUSE-SU-2014:0345", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00018.html" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" + }, + { + "name": "openSUSE-SU-2014:0368", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00038.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0252.json b/2014/0xxx/CVE-2014-0252.json index 7f4289bc58f..302c67c3ed6 100644 --- a/2014/0xxx/CVE-2014-0252.json +++ b/2014/0xxx/CVE-2014-0252.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0252", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-0252", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0600.json b/2014/0xxx/CVE-2014-0600.json index bfdc92c6397..27d7b5b5a87 100644 --- a/2014/0xxx/CVE-2014-0600.json +++ b/2014/0xxx/CVE-2014-0600.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0600", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-0600", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-296/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-296/" - }, - { - "name" : "http://www.novell.com/support/kb/doc.php?id=7015566", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/kb/doc.php?id=7015566" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=879192", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=879192" - }, - { - "name" : "1030801", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030801" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=879192", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=879192" + }, + { + "name": "http://www.novell.com/support/kb/doc.php?id=7015566", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/kb/doc.php?id=7015566" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-14-296/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-296/" + }, + { + "name": "1030801", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030801" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0902.json b/2014/0xxx/CVE-2014-0902.json index b7792dc653e..c346e164088 100644 --- a/2014/0xxx/CVE-2014-0902.json +++ b/2014/0xxx/CVE-2014-0902.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0902", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-0902", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1257.json b/2014/1xxx/CVE-2014-1257.json index cf8e21aeecd..33cb565f740 100644 --- a/2014/1xxx/CVE-2014-1257.json +++ b/2014/1xxx/CVE-2014-1257.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1257", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an unattended workstation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-1257", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT6150", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an unattended workstation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT6150", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6150" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1338.json b/2014/1xxx/CVE-2014-1338.json index 36a96e7a463..ec271acf4c3 100644 --- a/2014/1xxx/CVE-2014-1338.json +++ b/2014/1xxx/CVE-2014-1338.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1338", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-1338", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT6254", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6254" - }, - { - "name" : "https://support.apple.com/kb/HT6537", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT6537" - }, - { - "name" : "APPLE-SA-2014-05-21-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html" - }, - { - "name" : "APPLE-SA-2014-06-30-3", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html" - }, - { - "name" : "APPLE-SA-2014-06-30-4", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html" - }, - { - "name" : "67553", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67553" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/kb/HT6537", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT6537" + }, + { + "name": "APPLE-SA-2014-06-30-4", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html" + }, + { + "name": "http://support.apple.com/kb/HT6254", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6254" + }, + { + "name": "APPLE-SA-2014-06-30-3", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html" + }, + { + "name": "67553", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67553" + }, + { + "name": "APPLE-SA-2014-05-21-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1756.json b/2014/1xxx/CVE-2014-1756.json index 9f37b69f9ba..bacb6a06518 100644 --- a/2014/1xxx/CVE-2014-1756.json +++ b/2014/1xxx/CVE-2014-1756.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1756", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1, when the Simplified Chinese Proofing Tool is enabled, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka \"Microsoft Office Chinese Grammar Checking Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-1756", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-023", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-023" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1, when the Simplified Chinese Proofing Tool is enabled, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka \"Microsoft Office Chinese Grammar Checking Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS14-023", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-023" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4124.json b/2014/4xxx/CVE-2014-4124.json index 3dab9f3afb7..2d3560eba47 100644 --- a/2014/4xxx/CVE-2014-4124.json +++ b/2014/4xxx/CVE-2014-4124.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4124", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka \"Internet Explorer Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2014-4123." