From 0a4f6b90cd2c0dde2a80ccb13b6c7f2607fb1bba Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:11:25 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/1xxx/CVE-2006-1024.json | 160 ++++----- 2006/1xxx/CVE-2006-1056.json | 610 +++++++++++++++++------------------ 2006/1xxx/CVE-2006-1616.json | 130 ++++---- 2006/1xxx/CVE-2006-1974.json | 130 ++++---- 2006/5xxx/CVE-2006-5191.json | 180 +++++------ 2006/5xxx/CVE-2006-5454.json | 240 +++++++------- 2007/2xxx/CVE-2007-2053.json | 190 +++++------ 2007/2xxx/CVE-2007-2294.json | 230 ++++++------- 2007/6xxx/CVE-2007-6396.json | 150 ++++----- 2007/6xxx/CVE-2007-6495.json | 190 +++++------ 2007/6xxx/CVE-2007-6693.json | 160 ++++----- 2010/0xxx/CVE-2010-0134.json | 150 ++++----- 2010/0xxx/CVE-2010-0304.json | 290 ++++++++--------- 2010/0xxx/CVE-2010-0352.json | 34 +- 2010/0xxx/CVE-2010-0729.json | 170 +++++----- 2010/0xxx/CVE-2010-0976.json | 140 ++++---- 2010/0xxx/CVE-2010-0988.json | 190 +++++------ 2010/1xxx/CVE-2010-1011.json | 130 ++++---- 2010/1xxx/CVE-2010-1169.json | 500 ++++++++++++++-------------- 2010/1xxx/CVE-2010-1320.json | 260 +++++++-------- 2010/1xxx/CVE-2010-1324.json | 390 +++++++++++----------- 2010/1xxx/CVE-2010-1472.json | 150 ++++----- 2010/1xxx/CVE-2010-1643.json | 230 ++++++------- 2010/4xxx/CVE-2010-4494.json | 370 ++++++++++----------- 2010/4xxx/CVE-2010-4520.json | 140 ++++---- 2010/4xxx/CVE-2010-4723.json | 120 +++---- 2014/0xxx/CVE-2014-0070.json | 34 +- 2014/0xxx/CVE-2014-0218.json | 150 ++++----- 2014/0xxx/CVE-2014-0707.json | 120 +++---- 2014/0xxx/CVE-2014-0801.json | 34 +- 2014/0xxx/CVE-2014-0839.json | 130 ++++---- 2014/1xxx/CVE-2014-1314.json | 120 +++---- 2014/1xxx/CVE-2014-1652.json | 160 ++++----- 2014/1xxx/CVE-2014-1659.json | 34 +- 2014/1xxx/CVE-2014-1694.json | 230 ++++++------- 2014/1xxx/CVE-2014-1979.json | 130 ++++---- 2014/4xxx/CVE-2014-4295.json | 130 ++++---- 2014/4xxx/CVE-2014-4725.json | 170 +++++----- 2014/4xxx/CVE-2014-4859.json | 34 +- 2014/9xxx/CVE-2014-9099.json | 130 ++++---- 2014/9xxx/CVE-2014-9227.json | 140 ++++---- 2014/9xxx/CVE-2014-9395.json | 120 +++---- 2014/9xxx/CVE-2014-9578.json | 140 ++++---- 2014/9xxx/CVE-2014-9969.json | 122 +++---- 2016/3xxx/CVE-2016-3316.json | 150 ++++----- 2016/3xxx/CVE-2016-3372.json | 140 ++++---- 2016/3xxx/CVE-2016-3462.json | 130 ++++---- 2016/3xxx/CVE-2016-3808.json | 120 +++---- 2016/7xxx/CVE-2016-7142.json | 160 ++++----- 2016/7xxx/CVE-2016-7325.json | 34 +- 2016/8xxx/CVE-2016-8017.json | 150 ++++----- 2016/8xxx/CVE-2016-8269.json | 34 +- 2016/8xxx/CVE-2016-8599.json | 34 +- 2016/8xxx/CVE-2016-8857.json | 34 +- 2016/9xxx/CVE-2016-9165.json | 140 ++++---- 2016/9xxx/CVE-2016-9652.json | 34 +- 2016/9xxx/CVE-2016-9912.json | 140 ++++---- 2019/2xxx/CVE-2019-2444.json | 140 ++++---- 58 files changed, 4601 insertions(+), 4601 deletions(-) diff --git a/2006/1xxx/CVE-2006-1024.json b/2006/1xxx/CVE-2006-1024.json index 3caac7c5509..5cdd88894f6 100644 --- a/2006/1xxx/CVE-2006-1024.json +++ b/2006/1xxx/CVE-2006-1024.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1024", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in MgrLogin.asp in Addsoft StoreBot 2005 Professional allows remote attackers to execute arbitrary SQL commands via the Pwd parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1024", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "16897", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16897" - }, - { - "name" : "ADV-2006-0784", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0784" - }, - { - "name" : "23575", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23575" - }, - { - "name" : "19019", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19019" - }, - { - "name" : "storebot-mgrlogin-sql-injection(24987)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24987" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in MgrLogin.asp in Addsoft StoreBot 2005 Professional allows remote attackers to execute arbitrary SQL commands via the Pwd parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16897", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16897" + }, + { + "name": "23575", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23575" + }, + { + "name": "ADV-2006-0784", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0784" + }, + { + "name": "storebot-mgrlogin-sql-injection(24987)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24987" + }, + { + "name": "19019", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19019" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1056.json b/2006/1xxx/CVE-2006-1056.json index 5ba8717cf29..26cb77f31af 100644 --- a/2006/1xxx/CVE-2006-1056.json +++ b/2006/1xxx/CVE-2006-1056.json @@ -1,307 +1,307 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1056", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one process to determine portions of the state of floating point instructions of other processes, which can be leveraged to obtain sensitive information such as cryptographic keys. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-1056", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060419 FreeBSD Security Advisory FreeBSD-SA-06:14.fpu", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431341" - }, - { - "name" : "20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451404/100/0/threaded" - }, - { - "name" : "20061113 VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451419/100/200/threaded" - }, - { - "name" : "20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451417/100/200/threaded" - }, - { - "name" : "20061113 VMSA-2006-0009 - VMware ESX Server 3.0.0 AMD fxsave/restore issue", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451421/100/0/threaded" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-180.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-180.htm" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm" - }, - { - "name" : "http://kb.vmware.com/kb/2533126", - "refsource" : "CONFIRM", - "url" : "http://kb.vmware.com/kb/2533126" - }, - { - "name" : "http://www.vmware.com/download/esx/esx-213-200610-patch.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/download/esx/esx-213-200610-patch.html" - }, - { - "name" : "http://www.vmware.com/download/esx/esx-254-200610-patch.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/download/esx/esx-254-200610-patch.html" - }, - { - "name" : "DSA-1097", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1097" - }, - { - "name" : "DSA-1103", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1103" - }, - { - "name" : "FEDORA-2006-423", - "refsource" : "FEDORA", - "url" : "http://lwn.net/Alerts/180820/" - }, - { - "name" : "FreeBSD-SA-06:14", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:14.fpu.asc" - }, - { - "name" : "http://security.freebsd.org/advisories/FreeBSD-SA-06:14-amd.txt", - "refsource" : "MISC", - "url" : "http://security.freebsd.org/advisories/FreeBSD-SA-06:14-amd.txt" - }, - { - "name" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.9", - "refsource" : "CONFIRM", - "url" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.9" - }, - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187910", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187910" - }, - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187911", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187911" - }, - { - "name" : "[linux-kernel] 20060419 RE: Linux 2.6.16.9", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=linux-kernel&m=114548768214478&w=2" - }, - { - "name" : "RHSA-2006:0579", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0579.html" - }, - { - "name" : "RHSA-2006:0437", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0437.html" - }, - { - "name" : "RHSA-2006:0575", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0575.html" - }, - { - "name" : "SUSE-SA:2006:028", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006-05-31.html" - }, - { - "name" : "SUSE-SU-2014:0446", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" - }, - { - "name" : "USN-302-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-302-1" - }, - { - "name" : "17600", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17600" - }, - { - "name" : "oval:org.mitre.oval:def:9995", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9995" - }, - { - "name" : "ADV-2006-1426", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1426" - }, - { - "name" : "ADV-2006-2554", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2554" - }, - { - "name" : "ADV-2006-4353", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4353" - }, - { - "name" : "ADV-2006-4502", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4502" - }, - { - "name" : "ADV-2006-1475", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1475" - }, - { - "name" : "24807", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24807" - }, - { - "name" : "24746", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24746" - }, - { - "name" : "1015966", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015966" - }, - { - "name" : "19724", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19724" - }, - { - "name" : "19715", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19715" - }, - { - "name" : "20671", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20671" - }, - { - "name" : "20716", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20716" - }, - { - "name" : "20914", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20914" - }, - { - "name" : "21035", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21035" - }, - { - "name" : "21136", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21136" - }, - { - "name" : "21465", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21465" - }, - { - "name" : "20398", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20398" - }, - { - "name" : "21983", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21983" - }, - { - "name" : "22417", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22417" - }, - { - "name" : "22875", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22875" - }, - { - "name" : "22876", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22876" - }, - { - "name" : "19735", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19735" - }, - { - "name" : "amd-fpu-information-disclosure(25871)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25871" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one process to determine portions of the state of floating point instructions of other processes, which can be leveraged to obtain sensitive information such as cryptographic keys. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:9995", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9995" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187911", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187911" + }, + { + "name": "RHSA-2006:0437", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0437.html" + }, + { + "name": "22876", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22876" + }, + { + "name": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.9", + "refsource": "CONFIRM", + "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.9" + }, + { + "name": "19735", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19735" + }, + { + "name": "ADV-2006-4502", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4502" + }, + { + "name": "ADV-2006-2554", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2554" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187910", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187910" + }, + { + "name": "RHSA-2006:0579", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0579.html" + }, + { + "name": "20716", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20716" + }, + { + "name": "22875", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22875" + }, + { + "name": "FEDORA-2006-423", + "refsource": "FEDORA", + "url": "http://lwn.net/Alerts/180820/" + }, + { + "name": "21136", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21136" + }, + { + "name": "USN-302-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-302-1" + }, + { + "name": "http://kb.vmware.com/kb/2533126", + "refsource": "CONFIRM", + "url": "http://kb.vmware.com/kb/2533126" + }, + { + "name": "24746", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24746" + }, + { + "name": "24807", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24807" + }, + { + "name": "21983", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21983" + }, + { + "name": "ADV-2006-4353", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4353" + }, + { + "name": "21035", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21035" + }, + { + "name": "http://www.vmware.com/download/esx/esx-213-200610-patch.