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-4124", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-056", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-056" - }, - { - "name" : "70349", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70349" - }, - { - "name" : "1031018", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031018" - }, - { - "name" : "60968", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka \"Internet Explorer Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2014-4123." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70349", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70349" + }, + { + "name": "60968", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60968" + }, + { + "name": "1031018", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031018" + }, + { + "name": "MS14-056", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-056" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4225.json b/2014/4xxx/CVE-2014-4225.json index 5be32fe25f4..c5fc374489b 100644 --- a/2014/4xxx/CVE-2014-4225.json +++ b/2014/4xxx/CVE-2014-4225.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4225", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Patch installation scripts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-4225", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded" - }, - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/23" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" - }, - { - "name" : "68566", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68566" - }, - { - "name" : "1030588", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030588" - }, - { - "name" : "59504", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59504" - }, - { - "name" : "oracle-cpujul2014-cve20144225(94608)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94608" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Patch installation scripts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" + }, + { + "name": "oracle-cpujul2014-cve20144225(94608)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94608" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" + }, + { + "name": "68566", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68566" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/23" + }, + { + "name": "1030588", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030588" + }, + { + "name": "59504", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59504" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4359.json b/2014/4xxx/CVE-2014-4359.json index 3cf85d34aee..77929ac28b0 100644 --- a/2014/4xxx/CVE-2014-4359.json +++ b/2014/4xxx/CVE-2014-4359.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4359", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-4359", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4944.json b/2014/4xxx/CVE-2014-4944.json index 84ffff80514..ba34d101564 100644 --- a/2014/4xxx/CVE-2014-4944.json +++ b/2014/4xxx/CVE-2014-4944.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4944", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in the BSK PDF Manager plugin 1.3.2 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) categoryid or (2) pdfid parameter to wp-admin/admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4944", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/127407/WordPress-BSK-PDF-Manager-1.3.2-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127407/WordPress-BSK-PDF-Manager-1.3.2-SQL-Injection.html" - }, - { - "name" : "68488", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68488" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in the BSK PDF Manager plugin 1.3.2 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) categoryid or (2) pdfid parameter to wp-admin/admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "68488", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68488" + }, + { + "name": "http://packetstormsecurity.com/files/127407/WordPress-BSK-PDF-Manager-1.3.2-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127407/WordPress-BSK-PDF-Manager-1.3.2-SQL-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5199.json b/2014/5xxx/CVE-2014-5199.json index 02ded2d24aa..83968e0ef4b 100644 --- a/2014/5xxx/CVE-2014-5199.json +++ b/2014/5xxx/CVE-2014-5199.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5199", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the WordPress File Upload plugin (wp-file-upload) before 2.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5199", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://wordpress.org/plugins/wp-file-upload/changelog", - "refsource" : "MISC", - "url" : "http://wordpress.org/plugins/wp-file-upload/changelog" - }, - { - "name" : "60520", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60520" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the WordPress File Upload plugin (wp-file-upload) before 2.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://wordpress.org/plugins/wp-file-upload/changelog", + "refsource": "MISC", + "url": "http://wordpress.org/plugins/wp-file-upload/changelog" + }, + { + "name": "60520", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60520" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5559.json b/2014/5xxx/CVE-2014-5559.json index fb8432e1dc2..ef93fa8e142 100644 --- a/2014/5xxx/CVE-2014-5559.json +++ b/2014/5xxx/CVE-2014-5559.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5559", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Kids GoldFish Care (aka air.josiane.sauveterre.kidsgoldfishcare) application 1.