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/download/esx/esx-213-200610-patch.html" + }, + { + "name": "DSA-1097", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1097" + }, + { + "name": "RHSA-2006:0575", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0575.html" + }, + { + "name": "SUSE-SA:2006:028", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006-05-31.html" + }, + { + "name": "20061113 VMSA-2006-0009 - VMware ESX Server 3.0.0 AMD fxsave/restore issue", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451421/100/0/threaded" + }, + { + "name": "ADV-2006-1426", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1426" + }, + { + "name": "19715", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19715" + }, + { + "name": "1015966", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015966" + }, + { + "name": "20060419 FreeBSD Security Advisory FreeBSD-SA-06:14.fpu", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431341" + }, + { + "name": "17600", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17600" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-180.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-180.htm" + }, + { + "name": "DSA-1103", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1103" + }, + { + "name": "http://www.vmware.com/download/esx/esx-254-200610-patch.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/download/esx/esx-254-200610-patch.html" + }, + { + "name": "FreeBSD-SA-06:14", + "refsource": "FREEBSD", + "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:14.fpu.asc" + }, + { + "name": "21465", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21465" + }, + { + "name": "SUSE-SU-2014:0446", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" + }, + { + "name": "[linux-kernel] 20060419 RE: Linux 2.6.16.9", + "refsource": "MLIST", + "url": "http://marc.info/?l=linux-kernel&m=114548768214478&w=2" + }, + { + "name": "ADV-2006-1475", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1475" + }, + { + "name": "20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451404/100/0/threaded" + }, + { + "name": "amd-fpu-information-disclosure(25871)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25871" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm" + }, + { + "name": "20398", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20398" + }, + { + "name": "20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451417/100/200/threaded" + }, + { + "name": "http://security.freebsd.org/advisories/FreeBSD-SA-06:14-amd.txt", + "refsource": "MISC", + "url": "http://security.freebsd.org/advisories/FreeBSD-SA-06:14-amd.txt" + }, + { + "name": "22417", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22417" + }, + { + "name": "19724", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19724" + }, + { + "name": "20671", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20671" + }, + { + "name": "20061113 VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451419/100/200/threaded" + }, + { + "name": "20914", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20914" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1616.json b/2006/1xxx/CVE-2006-1616.json index 1c82f25a44e..1b96ca13a94 100644 --- a/2006/1xxx/CVE-2006-1616.json +++ b/2006/1xxx/CVE-2006-1616.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1616", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Advanced Poll 2.02 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to comments.php or (2) poll_id parameter to page.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1616", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ns79.hosteur.com/~secuti/advancedpoll.txt", - "refsource" : "MISC", - "url" : "http://ns79.hosteur.com/~secuti/advancedpoll.txt" - }, - { - "name" : "advancedpoll-comments-page-sql-injection(25676)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25676" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Advanced Poll 2.02 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to comments.php or (2) poll_id parameter to page.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ns79.hosteur.com/~secuti/advancedpoll.txt", + "refsource": "MISC", + "url": "http://ns79.hosteur.com/~secuti/advancedpoll.txt" + }, + { + "name": "advancedpoll-comments-page-sql-injection(25676)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25676" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1974.json b/2006/1xxx/CVE-2006-1974.json index cc21733f6b2..73ebdcf5971 100644 --- a/2006/1xxx/CVE-2006-1974.json +++ b/2006/1xxx/CVE-2006-1974.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1974", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) before 1.04 allows remote attackers to execute arbitrary SQL commands via the referrer parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1974", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securityfocus.com/bid/16443/exploit", - "refsource" : "MISC", - "url" : "http://www.securityfocus.com/bid/16443/exploit" - }, - { - "name" : "16443", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16443" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) before 1.04 allows remote attackers to execute arbitrary SQL commands via the referrer parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.securityfocus.com/bid/16443/exploit", + "refsource": "MISC", + "url": "http://www.securityfocus.com/bid/16443/exploit" + }, + { + "name": "16443", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16443" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5191.json b/2006/5xxx/CVE-2006-5191.json index 728ac7fd397..cbca7bddb2d 100644 --- a/2006/5xxx/CVE-2006-5191.json +++ b/2006/5xxx/CVE-2006-5191.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5191", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in includes/functions_static_topics.php in the Nivisec Static Topics module for phpBB 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5191", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2477", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2477/" - }, - { - "name" : "http://www.nivisec.com/article.php?l=vi&ar=20", - "refsource" : "CONFIRM", - "url" : "http://www.nivisec.com/article.php?l=vi&ar=20" - }, - { - "name" : "20353", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20353" - }, - { - "name" : "ADV-2006-3916", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3916" - }, - { - "name" : "29506", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29506" - }, - { - "name" : "22269", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22269" - }, - { - "name" : "phpbb-functionsstatictopics-file-include(29347)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29347" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in includes/functions_static_topics.php in the Nivisec Static Topics module for phpBB 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29506", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29506" + }, + { + "name": "2477", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2477/" + }, + { + "name": "http://www.nivisec.com/article.php?l=vi&ar=20", + "refsource": "CONFIRM", + "url": "http://www.nivisec.com/article.php?l=vi&ar=20" + }, + { + "name": "20353", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20353" + }, + { + "name": "ADV-2006-3916", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3916" + }, + { + "name": "22269", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22269" + }, + { + "name": "phpbb-functionsstatictopics-file-include(29347)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29347" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5454.json b/2006/5xxx/CVE-2006-5454.json index e78a81bb1f4..76e4ba65ef7 100644 --- a/2006/5xxx/CVE-2006-5454.json +++ b/2006/5xxx/CVE-2006-5454.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5454", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote attackers to obtain (1) the description of arbitrary attachments by viewing the attachment in \"diff\" mode in attachment.cgi, and (2) the deadline field by viewing the XML format of the bug in show_bug.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5454", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061015 Security Advisory for Bugzilla 2.18.5, 2.20.2, 2.22, and 2.23.2", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/448777/100/100/threaded" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=346086", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=346086" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=346564", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=346564" - }, - { - "name" : "http://www.bugzilla.org/security/2.18.5/", - "refsource" : "CONFIRM", - "url" : "http://www.bugzilla.org/security/2.18.5/" - }, - { - "name" : "GLSA-200611-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200611-04.xml" - }, - { - "name" : "20538", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20538" - }, - { - "name" : "ADV-2006-4035", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4035" - }, - { - "name" : "29546", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29546" - }, - { - "name" : "29547", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29547" - }, - { - "name" : "1017064", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017064" - }, - { - "name" : "22790", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22790" - }, - { - "name" : "22409", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22409" - }, - { - "name" : "1760", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1760" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote attackers to obtain (1) the description of arbitrary attachments by viewing the attachment in \"diff\" mode in attachment.cgi, and (2) the deadline field by viewing the XML format of the bug in show_bug.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22409", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22409" + }, + { + "name": "1760", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1760" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=346564", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=346564" + }, + { + "name": "1017064", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017064" + }, + { + "name": "ADV-2006-4035", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4035" + }, + { + "name": "29546", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29546" + }, + { + "name": "20538", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20538" + }, + { + "name": "http://www.bugzilla.org/security/2.18.5/", + "refsource": "CONFIRM", + "url": "http://www.bugzilla.org/security/2.18.5/" + }, + { + "name": "22790", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22790" + }, + { + "name": "29547", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29547" + }, + { + "name": "GLSA-200611-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200611-04.xml" + }, + { + "name": "20061015 Security Advisory for Bugzilla 2.18.5, 2.20.2, 2.22, and 2.23.2", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/448777/100/100/threaded" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=346086", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=346086" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2053.json b/2007/2xxx/CVE-2007-2053.json index 46f1821b162..65d706eacdd 100644 --- a/2007/2xxx/CVE-2007-2053.json +++ b/2007/2xxx/CVE-2007-2053.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2053", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2053", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070427 AFFLIB(TM): Multiple Buffer Overflows", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/467038/100/0/threaded" - }, - { - "name" : "http://www.vsecurity.com/bulletins/advisories/2007/afflib-overflows.txt", - "refsource" : "MISC", - "url" : "http://www.vsecurity.com/bulletins/advisories/2007/afflib-overflows.txt" - }, - { - "name" : "23695", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23695" - }, - { - "name" : "35613", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35613" - }, - { - "name" : "35614", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35614" - }, - { - "name" : "35615", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35615" - }, - { - "name" : "2655", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2655" - }, - { - "name" : "afflib-multiple-bo(33961)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33961" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2655", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2655" + }, + { + "name": "35613", + "refsource": "OSVDB", + "url": "http://osvdb.org/35613" + }, + { + "name": "http://www.vsecurity.com/bulletins/advisories/2007/afflib-overflows.txt", + "refsource": "MISC", + "url": "http://www.vsecurity.com/bulletins/advisories/2007/afflib-overflows.txt" + }, + { + "name": "35614", + "refsource": "OSVDB", + "url": "http://osvdb.org/35614" + }, + { + "name": "35615", + "refsource": "OSVDB", + "url": "http://osvdb.org/35615" + }, + { + "name": "afflib-multiple-bo(33961)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33961" + }, + { + "name": "20070427 AFFLIB(TM): Multiple Buffer Overflows", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/467038/100/0/threaded" + }, + { + "name": "23695", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23695" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2294.json b/2007/2xxx/CVE-2007-2294.json index d25408b59b4..37a774f6d65 100644 --- a/2007/2xxx/CVE-2007-2294.json +++ b/2007/2xxx/CVE-2007-2294.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2294", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (crash) by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2294", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070425 ASA-2007-012: Remote Crash Vulnerability in Manager Interface", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/466911/100/0/threaded" - }, - { - "name" : "http://www.asterisk.org/files/ASA-2007-012.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.asterisk.org/files/ASA-2007-012.pdf" - }, - { - "name" : "DSA-1358", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1358" - }, - { - "name" : "SUSE-SA:2007:034", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html" - }, - { - "name" : "23649", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23649" - }, - { - "name" : "ADV-2007-1534", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1534" - }, - { - "name" : "35369", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/35369" - }, - { - "name" : "1017955", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017955" - }, - { - "name" : "24977", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24977" - }, - { - "name" : "25582", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25582" - }, - { - "name" : "2646", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2646" - }, - { - "name" : "asterisk-interface-dos(33886)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33886" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (crash) by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-1534", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1534" + }, + { + "name": "1017955", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017955" + }, + { + "name": "SUSE-SA:2007:034", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_34_asterisk.html" + }, + { + "name": "35369", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/35369" + }, + { + "name": "2646", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2646" + }, + { + "name": "25582", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25582" + }, + { + "name": "asterisk-interface-dos(33886)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33886" + }, + { + "name": "24977", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24977" + }, + { + "name": "23649", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23649" + }, + { + "name": "DSA-1358", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1358" + }, + { + "name": "20070425 ASA-2007-012: Remote Crash Vulnerability in Manager Interface", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/466911/100/0/threaded" + }, + { + "name": "http://www.asterisk.org/files/ASA-2007-012.pdf", + "refsource": "CONFIRM", + "url": "http://www.asterisk.org/files/ASA-2007-012.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6396.json b/2007/6xxx/CVE-2007-6396.json index 8248aa51c20..48a55884af2 100644 --- a/2007/6xxx/CVE-2007-6396.json +++ b/2007/6xxx/CVE-2007-6396.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6396", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Direct static code injection vulnerability in index.php in Flat PHP Board 1.2 and earlier allows remote attackers to inject arbitrary PHP code via the (1) username, (2) password, and (3) email parameters when registering a user account, which can be executed by accessing the user's php file for this account. NOTE: similar code injection might be possible in a user profile." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6396", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071209 Flat PHP Board <= 1.2 Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/484803/100/100/threaded" - }, - { - "name" : "4705", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4705" - }, - { - "name" : "26782", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26782" - }, - { - "name" : "43675", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/43675" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Direct static code injection vulnerability in index.php in Flat PHP Board 1.2 and earlier allows remote attackers to inject arbitrary PHP code via the (1) username, (2) password, and (3) email parameters when registering a user account, which can be executed by accessing the user's php file for this account. NOTE: similar code injection might be possible in a user profile." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20071209 Flat PHP Board <= 1.2 Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/484803/100/100/threaded" + }, + { + "name": "43675", + "refsource": "OSVDB", + "url": "http://osvdb.org/43675" + }, + { + "name": "4705", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4705" + }, + { + "name": "26782", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26782" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6495.json b/2007/6xxx/CVE-2007-6495.json index c30bddfc272..85ca47d4f35 100644 --- a/2007/6xxx/CVE-2007-6495.json +++ b/2007/6xxx/CVE-2007-6495.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6495", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "inc_newuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the permissions of directories named (1) db, (2) www, (3) Special, and (4) log at arbitrary locations under the web root via a modified Dirroot parameter in an AddUser action to accounts/AccountActions.asp. NOTE: this can be leveraged for remote code execution by changing the permissions of \\Forum\\db, which is configured for execution of ASP scripts with administrative privileges, and then uploading a script to \\Forum\\db." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6495", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071213 Hosting Controller - Multiple Security Bugs (Extremely Critical)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485028/100/0/threaded" - }, - { - "name" : "4730", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4730" - }, - { - "name" : "http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html", - "refsource" : "CONFIRM", - "url" : "http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html" - }, - { - "name" : "26862", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26862" - }, - { - "name" : "44184", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/44184" - }, - { - "name" : "1019222", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1019222" - }, - { - "name" : "28973", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28973" - }, - { - "name" : "3474", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3474" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "inc_newuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the permissions of directories named (1) db, (2) www, (3) Special, and (4) log at arbitrary locations under the web root via a modified Dirroot parameter in an AddUser action to accounts/AccountActions.asp. NOTE: this can be leveraged for remote code execution by changing the permissions of \\Forum\\db, which is configured for execution of ASP scripts with administrative privileges, and then uploading a script to \\Forum\\db." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44184", + "refsource": "OSVDB", + "url": "http://osvdb.org/44184" + }, + { + "name": "28973", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28973" + }, + { + "name": "20071213 Hosting Controller - Multiple Security Bugs (Extremely Critical)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485028/100/0/threaded" + }, + { + "name": "http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html", + "refsource": "CONFIRM", + "url": "http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html" + }, + { + "name": "3474", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3474" + }, + { + "name": "4730", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4730" + }, + { + "name": "26862", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26862" + }, + { + "name": "1019222", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1019222" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6693.json b/2007/6xxx/CVE-2007-6693.json index 60fc276b24e..c593de74d8d 100644 --- a/2007/6xxx/CVE-2007-6693.json +++ b/2007/6xxx/CVE-2007-6693.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6693", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the WebCam module in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to a \"proxied request.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6693", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://gallery.menalto.com/gallery_2.2.4_released", - "refsource" : "CONFIRM", - "url" : "http://gallery.menalto.com/gallery_2.2.4_released" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=203217", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=203217" - }, - { - "name" : "GLSA-200802-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200802-04.xml" - }, - { - "name" : "41659", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41659" - }, - { - "name" : "28898", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28898" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the WebCam module in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to a \"proxied request.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://gallery.menalto.com/gallery_2.2.4_released", + "refsource": "CONFIRM", + "url": "http://gallery.menalto.com/gallery_2.2.4_released" + }, + { + "name": "GLSA-200802-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200802-04.xml" + }, + { + "name": "28898", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28898" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=203217", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=203217" + }, + { + "name": "41659", + "refsource": "OSVDB", + "url": "http://osvdb.org/41659" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0134.json b/2010/0xxx/CVE-2010-0134.json index dca4271c9a1..85d52de24ec 100644 --- a/2010/0xxx/CVE-2010-0134.json +++ b/2010/0xxx/CVE-2010-0134.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0134", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in rtfsr.dll in Autonomy KeyView 10.4 and 10.9, as used in multiple IBM, Symantec, and other products, allows remote attackers to execute arbitrary code via a crafted \\ls keyword in a list override table entry in an RTF file, which triggers a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2010-0134", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2010-27/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2010-27/" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21440812", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21440812" - }, - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01" - }, - { - "name" : "41928", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41928" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in rtfsr.dll in Autonomy KeyView 10.4 and 10.9, as used in multiple IBM, Symantec, and other products, allows remote attackers to execute arbitrary code via a crafted \\ls keyword in a list override table entry in an RTF file, which triggers a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01" + }, + { + "name": "41928", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41928" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21440812", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21440812" + }, + { + "name": "http://secunia.com/secunia_research/2010-27/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2010-27/" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0304.json b/2010/0xxx/CVE-2010-0304.json index 03249d3e1f9..56579217d18 100644 --- a/2010/0xxx/CVE-2010-0304.json +++ b/2010/0xxx/CVE-2010-0304.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0304", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the dissect_getaddrsbyname_request function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-0304", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100129 Re: CVE id request: Wireshark", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/01/29/4" - }, - { - "name" : "http://anonsvn.wireshark.org/viewvc/trunk-1.2/epan/dissectors/packet-lwres.c?view=diff&r1=31596&r2=28492&diff_format=h", - "refsource" : "MISC", - "url" : "http://anonsvn.wireshark.org/viewvc/trunk-1.2/epan/dissectors/packet-lwres.c?view=diff&r1=31596&r2=28492&diff_format=h" - }, - { - "name" : "http://www.metasploit.com/modules/exploit/multi/misc/wireshark_lwres_getaddrbyname", - "refsource" : "MISC", - "url" : "http://www.metasploit.com/modules/exploit/multi/misc/wireshark_lwres_getaddrbyname" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2010-02.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2010-02.html" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2010-01.