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5559", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#433337", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/433337" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Kids GoldFish Care (aka air.josiane.sauveterre.kidsgoldfishcare) application 1.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#433337", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/433337" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10141.json b/2016/10xxx/CVE-2016-10141.json index c723109489d..2bacffd80d5 100644 --- a/2016/10xxx/CVE-2016-10141.json +++ b/2016/10xxx/CVE-2016-10141.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10141", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An integer overflow vulnerability was observed in the regemit function in regexp.c in Artifex Software, Inc. MuJS before fa3d30fd18c348bb4b1f3858fb860f4fcd4b2045. The attack requires a regular expression with nested repetition. A successful exploitation of this issue can lead to code execution or a denial of service (buffer overflow) condition." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10141", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.ghostscript.com/?p=mujs.git;h=fa3d30fd18c348bb4b1f3858fb860f4fcd4b2045", - "refsource" : "CONFIRM", - "url" : "http://git.ghostscript.com/?p=mujs.git;h=fa3d30fd18c348bb4b1f3858fb860f4fcd4b2045" - }, - { - "name" : "https://bugs.ghostscript.com/show_bug.cgi?id=697448", - "refsource" : "CONFIRM", - "url" : "https://bugs.ghostscript.com/show_bug.cgi?id=697448" - }, - { - "name" : "95876", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95876" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An integer overflow vulnerability was observed in the regemit function in regexp.c in Artifex Software, Inc. MuJS before fa3d30fd18c348bb4b1f3858fb860f4fcd4b2045. The attack requires a regular expression with nested repetition. A successful exploitation of this issue can lead to code execution or a denial of service (buffer overflow) condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95876", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95876" + }, + { + "name": "https://bugs.ghostscript.com/show_bug.cgi?id=697448", + "refsource": "CONFIRM", + "url": "https://bugs.ghostscript.com/show_bug.cgi?id=697448" + }, + { + "name": "http://git.ghostscript.com/?p=mujs.git;h=fa3d30fd18c348bb4b1f3858fb860f4fcd4b2045", + "refsource": "CONFIRM", + "url": "http://git.ghostscript.com/?p=mujs.git;h=fa3d30fd18c348bb4b1f3858fb860f4fcd4b2045" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10189.json b/2016/10xxx/CVE-2016-10189.json index 29fca70738b..0f0a548a751 100644 --- a/2016/10xxx/CVE-2016-10189.json +++ b/2016/10xxx/CVE-2016-10189.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10189", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BitlBee before 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10189", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170130 CVE Request - Remote DoS vulnerabilities in BitlBee", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/30/4" - }, - { - "name" : "[oss-security] 20170131 Re: CVE Request - Remote DoS vulnerabilities in BitlBee", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/31/11" - }, - { - "name" : "https://bugs.bitlbee.org/ticket/1282", - "refsource" : "CONFIRM", - "url" : "https://bugs.bitlbee.org/ticket/1282" - }, - { - "name" : "https://github.com/bitlbee/bitlbee/commit/701ab8129ba9ea64f569daedca9a8603abad740f", - "refsource" : "CONFIRM", - "url" : "https://github.com/bitlbee/bitlbee/commit/701ab8129ba9ea64f569daedca9a8603abad740f" - }, - { - "name" : "DSA-3853", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3853" - }, - { - "name" : "95931", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95931" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BitlBee before 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95931", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95931" + }, + { + "name": "https://bugs.bitlbee.org/ticket/1282", + "refsource": "CONFIRM", + "url": "https://bugs.bitlbee.org/ticket/1282" + }, + { + "name": "DSA-3853", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3853" + }, + { + "name": "https://github.com/bitlbee/bitlbee/commit/701ab8129ba9ea64f569daedca9a8603abad740f", + "refsource": "CONFIRM", + "url": "https://github.com/bitlbee/bitlbee/commit/701ab8129ba9ea64f569daedca9a8603abad740f" + }, + { + "name": "[oss-security] 20170131 Re: CVE Request - Remote DoS vulnerabilities in BitlBee", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/31/11" + }, + { + "name": "[oss-security] 20170130 CVE Request - Remote DoS vulnerabilities in BitlBee", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/30/4" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3209.json b/2016/3xxx/CVE-2016-3209.json index fc13255d1c8..c67661514fd 100644 --- a/2016/3xxx/CVE-2016-3209.json +++ b/2016/3xxx/CVE-2016-3209.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3209", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; Live Meeting 2007 Console; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4.5.2, and 4.6; and Silverlight 5 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka \"True Type Font Parsing Information Disclosure Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3209", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-120", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-120" - }, - { - "name" : "93385", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93385" - }, - { - "name" : "1036988", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036988" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; Live Meeting 2007 Console; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4.5.2, and 4.6; and Silverlight 5 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka \"True Type Font Parsing Information Disclosure Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036988", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036988" + }, + { + "name": "MS16-120", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-120" + }, + { + "name": "93385", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93385" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8416.json b/2016/8xxx/CVE-2016-8416.json index 46efd16daa6..ac34df376d5 100644 --- a/2016/8xxx/CVE-2016-8416.json +++ b/2016/8xxx/CVE-2016-8416.