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2010-01.html" - }, - { - "name" : "DSA-1983", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-1983" - }, - { - "name" : "FEDORA-2010-3556", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036415.html" - }, - { - "name" : "MDVSA-2010:031", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:031" - }, - { - "name" : "37985", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37985" - }, - { - "name" : "61987", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/61987" - }, - { - "name" : "oval:org.mitre.oval:def:8490", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8490" - }, - { - "name" : "oval:org.mitre.oval:def:9933", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9933" - }, - { - "name" : "1023516", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023516" - }, - { - "name" : "38257", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38257" - }, - { - "name" : "38348", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38348" - }, - { - "name" : "38829", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38829" - }, - { - "name" : "ADV-2010-0239", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0239" - }, - { - "name" : "wireshark-lwres-bo(55951)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55951" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the dissect_getaddrsbyname_request function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-1983", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-1983" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2010-02.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2010-02.html" + }, + { + "name": "[oss-security] 20100129 Re: CVE id request: Wireshark", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/01/29/4" + }, + { + "name": "http://www.metasploit.com/modules/exploit/multi/misc/wireshark_lwres_getaddrbyname", + "refsource": "MISC", + "url": "http://www.metasploit.com/modules/exploit/multi/misc/wireshark_lwres_getaddrbyname" + }, + { + "name": "38348", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38348" + }, + { + "name": "38829", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38829" + }, + { + "name": "37985", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37985" + }, + { + "name": "oval:org.mitre.oval:def:9933", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9933" + }, + { + "name": "61987", + "refsource": "OSVDB", + "url": "http://osvdb.org/61987" + }, + { + "name": "38257", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38257" + }, + { + "name": "ADV-2010-0239", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0239" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc/trunk-1.2/epan/dissectors/packet-lwres.c?view=diff&r1=31596&r2=28492&diff_format=h", + "refsource": "MISC", + "url": "http://anonsvn.wireshark.org/viewvc/trunk-1.2/epan/dissectors/packet-lwres.c?view=diff&r1=31596&r2=28492&diff_format=h" + }, + { + "name": "1023516", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023516" + }, + { + "name": "MDVSA-2010:031", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:031" + }, + { + "name": "wireshark-lwres-bo(55951)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55951" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2010-01.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2010-01.html" + }, + { + "name": "oval:org.mitre.oval:def:8490", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8490" + }, + { + "name": "FEDORA-2010-3556", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036415.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0352.json b/2010/0xxx/CVE-2010-0352.json index cd8207d7925..a4937e434eb 100644 --- a/2010/0xxx/CVE-2010-0352.json +++ b/2010/0xxx/CVE-2010-0352.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0352", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0352", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0729.json b/2010/0xxx/CVE-2010-0729.json index cb1be2eca9e..e68b0c474ce 100644 --- a/2010/0xxx/CVE-2010-0729.json +++ b/2010/0xxx/CVE-2010-0729.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0729", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 4 on the ia64 platform allows local users to use ptrace on an arbitrary process, and consequently gain privileges, via vectors related to a missing ptrace_check_attach call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-0729", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100312 CVE-2010-0729 kernel: ia64: ptrace: peek_or_poke requests miss ptrace_check_attach()", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/03/12/2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=572007", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=572007" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100090459", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100090459" - }, - { - "name" : "RHSA-2010:0394", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0394.html" - }, - { - "name" : "38702", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38702" - }, - { - "name" : "oval:org.mitre.oval:def:8687", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8687" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 4 on the ia64 platform allows local users to use ptrace on an arbitrary process, and consequently gain privileges, via vectors related to a missing ptrace_check_attach call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20100312 CVE-2010-0729 kernel: ia64: ptrace: peek_or_poke requests miss ptrace_check_attach()", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/03/12/2" + }, + { + "name": "38702", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38702" + }, + { + "name": "RHSA-2010:0394", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0394.html" + }, + { + "name": "oval:org.mitre.oval:def:8687", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8687" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=572007", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=572007" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100090459", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100090459" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0976.json b/2010/0xxx/CVE-2010-0976.json index d55af13f157..ef44ff68242 100644 --- a/2010/0xxx/CVE-2010-0976.json +++ b/2010/0xxx/CVE-2010-0976.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0976", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Acidcat CMS 3.5.x does not prevent access to install.asp after installation finishes, which might allow remote attackers to restart the installation process and have unspecified other impact via requests to install.asp and other install_*.asp scripts. NOTE: the final installation screen states \"Important: you must now delete all files beginning with 'install' from the root directory.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0976", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1001-exploits/acidcatcms-disclose.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1001-exploits/acidcatcms-disclose.txt" - }, - { - "name" : "10972", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/10972" - }, - { - "name" : "acidcat-install-info-disclosure(55331)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55331" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Acidcat CMS 3.5.x does not prevent access to install.asp after installation finishes, which might allow remote attackers to restart the installation process and have unspecified other impact via requests to install.asp and other install_*.asp scripts. NOTE: the final installation screen states \"Important: you must now delete all files beginning with 'install' from the root directory.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "acidcat-install-info-disclosure(55331)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55331" + }, + { + "name": "http://packetstormsecurity.org/1001-exploits/acidcatcms-disclose.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1001-exploits/acidcatcms-disclose.txt" + }, + { + "name": "10972", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/10972" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0988.json b/2010/0xxx/CVE-2010-0988.json index 103a320f664..1aaa1796c2c 100644 --- a/2010/0xxx/CVE-2010-0988.json +++ b/2010/0xxx/CVE-2010-0988.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0988", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3 allow (1) remote attackers to write to arbitrary files and execute arbitrary PHP code via vectors related to improper handling of login failures by includes/login.php; and allow remote authenticated users to write to arbitrary files and execute arbitrary PHP code via vectors involving the (2) filename and (3) block parameters to view.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2010-0988", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100324 Secunia Research: Pulse CMS Arbitrary File Writing Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/510299/100/0/threaded" - }, - { - "name" : "20100324 Secunia Research: Pulse CMS login.php Arbitrary File Writing Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/510300/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2010-45/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2010-45/" - }, - { - "name" : "http://secunia.com/secunia_research/2010-51/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2010-51/" - }, - { - "name" : "38956", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38956" - }, - { - "name" : "63166", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/63166" - }, - { - "name" : "63168", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/63168" - }, - { - "name" : "39011", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39011" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3 allow (1) remote attackers to write to arbitrary files and execute arbitrary PHP code via vectors related to improper handling of login failures by includes/login.php; and allow remote authenticated users to write to arbitrary files and execute arbitrary PHP code via vectors involving the (2) filename and (3) block parameters to view.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100324 Secunia Research: Pulse CMS login.php Arbitrary File Writing Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/510300/100/0/threaded" + }, + { + "name": "http://secunia.com/secunia_research/2010-45/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2010-45/" + }, + { + "name": "http://secunia.com/secunia_research/2010-51/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2010-51/" + }, + { + "name": "63168", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/63168" + }, + { + "name": "38956", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38956" + }, + { + "name": "63166", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/63166" + }, + { + "name": "20100324 Secunia Research: Pulse CMS Arbitrary File Writing Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/510299/100/0/threaded" + }, + { + "name": "39011", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39011" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1011.json b/2010/1xxx/CVE-2010-1011.json index eb5a2f0065d..73e66727c2a 100644 --- a/2010/1xxx/CVE-2010-1011.json +++ b/2010/1xxx/CVE-2010-1011.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1011", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the myDashboard (mydashboard) extension 0.1.13 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1011", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/" - }, - { - "name" : "38795", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38795" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the myDashboard (mydashboard) extension 0.1.13 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38795", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38795" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1169.json b/2010/1xxx/CVE-2010-1169.json index c01dc33785d..d74efabf676 100644 --- a/2010/1xxx/CVE-2010-1169.json +++ b/2010/1xxx/CVE-2010-1169.json @@ -1,252 +1,252 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1169", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Perl code via a crafted script, related to the Safe module (aka Safe.pm) for Perl. NOTE: some sources report that this issue is the same as CVE-2010-1447." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-1169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100520 CVE-2010-1974 reject request (dupe of CVE-2010-1168) and CVE-2010-1447 description modification request", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/05/20/5" - }, - { - "name" : "http://www.postgresql.org/about/news.1203", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/about/news.1203" - }, - { - "name" : "http://www.postgresql.org/docs/current/static/release-7-4-29.html", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/docs/current/static/release-7-4-29.html" - }, - { - "name" : "http://www.postgresql.org/docs/current/static/release-8-0-25.html", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/docs/current/static/release-8-0-25.html" - }, - { - "name" : "http://www.postgresql.org/docs/current/static/release-8-1-21.html", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/docs/current/static/release-8-1-21.html" - }, - { - "name" : "http://www.postgresql.org/docs/current/static/release-8-2-17.html", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/docs/current/static/release-8-2-17.html" - }, - { - "name" : "http://www.postgresql.org/docs/current/static/release-8-3-11.html", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/docs/current/static/release-8-3-11.html" - }, - { - "name" : "http://www.postgresql.org/docs/current/static/release-8-4-4.html", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/docs/current/static/release-8-4-4.html" - }, - { - "name" : "http://www.postgresql.org/support/security", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/support/security" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=582615", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=582615" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=588269", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=588269" - }, - { - "name" : "DSA-2051", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2051" - }, - { - "name" : "FEDORA-2010-8696", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041559.html" - }, - { - "name" : "FEDORA-2010-8715", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041579.html" - }, - { - "name" : "FEDORA-2010-8723", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041591.html" - }, - { - "name" : "HPSBMU02781", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134124585221119&w=2" - }, - { - "name" : "SSRT100617", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134124585221119&w=2" - }, - { - "name" : "MDVSA-2010:103", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:103" - }, - { - "name" : "RHSA-2010:0427", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0427.html" - }, - { - "name" : "RHSA-2010:0428", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0428.html" - }, - { - "name" : "RHSA-2010:0429", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0429.html" - }, - { - "name" : "RHSA-2010:0430", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0430.html" - }, - { - "name" : "SUSE-SR:2010:014", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" - }, - { - "name" : "40215", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40215" - }, - { - "name" : "64755", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/64755" - }, - { - "name" : "oval:org.mitre.oval:def:10645", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10645" - }, - { - "name" : "1023988", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023988" - }, - { - "name" : "39845", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39845" - }, - { - "name" : "39820", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39820" - }, - { - "name" : "39898", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39898" - }, - { - "name" : "39939", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39939" - }, - { - "name" : "39815", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39815" - }, - { - "name" : "ADV-2010-1167", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1167" - }, - { - "name" : "ADV-2010-1207", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1207" - }, - { - "name" : "ADV-2010-1197", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1197" - }, - { - "name" : "ADV-2010-1198", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1198" - }, - { - "name" : "ADV-2010-1182", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1182" - }, - { - "name" : "ADV-2010-1221", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1221" - }, - { - "name" : "postgresql-safe-code-execution(58693)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58693" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Perl code via a crafted script, related to the Safe module (aka Safe.pm) for Perl. NOTE: some sources report that this issue is the same as CVE-2010-1447." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.postgresql.org/docs/current/static/release-8-1-21.html", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/docs/current/static/release-8-1-21.html" + }, + { + "name": "FEDORA-2010-8715", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041579.html" + }, + { + "name": "http://www.postgresql.org/about/news.1203", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/about/news.1203" + }, + { + "name": "RHSA-2010:0427", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0427.html" + }, + { + "name": "RHSA-2010:0428", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0428.html" + }, + { + "name": "HPSBMU02781", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134124585221119&w=2" + }, + { + "name": "postgresql-safe-code-execution(58693)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58693" + }, + { + "name": "DSA-2051", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2051" + }, + { + "name": "39898", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39898" + }, + { + "name": "http://www.postgresql.org/docs/current/static/release-7-4-29.html", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/docs/current/static/release-7-4-29.html" + }, + { + "name": "39820", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39820" + }, + { + "name": "ADV-2010-1198", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1198" + }, + { + "name": "http://www.postgresql.org/docs/current/static/release-8-0-25.html", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/docs/current/static/release-8-0-25.html" + }, + { + "name": "ADV-2010-1167", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1167" + }, + { + "name": "ADV-2010-1221", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1221" + }, + { + "name": "39845", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39845" + }, + { + "name": "40215", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40215" + }, + { + "name": "http://www.postgresql.org/docs/current/static/release-8-3-11.html", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/docs/current/static/release-8-3-11.html" + }, + { + "name": "ADV-2010-1207", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1207" + }, + { + "name": "http://www.postgresql.org/docs/current/static/release-8-2-17.html", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/docs/current/static/release-8-2-17.html" + }, + { + "name": "RHSA-2010:0430", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0430.html" + }, + { + "name": "http://www.postgresql.org/support/security", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/support/security" + }, + { + "name": "FEDORA-2010-8696", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041559.html" + }, + { + "name": "FEDORA-2010-8723", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041591.html" + }, + { + "name": "http://www.postgresql.org/docs/current/static/release-8-4-4.html", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/docs/current/static/release-8-4-4.html" + }, + { + "name": "SUSE-SR:2010:014", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" + }, + { + "name": "ADV-2010-1182", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1182" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=582615", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=582615" + }, + { + "name": "39815", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39815" + }, + { + "name": "oval:org.mitre.oval:def:10645", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10645" + }, + { + "name": "RHSA-2010:0429", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0429.html" + }, + { + "name": "MDVSA-2010:103", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:103" + }, + { + "name": "1023988", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023988" + }, + { + "name": "[oss-security] 20100520 CVE-2010-1974 reject request (dupe of CVE-2010-1168) and CVE-2010-1447 description modification request", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/05/20/5" + }, + { + "name": "39939", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39939" + }, + { + "name": "SSRT100617", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134124585221119&w=2" + }, + { + "name": "64755", + "refsource": "OSVDB", + "url": "http://osvdb.org/64755" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=588269", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=588269" + }, + { + "name": "ADV-2010-1197", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1197" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1320.json b/2010/1xxx/CVE-2010-1320.json index 99f09ef14e5..cbf2fd41532 100644 --- a/2010/1xxx/CVE-2010-1320.json +++ b/2010/1xxx/CVE-2010-1320.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1320", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a request associated with (1) renewal or (2) validation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1320", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100420 MITKRB5-SA-2010-004 [CVE-2010-1320] double free in KDC", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/510843/100/0/threaded" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577490", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577490" - }, - { - "name" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-004.txt", - "refsource" : "CONFIRM", - "url" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-004.txt" - }, - { - "name" : "http://support.apple.com/kb/HT4188", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4188" - }, - { - "name" : "APPLE-SA-2010-06-15-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html" - }, - { - "name" : "SUSE-SR:2010:010", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html" - }, - { - "name" : "USN-940-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-940-1" - }, - { - "name" : "39599", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39599" - }, - { - "name" : "1023904", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023904" - }, - { - "name" : "39656", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39656" - }, - { - "name" : "39784", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39784" - }, - { - "name" : "40220", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40220" - }, - { - "name" : "ADV-2010-1001", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1001" - }, - { - "name" : "ADV-2010-1192", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1192" - }, - { - "name" : "ADV-2010-1481", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1481" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a request associated with (1) renewal or (2) validation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2010-06-15-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html" + }, + { + "name": "20100420 MITKRB5-SA-2010-004 [CVE-2010-1320] double free in KDC", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/510843/100/0/threaded" + }, + { + "name": "39784", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39784" + }, + { + "name": "USN-940-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-940-1" + }, + { + "name": "ADV-2010-1481", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1481" + }, + { + "name": "39656", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39656" + }, + { + "name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-004.txt", + "refsource": "CONFIRM", + "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-004.txt" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577490", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577490" + }, + { + "name": "ADV-2010-1192", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1192" + }, + { + "name": "http://support.apple.com/kb/HT4188", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4188" + }, + { + "name": "40220", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40220" + }, + { + "name": "SUSE-SR:2010:010", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html" + }, + { + "name": "1023904", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023904" + }, + { + "name": "ADV-2010-1001", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1001" + }, + { + "name": "39599", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39599" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1324.json b/2010/1xxx/CVE-2010-1324.json index 4e286826d2b..d20a10535d9 100644 --- a/2010/1xxx/CVE-2010-1324.json +++ b/2010/1xxx/CVE-2010-1324.json @@ -1,197 +1,197 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1324", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1324", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101130 MITKRB5-SA-2010-007 Multiple checksum handling vulnerabilities [CVE-2010-1324 CVE-2010-1323 CVE-2010-4020 CVE-2010-4021]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514953/100/0/threaded" - }, - { - "name" : "20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/517739/100/0/threaded" - }, - { - "name" : "[security-announce] 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2011/000133.html" - }, - { - "name" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt", - "refsource" : "CONFIRM", - "url" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt" - }, - { - "name" : "http://support.apple.com/kb/HT4581", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4581" - }, - { - "name" : "http://kb.vmware.com/kb/1035108", - "refsource" : "CONFIRM", - "url" : "http://kb.vmware.com/kb/1035108" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0007.