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-8416", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32510746. References: QC-CR#1088206." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-8416", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-03-01" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f" - }, - { - "name" : "96734", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96734" - }, - { - "name" : "1037968", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32510746. References: QC-CR#1088206." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-03-01" + }, + { + "name": "1037968", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037968" + }, + { + "name": "96734", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96734" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8533.json b/2016/8xxx/CVE-2016-8533.json index 917eaf8d101..c685050b90e 100644 --- a/2016/8xxx/CVE-2016-8533.json +++ b/2016/8xxx/CVE-2016-8533.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-02-03T00:00:00", - "ID" : "CVE-2016-8533", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Matrix Operating Environment", - "version" : { - "version_data" : [ - { - "version_value" : "v7.6" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote priviledge escalation vulnerability in HPE Matrix Operating Environment version 7.6 was found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Priviledge Escalation" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-02-03T00:00:00", + "ID": "CVE-2016-8533", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Matrix Operating Environment", + "version": { + "version_data": [ + { + "version_value": "v7.6" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05385680", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05385680" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote priviledge escalation vulnerability in HPE Matrix Operating Environment version 7.6 was found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Priviledge Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05385680", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05385680" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8659.json b/2016/8xxx/CVE-2016-8659.json index 7be8ba78d8f..971b857aa68 100644 --- a/2016/8xxx/CVE-2016-8659.json +++ b/2016/8xxx/CVE-2016-8659.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8659", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8659", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161012 bubblewrap LPE", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/12/5" - }, - { - "name" : "[oss-security] 20161013 Re: bubblewrap LPE", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/13/4" - }, - { - "name" : "https://github.com/projectatomic/bubblewrap/issues/107", - "refsource" : "CONFIRM", - "url" : "https://github.com/projectatomic/bubblewrap/issues/107" - }, - { - "name" : "93542", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93542" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20161013 Re: bubblewrap LPE", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/13/4" + }, + { + "name": "https://github.com/projectatomic/bubblewrap/issues/107", + "refsource": "CONFIRM", + "url": "https://github.com/projectatomic/bubblewrap/issues/107" + }, + { + "name": "[oss-security] 20161012 bubblewrap LPE", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/12/5" + }, + { + "name": "93542", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93542" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9527.json b/2016/9xxx/CVE-2016-9527.json index b3d2163d1ab..0ad7ddefe2d 100644 --- a/2016/9xxx/CVE-2016-9527.json +++ b/2016/9xxx/CVE-2016-9527.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9527", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-9527", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9590.json b/2016/9xxx/CVE-2016-9590.json index ed06714ad7f..4c1b238c0ad 100644 --- a/2016/9xxx/CVE-2016-9590.json +++ b/2016/9xxx/CVE-2016-9590.json @@ -1,95 +1,95 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "lpardo@redhat.com", - "ID" : "CVE-2016-9590", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "puppet-swift", - "version" : { - "version_data" : [ - { - "version_value" : "puppet-swift 8.2.1" - }, - { - "version_value" : " puppet-swift 9.4.4" - } - ] - } - } - ] - }, - "vendor_name" : "" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage (swift). During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "6.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-200" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-9590", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "puppet-swift", + "version": { + "version_data": [ + { + "version_value": "puppet-swift 8.2.1" + }, + { + "version_value": " puppet-swift 9.4.4" + } + ] + } + } + ] + }, + "vendor_name": "" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9590", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9590" - }, - { - "name" : "RHSA-2017:0200", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0200.html" - }, - { - "name" : "RHSA-2017:0359", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0359.html" - }, - { - "name" : "RHSA-2017:0361", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0361.html" - }, - { - "name" : "95448", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95448" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage (swift). During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "6.