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0007.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - }, - { - "name" : "APPLE-SA-2011-03-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html" - }, - { - "name" : "FEDORA-2010-18409", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html" - }, - { - "name" : "FEDORA-2010-18425", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html" - }, - { - "name" : "HPSBUX02623", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=129562442714657&w=2" - }, - { - "name" : "SSRT100355", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=129562442714657&w=2" - }, - { - "name" : "MDVSA-2010:246", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:246" - }, - { - "name" : "RHSA-2010:0925", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0925.html" - }, - { - "name" : "SUSE-SR:2010:023", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html" - }, - { - "name" : "SUSE-SR:2010:024", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html" - }, - { - "name" : "USN-1030-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1030-1" - }, - { - "name" : "45116", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45116" - }, - { - "name" : "69609", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/69609" - }, - { - "name" : "oval:org.mitre.oval:def:11936", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11936" - }, - { - "name" : "1024803", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024803" - }, - { - "name" : "42399", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42399" - }, - { - "name" : "43015", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43015" - }, - { - "name" : "ADV-2010-3094", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3094" - }, - { - "name" : "ADV-2010-3095", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3095" - }, - { - "name" : "ADV-2010-3118", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3118" - }, - { - "name" : "ADV-2011-0187", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0187" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-3094", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3094" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + }, + { + "name": "MDVSA-2010:246", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:246" + }, + { + "name": "FEDORA-2010-18425", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html" + }, + { + "name": "http://kb.vmware.com/kb/1035108", + "refsource": "CONFIRM", + "url": "http://kb.vmware.com/kb/1035108" + }, + { + "name": "ADV-2010-3118", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3118" + }, + { + "name": "oval:org.mitre.oval:def:11936", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11936" + }, + { + "name": "ADV-2011-0187", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0187" + }, + { + "name": "20101130 MITKRB5-SA-2010-007 Multiple checksum handling vulnerabilities [CVE-2010-1324 CVE-2010-1323 CVE-2010-4020 CVE-2010-4021]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514953/100/0/threaded" + }, + { + "name": "SUSE-SR:2010:023", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0007.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0007.html" + }, + { + "name": "APPLE-SA-2011-03-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html" + }, + { + "name": "69609", + "refsource": "OSVDB", + "url": "http://osvdb.org/69609" + }, + { + "name": "HPSBUX02623", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=129562442714657&w=2" + }, + { + "name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt", + "refsource": "CONFIRM", + "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt" + }, + { + "name": "SSRT100355", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=129562442714657&w=2" + }, + { + "name": "ADV-2010-3095", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3095" + }, + { + "name": "42399", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42399" + }, + { + "name": "45116", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45116" + }, + { + "name": "[security-announce] 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2011/000133.html" + }, + { + "name": "1024803", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024803" + }, + { + "name": "20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/517739/100/0/threaded" + }, + { + "name": "FEDORA-2010-18409", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html" + }, + { + "name": "SUSE-SR:2010:024", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html" + }, + { + "name": "RHSA-2010:0925", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0925.html" + }, + { + "name": "USN-1030-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1030-1" + }, + { + "name": "43015", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43015" + }, + { + "name": "http://support.apple.com/kb/HT4581", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4581" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1472.json b/2010/1xxx/CVE-2010-1472.json index 6945e5ee775..02551d770c6 100644 --- a/2010/1xxx/CVE-2010-1472.json +++ b/2010/1xxx/CVE-2010-1472.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1472", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the Daily Horoscope (com_horoscope) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1472", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1004-exploits/joomlahoroscope-lfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1004-exploits/joomlahoroscope-lfi.txt" - }, - { - "name" : "12167", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12167" - }, - { - "name" : "39406", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39406" - }, - { - "name" : "ADV-2010-0859", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0859" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the Daily Horoscope (com_horoscope) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-0859", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0859" + }, + { + "name": "12167", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12167" + }, + { + "name": "39406", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39406" + }, + { + "name": "http://packetstormsecurity.org/1004-exploits/joomlahoroscope-lfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1004-exploits/joomlahoroscope-lfi.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1643.json b/2010/1xxx/CVE-2010-1643.json index e953df385d2..52387dd682f 100644 --- a/2010/1xxx/CVE-2010-1643.json +++ b/2010/1xxx/CVE-2010-1643.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1643", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mm/shmem.c in the Linux kernel before 2.6.28-rc3, when strict overcommit is enabled, does not properly handle the export of shmemfs objects by knfsd, which allows attackers to cause a denial of service (NULL pointer dereference and knfsd crash) or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-1643", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100526 CVE request - kernel: nfsd: fix vm overcommit crash", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/05/26/2" - }, - { - "name" : "[oss-security] 20100526 Re: CVE request - kernel: nfsd: fix vm overcommit crash", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/05/26/6" - }, - { - "name" : "http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-knfsd-9666", - "refsource" : "MISC", - "url" : "http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-knfsd-9666" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=731572d39fcd3498702eda4600db4c43d51e0b26", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=731572d39fcd3498702eda4600db4c43d51e0b26" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.28/ChangeLog-2.6.28-rc3", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.28/ChangeLog-2.6.28-rc3" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=595970", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=595970" - }, - { - "name" : "MDVSA-2010:198", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198" - }, - { - "name" : "SUSE-SA:2010:031", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html" - }, - { - "name" : "40377", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40377" - }, - { - "name" : "40645", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40645" - }, - { - "name" : "ADV-2010-1857", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1857" - }, - { - "name" : "linux-kernel-knfsd-dos(58957)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58957" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mm/shmem.c in the Linux kernel before 2.6.28-rc3, when strict overcommit is enabled, does not properly handle the export of shmemfs objects by knfsd, which allows attackers to cause a denial of service (NULL pointer dereference and knfsd crash) or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20100526 Re: CVE request - kernel: nfsd: fix vm overcommit crash", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/05/26/6" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=731572d39fcd3498702eda4600db4c43d51e0b26", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=731572d39fcd3498702eda4600db4c43d51e0b26" + }, + { + "name": "[oss-security] 20100526 CVE request - kernel: nfsd: fix vm overcommit crash", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/05/26/2" + }, + { + "name": "SUSE-SA:2010:031", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html" + }, + { + "name": "MDVSA-2010:198", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=595970", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=595970" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.28/ChangeLog-2.6.28-rc3", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.28/ChangeLog-2.6.28-rc3" + }, + { + "name": "40645", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40645" + }, + { + "name": "linux-kernel-knfsd-dos(58957)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58957" + }, + { + "name": "http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-knfsd-9666", + "refsource": "MISC", + "url": "http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-knfsd-9666" + }, + { + "name": "40377", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40377" + }, + { + "name": "ADV-2010-1857", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1857" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4494.json b/2010/4xxx/CVE-2010-4494.json index 9f745ad90e1..d49e5973322 100644 --- a/2010/4xxx/CVE-2010-4494.json +++ b/2010/4xxx/CVE-2010-4494.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4494", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4494", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=63444", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=63444" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html" - }, - { - "name" : "http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html", - "refsource" : "CONFIRM", - "url" : "http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html" - }, - { - "name" : "http://support.apple.com/kb/HT4554", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4554" - }, - { - "name" : "http://support.apple.com/kb/HT4564", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4564" - }, - { - "name" : "http://support.apple.com/kb/HT4566", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4566" - }, - { - "name" : "http://support.apple.com/kb/HT4581", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4581" - }, - { - "name" : "APPLE-SA-2011-03-02-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html" - }, - { - "name" : "APPLE-SA-2011-03-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html" - }, - { - "name" : "APPLE-SA-2011-03-09-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html" - }, - { - "name" : "APPLE-SA-2011-03-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html" - }, - { - "name" : "DSA-2137", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2137" - }, - { - "name" : "FEDORA-2011-2697", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055775.html" - }, - { - "name" : "HPSBGN02970", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139447903326211&w=2" - }, - { - "name" : "MDVSA-2010:260", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:260" - }, - { - "name" : "RHSA-2011:1749", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1749.html" - }, - { - "name" : "RHSA-2013:0217", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0217.html" - }, - { - "name" : "SUSE-SR:2011:005", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