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:0359", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0359.html" + }, + { + "name": "95448", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95448" + }, + { + "name": "RHSA-2017:0361", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0361.html" + }, + { + "name": "RHSA-2017:0200", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0200.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9590", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9590" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9773.json b/2016/9xxx/CVE-2016-9773.json index 0722518c8c4..8de8cc25a2c 100644 --- a/2016/9xxx/CVE-2016-9773.json +++ b/2016/9xxx/CVE-2016-9773.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9773", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9556." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-9773", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161201 imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h) (Incomplete fix for CVE-2016-9556)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/12/01/4" - }, - { - "name" : "[oss-security] 20161202 Re: Re: imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h) (Incomplete fix for CVE-2016-9556)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/12/02/12" - }, - { - "name" : "[oss-security] 20161202 Re: imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h) (Incomplete fix for CVE-2016-9556)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/12/02/11" - }, - { - "name" : "https://blogs.gentoo.org/ago/2016/12/01/imagemagick-heap-based-buffer-overflow-in-ispixelgray-pixel-accessor-h-incomplete-fix-for-cve-2016-9556/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2016/12/01/imagemagick-heap-based-buffer-overflow-in-ispixelgray-pixel-accessor-h-incomplete-fix-for-cve-2016-9556/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9556." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2016/12/01/imagemagick-heap-based-buffer-overflow-in-ispixelgray-pixel-accessor-h-incomplete-fix-for-cve-2016-9556/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2016/12/01/imagemagick-heap-based-buffer-overflow-in-ispixelgray-pixel-accessor-h-incomplete-fix-for-cve-2016-9556/" + }, + { + "name": "[oss-security] 20161202 Re: Re: imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h) (Incomplete fix for CVE-2016-9556)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/12/02/12" + }, + { + "name": "[oss-security] 20161201 imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h) (Incomplete fix for CVE-2016-9556)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/12/01/4" + }, + { + "name": "[oss-security] 20161202 Re: imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h) (Incomplete fix for CVE-2016-9556)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/12/02/11" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9794.json b/2016/9xxx/CVE-2016-9794.json index 76aaa889ffb..a7ff0a442ae 100644 --- a/2016/9xxx/CVE-2016-9794.json +++ b/2016/9xxx/CVE-2016-9794.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9794", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9794", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161203 CVE request: -- Linux kernel: ALSA: use-after-free in,kill_fasync", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/12/03/2" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3aa02cb664c5fb1042958c8d1aa8c35055a2ebc4", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3aa02cb664c5fb1042958c8d1aa8c35055a2ebc4" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1401494", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1401494" - }, - { - "name" : "https://github.com/torvalds/linux/commit/3aa02cb664c5fb1042958c8d1aa8c35055a2ebc4", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/3aa02cb664c5fb1042958c8d1aa8c35055a2ebc4" - }, - { - "name" : "https://patchwork.kernel.org/patch/8752621/", - "refsource" : "CONFIRM", - "url" : "https://patchwork.kernel.org/patch/8752621/" - }, - { - "name" : "https://source.android.com/security/bulletin/2017-05-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-05-01" - }, - { - "name" : "RHSA-2016:2574", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2574.html" - }, - { - "name" : "SUSE-SU-2016:3146", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00062.html" - }, - { - "name" : "SUSE-SU-2016:3188", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00072.html" - }, - { - "name" : "SUSE-SU-2016:3203", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00075.html" - }, - { - "name" : "SUSE-SU-2016:3217", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00081.html" - }, - { - "name" : "SUSE-SU-2016:3248", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00088.html" - }, - { - "name" : "SUSE-SU-2016:3252", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00091.html" - }, - { - "name" : "openSUSE-SU-2016:3118", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00057.html" - }, - { - "name" : "94654", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94654" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1401494", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1401494" + }, + { + "name": "openSUSE-SU-2016:3118", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00057.html" + }, + { + "name": "SUSE-SU-2016:3248", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00088.html" + }, + { + "name": "https://patchwork.kernel.org/patch/8752621/", + "refsource": "CONFIRM", + "url": "https://patchwork.kernel.org/patch/8752621/" + }, + { + "name": "https://source.android.com/security/bulletin/2017-05-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-05-01" + }, + { + "name": "SUSE-SU-2016:3188", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00072.html" + }, + { + "name": "RHSA-2016:2574", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html" + }, + { + "name": "SUSE-SU-2016:3146", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00062.html" + }, + { + "name": "SUSE-SU-2016:3203", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00075.html" + }, + { + "name": "SUSE-SU-2016:3217", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00081.html" + }, + { + "name": "[oss-security] 20161203 CVE request: -- Linux kernel: ALSA: use-after-free in,kill_fasync", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/12/03/2" + }, + { + "name": "https://github.com/torvalds/linux/commit/3aa02cb664c5fb1042958c8d1aa8c35055a2ebc4", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/3aa02cb664c5fb1042958c8d1aa8c35055a2ebc4" + }, + { + "name": "94654", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94654" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3aa02cb664c5fb1042958c8d1aa8c35055a2ebc4", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3aa02cb664c5fb1042958c8d1aa8c35055a2ebc4" + }, + { + "name": "SUSE-SU-2016:3252", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00091.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2323.json b/2019/2xxx/CVE-2019-2323.json index fe65be3d4d9..8226aa06956 100644 --- a/2019/2xxx/CVE-2019-2323.json +++ b/2019/2xxx/CVE-2019-2323.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2323", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2323", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2412.json b/2019/2xxx/CVE-2019-2412.json index 05b83511943..8bd7b0fd124 100644 --- a/2019/2xxx/CVE-2019-2412.json +++ b/2019/2xxx/CVE-2019-2412.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2412", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Sun ZFS Storage Appliance Kit (AK) Software", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "8.8.2" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Object Store). The supported version that is affected is prior to 8.8.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Sun ZFS Storage Appliance Kit (AK) executes to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 6.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Sun ZFS Storage Appliance Kit (AK) executes to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK)." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2412", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sun ZFS Storage Appliance Kit (AK) Software", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.8.2" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "106595", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106595" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Object Store). The supported version that is affected is prior to 8.8.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Sun ZFS Storage Appliance Kit (AK) executes to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 6.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Sun ZFS Storage Appliance Kit (AK) executes to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK)." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106595", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106595" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2526.json b/2019/2xxx/CVE-2019-2526.json index a5f6cc9e426..0d6a28e80a2 100644 --- a/2019/2xxx/CVE-2019-2526.json +++ b/2019/2xxx/CVE-2019-2526.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2526", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "VM VirtualBox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "5.2.24" - }, - { - "version_affected" : "<", - "version_value" : "6.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2526", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.2.24" + }, + { + "version_affected": "<", + "version_value": "6.0.2" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "106568", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106568" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "106568", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106568" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2606.json b/2019/2xxx/CVE-2019-2606.json index 63c05ffd422..b96963de5c3 100644 --- a/2019/2xxx/CVE-2019-2606.json +++ b/2019/2xxx/CVE-2019-2606.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2606", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2606", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6718.json b/2019/6xxx/CVE-2019-6718.json index c6e56e02c19..3b98f7a5133 100644 --- a/2019/6xxx/CVE-2019-6718.json +++ b/2019/6xxx/CVE-2019-6718.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6718", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6718", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6905.json b/2019/6xxx/CVE-2019-6905.json index 866ec9d9737..e3bf861d292 100644 --- a/2019/6xxx/CVE-2019-6905.json +++ b/2019/6xxx/CVE-2019-6905.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6905", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6905", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file