html" - }, - { - "name" : "oval:org.mitre.oval:def:11916", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11916" - }, - { - "name" : "42721", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42721" - }, - { - "name" : "42762", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42762" - }, - { - "name" : "40775", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40775" - }, - { - "name" : "42472", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42472" - }, - { - "name" : "ADV-2010-3319", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3319" - }, - { - "name" : "ADV-2010-3336", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3336" - }, - { - "name" : "ADV-2011-0230", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0230" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2010:260", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:260" + }, + { + "name": "40775", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40775" + }, + { + "name": "http://support.apple.com/kb/HT4564", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4564" + }, + { + "name": "ADV-2010-3336", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3336" + }, + { + "name": "ADV-2011-0230", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0230" + }, + { + "name": "DSA-2137", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2137" + }, + { + "name": "RHSA-2013:0217", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0217.html" + }, + { + "name": "http://support.apple.com/kb/HT4566", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4566" + }, + { + "name": "42721", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42721" + }, + { + "name": "RHSA-2011:1749", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1749.html" + }, + { + "name": "APPLE-SA-2011-03-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html" + }, + { + "name": "SUSE-SR:2011:005", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html" + }, + { + "name": "APPLE-SA-2011-03-02-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html" + }, + { + "name": "http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html", + "refsource": "CONFIRM", + "url": "http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html" + }, + { + "name": "FEDORA-2011-2697", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055775.html" + }, + { + "name": "APPLE-SA-2011-03-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html" + }, + { + "name": "42472", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42472" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=63444", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=63444" + }, + { + "name": "oval:org.mitre.oval:def:11916", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11916" + }, + { + "name": "http://support.apple.com/kb/HT4554", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4554" + }, + { + "name": "APPLE-SA-2011-03-09-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html" + }, + { + "name": "42762", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42762" + }, + { + "name": "ADV-2010-3319", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3319" + }, + { + "name": "HPSBGN02970", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139447903326211&w=2" + }, + { + "name": "http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html" + }, + { + "name": "http://support.apple.com/kb/HT4581", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4581" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4520.json b/2010/4xxx/CVE-2010-4520.json index 1e3d695a5e5..af701a36a6c 100644 --- a/2010/4xxx/CVE-2010-4520.json +++ b/2010/4xxx/CVE-2010-4520.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4520", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Views module 6.x before 6.x-2.11 for Drupal allow remote attackers to inject arbitrary web script or HTML via (1) a URL or (2) an aggregator feed title." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-4520", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20101216 CVE request: Drupal views module CSRF/XSS before 2.11, XSS before 2.12", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/12/16/7" - }, - { - "name" : "[oss-security] 20101221 Re: CVE request: Drupal views module CSRF/XSS before 2.11, XSS before 2.12", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/12/22/1" - }, - { - "name" : "http://drupal.org/node/829840", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/829840" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Views module 6.x before 6.x-2.11 for Drupal allow remote attackers to inject arbitrary web script or HTML via (1) a URL or (2) an aggregator feed title." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/829840", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/829840" + }, + { + "name": "[oss-security] 20101216 CVE request: Drupal views module CSRF/XSS before 2.11, XSS before 2.12", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/12/16/7" + }, + { + "name": "[oss-security] 20101221 Re: CVE request: Drupal views module CSRF/XSS before 2.11, XSS before 2.12", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/12/22/1" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4723.json b/2010/4xxx/CVE-2010-4723.json index 19b3f2aa102..7a42e2325a4 100644 --- a/2010/4xxx/CVE-2010-4723.json +++ b/2010/4xxx/CVE-2010-4723.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4723", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Smarty before 3.0.0, when security is enabled, does not prevent access to the (1) dynamic and (2) private object members of an assigned object, which has unspecified impact and remote attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4723", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt", - "refsource" : "CONFIRM", - "url" : "http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Smarty before 3.0.0, when security is enabled, does not prevent access to the (1) dynamic and (2) private object members of an assigned object, which has unspecified impact and remote attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt", + "refsource": "CONFIRM", + "url": "http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0070.json b/2014/0xxx/CVE-2014-0070.json index d3fc56a0bdf..2772c3ceb3b 100644 --- a/2014/0xxx/CVE-2014-0070.json +++ b/2014/0xxx/CVE-2014-0070.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0070", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-0070", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0218.json b/2014/0xxx/CVE-2014-0218.json index ce82c85d85a..c71cc46aa31 100644 --- a/2014/0xxx/CVE-2014-0218.json +++ b/2014/0xxx/CVE-2014-0218.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0218", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the URL downloader repository in repository/url/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0218", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140519 Moodle security notifications public", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/05/19/1" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45332", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45332" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=260366", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=260366" - }, - { - "name" : "67479", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67479" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the URL downloader repository in repository/url/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://moodle.org/mod/forum/discuss.php?d=260366", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=260366" + }, + { + "name": "67479", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67479" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45332", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45332" + }, + { + "name": "[oss-security] 20140519 Moodle security notifications public", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/05/19/1" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0707.json b/2014/0xxx/CVE-2014-0707.json index 2d58782c8bd..ab19788392a 100644 --- a/2014/0xxx/CVE-2014-0707.json +++ b/2014/0xxx/CVE-2014-0707.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0707", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCuf80681." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-0707", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140305 Multiple Vulnerabilities in Cisco Wireless LAN Controllers", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCuf80681." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140305 Multiple Vulnerabilities in Cisco Wireless LAN Controllers", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0801.json b/2014/0xxx/CVE-2014-0801.json index 96529d56e89..9f0d7e60be0 100644 --- a/2014/0xxx/CVE-2014-0801.json +++ b/2014/0xxx/CVE-2014-0801.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0801", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-0801", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0839.json b/2014/0xxx/CVE-2014-0839.json index 6c6b848d0f1..622794190db 100644 --- a/2014/0xxx/CVE-2014-0839.json +++ b/2014/0xxx/CVE-2014-0839.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0839", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allows remote authenticated users to modify data via vectors involving a direct object reference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0839", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21665005", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21665005" - }, - { - "name" : "ibm-focalpoint-cve20140839-sec-bypass(90696)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90696" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allows remote authenticated users to modify data via vectors involving a direct object reference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21665005", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21665005" + }, + { + "name": "ibm-focalpoint-cve20140839-sec-bypass(90696)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90696" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1314.json b/2014/1xxx/CVE-2014-1314.json index dec6472dba8..d907e39ffa1 100644 --- a/2014/1xxx/CVE-2014-1314.json +++ b/2014/1xxx/CVE-2014-1314.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1314", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WindowServer in Apple OS X through 10.9.2 does not prevent session creation by a sandboxed application, which allows attackers to bypass the sandbox protection mechanism and execute arbitrary code via a crafted application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-1314", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2014-04-22-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WindowServer in Apple OS X through 10.9.2 does not prevent session creation by a sandboxed application, which allows attackers to bypass the sandbox protection mechanism and execute arbitrary code via a crafted application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2014-04-22-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1652.json b/2014/1xxx/CVE-2014-1652.json index dbf9a6543c2..2b64daf56fa 100644 --- a/2014/1xxx/CVE-2014-1652.json +++ b/2014/1xxx/CVE-2014-1652.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the management console in Symantec Web Gateway (SWG) before 5.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified report parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "ID": "CVE-2014-1652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00" - }, - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00" - }, - { - "name" : "VU#719172", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/719172" - }, - { - "name" : "67755", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67755" - }, - { - "name" : "1030443", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030443" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the management console in Symantec Web Gateway (SWG) before 5.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified report parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "67755", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67755" + }, + { + "name": "1030443", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030443" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00" + }, + { + "name": "VU#719172", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/719172" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1659.json b/2014/1xxx/CVE-2014-1659.json index 4a598b0fbb1..873bfcc2ddc 100644 --- a/2014/1xxx/CVE-2014-1659.json +++ b/2014/1xxx/CVE-2014-1659.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1659", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-1659", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1694.json b/2014/1xxx/CVE-2014-1694.json index 63be87364d7..df70145cd3d 100644 --- a/2014/1xxx/CVE-2014-1694.json +++ b/2014/1xxx/CVE-2014-1694.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1694", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in (1) CustomerPreferences.pm, (2) CustomerTicketMessage.pm, (3) CustomerTicketProcess.pm, and (4) CustomerTicketZoom.pm in Kernel/Modules/ in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allow remote attackers to hijack the authentication of arbitrary users for requests that (5) create tickets or (6) send follow-ups to existing tickets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1694", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140129 CVE Request: otrs: CSRF issue in customer web interface", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/01/29/7" - }, - { - "name" : "[oss-security] 20140129 Re: CVE Request: otrs: CSRF issue in customer web interface", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/01/29/15" - }, - { - "name" : "http://bugs.otrs.org/show_bug.cgi?id=10099", - "refsource" : "CONFIRM", - "url" : "http://bugs.otrs.org/show_bug.cgi?id=10099" - }, - { - "name" : "https://github.com/OTRS/otrs/commit/6f324aaf8647729d509eebf063a0181f9f9196f7", - "refsource" : "CONFIRM", - "url" : "https://github.com/OTRS/otrs/commit/6f324aaf8647729d509eebf063a0181f9f9196f7" - }, - { - "name" : "https://github.com/OTRS/otrs/commit/92f417277f43832f1a0462f2485fe1fd3fd52312", - "refsource" : "CONFIRM", - "url" : "https://github.com/OTRS/otrs/commit/92f417277f43832f1a0462f2485fe1fd3fd52312" - }, - { - "name" : "https://github.com/OTRS/otrs/commit/ca2c3390fd60d9a3f810ed2c22cbc2c193457b77", - "refsource" : "CONFIRM", - "url" : "https://github.com/OTRS/otrs/commit/ca2c3390fd60d9a3f810ed2c22cbc2c193457b77" - }, - { - "name" : "https://www.otrs.com/release-notes-otrs-help-desk-3-3-4", - "refsource" : "CONFIRM", - "url" : "https://www.otrs.com/release-notes-otrs-help-desk-3-3-4" - }, - { - "name" : "https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface", - "refsource" : "CONFIRM", - "url" : "https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface" - }, - { - "name" : "DSA-2867", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2867" - }, - { - "name" : "102632", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102632" - }, - { - "name" : "56644", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56644" - }, - { - "name" : "56655", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56655" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in (1) CustomerPreferences.pm, (2) CustomerTicketMessage.pm, (3) CustomerTicketProcess.pm, and (4) CustomerTicketZoom.pm in Kernel/Modules/ in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allow remote attackers to hijack the authentication of arbitrary users for requests that (5) create tickets or (6) send follow-ups to existing tickets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102632", + "refsource": "OSVDB", + "url": "http://osvdb.org/102632" + }, + { + "name": "https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface", + "refsource": "CONFIRM", + "url": "https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface" + }, + { + "name": "https://github.com/OTRS/otrs/commit/6f324aaf8647729d509eebf063a0181f9f9196f7", + "refsource": "CONFIRM", + "url": "https://github.com/OTRS/otrs/commit/6f324aaf8647729d509eebf063a0181f9f9196f7" + }, + { + "name": "[oss-security] 20140129 Re: CVE Request: otrs: CSRF issue in customer web interface", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/01/29/15" + }, + { + "name": "https://www.otrs.com/release-notes-otrs-help-desk-3-3-4", + "refsource": "CONFIRM", + "url": "https://www.otrs.com/release-notes-otrs-help-desk-3-3-4" + }, + { + "name": "https://github.com/OTRS/otrs/commit/92f417277f43832f1a0462f2485fe1fd3fd52312", + "refsource": "CONFIRM", + "url": "https://github.com/OTRS/otrs/commit/92f417277f43832f1a0462f2485fe1fd3fd52312" + }, + { + "name": "56655", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56655" + }, + { + "name": "[oss-security] 20140129 CVE Request: otrs: CSRF issue in customer web interface", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/01/29/7" + }, + { + "name": "https://github.com/OTRS/otrs/commit/ca2c3390fd60d9a3f810ed2c22cbc2c193457b77", + "refsource": "CONFIRM", + "url": "https://github.com/OTRS/otrs/commit/ca2c3390fd60d9a3f810ed2c22cbc2c193457b77" + }, + { + "name": "56644", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56644" + }, + { + "name": "DSA-2867", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2867" + }, + { + "name": "http://bugs.otrs.org/show_bug.cgi?id=10099", + "refsource": "CONFIRM", + "url": "http://bugs.otrs.org/show_bug.cgi?id=10099" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1979.json b/2014/1xxx/CVE-2014-1979.json index b0dafe25435..01029ec58e2 100644 --- a/2014/1xxx/CVE-2014-1979.json +++ b/2014/1xxx/CVE-2014-1979.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1979", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NTT DOCOMO sp mode mail application 5900 through 6300 for Android 4.0.x and 6000 through 6620 for Android 4.1 through 4.4 allows remote attackers to execute arbitrary Java methods via Deco-mail emoticon POP data in an e-mail message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-1979", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#89260331", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN89260331/index.html" - }, - { - "name" : "JVNDB-2014-000029", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000029" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NTT DOCOMO sp mode mail application 5900 through 6300 for Android 4.0.x and 6000 through 6620 for Android 4.1 through 4.4 allows remote attackers to execute arbitrary Java methods via Deco-mail emoticon POP data in an e-mail message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#89260331", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN89260331/index.html" + }, + { + "name": "JVNDB-2014-000029", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000029" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4295.json b/2014/4xxx/CVE-2014-4295.json index fc91fade558..fc8b31a82d9 100644 --- a/2014/4xxx/CVE-2014-4295.json +++ b/2014/4xxx/CVE-2014-4295.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4295", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4294, CVE-2014-6538, and CVE-2014-6563." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-4295", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "70498", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70498" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4294, CVE-2014-6538, and CVE-2014-6563." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + }, + { + "name": "70498", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70498" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4725.json b/2014/4xxx/CVE-2014-4725.json index ede621f6df1..1a13cd06d60 100644 --- a/2014/4xxx/CVE-2014-4725.json +++ b/2014/4xxx/CVE-2014-4725.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4725", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4725", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140708 Re: CVE request: WordPress plugin wysija-newsletters remote file upload", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/07/08/7" - }, - { - "name" : "http://arstechnica.com/security/2014/07/mass-exploit-of-wordpress-plugin-backdoors-sites-running-joomla-magento-too/", - "refsource" : "MISC", - "url" : "http://arstechnica.com/security/2014/07/mass-exploit-of-wordpress-plugin-backdoors-sites-running-joomla-magento-too/" - }, - { - "name" : "http://blog.sucuri.net/2014/07/mailpoet-vulnerability-exploited-in-the-wild-breaking-thousands-of-wordpress-sites.html", - "refsource" : "MISC", - "url" : "http://blog.sucuri.net/2014/07/mailpoet-vulnerability-exploited-in-the-wild-breaking-thousands-of-wordpress-sites.html" - }, - { - "name" : "http://blog.sucuri.net/2014/07/malware-infection-breaking-wordpress-sites.html", - "refsource" : "MISC", - "url" : "http://blog.sucuri.net/2014/07/malware-infection-breaking-wordpress-sites.html" - }, - { - "name" : "http://blog.sucuri.net/2014/07/remote-file-upload-vulnerability-on-mailpoet-wysija-newsletters.html", - "refsource" : "MISC", - "url" : "http://blog.sucuri.net/2014/07/remote-file-upload-vulnerability-on-mailpoet-wysija-newsletters.html" - }, - { - "name" : "https://wordpress.org/plugins/wysija-newsletters/changelog/", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/wysija-newsletters/changelog/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/wysija-newsletters/changelog/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/wysija-newsletters/changelog/" + }, + { + "name": "http://blog.sucuri.net/2014/07/remote-file-upload-vulnerability-on-mailpoet-wysija-newsletters.html", + "refsource": "MISC", + "url": "http://blog.sucuri.net/2014/07/remote-file-upload-vulnerability-on-mailpoet-wysija-newsletters.html" + }, + { + "name": "http://blog.sucuri.net/2014/07/malware-infection-breaking-wordpress-sites.html", + "refsource": "MISC", + "url": "http://blog.sucuri.net/2014/07/malware-infection-breaking-wordpress-sites.html" + }, + { + "name": "http://arstechnica.com/security/2014/07/mass-exploit-of-wordpress-plugin-backdoors-sites-running-joomla-magento-too/", + "refsource": "MISC", + "url": "http://arstechnica.com/security/2014/07/mass-exploit-of-wordpress-plugin-backdoors-sites-running-joomla-magento-too/" + }, + { + "name": "[oss-security] 20140708 Re: CVE request: WordPress plugin wysija-newsletters remote file upload", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/07/08/7" + }, + { + "name": "http://blog.sucuri.net/2014/07/mailpoet-vulnerability-exploited-in-the-wild-breaking-thousands-of-wordpress-sites.html", + "refsource": "MISC", + "url": "http://blog.sucuri.net/2014/07/mailpoet-vulnerability-exploited-in-the-wild-breaking-thousands-of-wordpress-sites.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4859.json b/2014/4xxx/CVE-2014-4859.json index 270aeab2a81..d54ab39663c 100644 --- a/2014/4xxx/CVE-2014-4859.json +++ b/2014/4xxx/CVE-2014-4859.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4859", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4859", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9099.json b/2014/9xxx/CVE-2014-9099.json index f7981bc7195..dee0ea0a497 100644 --- a/2014/9xxx/CVE-2014-9099.json +++ b/2014/9xxx/CVE-2014-9099.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9099", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via a request to the whydowork_adsense page in wp-admin/options-general.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9099", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/127658/WordPress-WhyDoWork-AdSense-1.2-XSS-CSRF.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127658/WordPress-WhyDoWork-AdSense-1.2-XSS-CSRF.html" - }, - { - "name" : "68954", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68954" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via a request to the whydowork_adsense page in wp-admin/options-general.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "68954", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68954" + }, + { + "name": "http://packetstormsecurity.com/files/127658/WordPress-WhyDoWork-AdSense-1.2-XSS-CSRF.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127658/WordPress-WhyDoWork-AdSense-1.2-XSS-CSRF.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9227.json b/2014/9xxx/CVE-2014-9227.json index 5e926a0fa03..c9b7d222234 100644 --- a/2014/9xxx/CVE-2014-9227.json +++ b/2014/9xxx/CVE-2014-9227.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9227", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple untrusted search path vulnerabilities in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow local users to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "ID": "CVE-2014-9227", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150617_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150617_00" - }, - { - "name" : "75203", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75203" - }, - { - "name" : "1032616", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032616" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple untrusted search path vulnerabilities in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow local users to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150617_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150617_00" + }, + { + "name": "1032616", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032616" + }, + { + "name": "75203", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75203" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9395.json b/2014/9xxx/CVE-2014-9395.json index 2b149ec5f43..9d60d372aa3 100644 --- a/2014/9xxx/CVE-2014-9395.json +++ b/2014/9xxx/CVE-2014-9395.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9395", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the Simplelife plugin 1.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) simplehoverback, (2) simplehovertext, (3) flickrback, or (4) simple_flimit parameter in the simplelife.php page to wp-admin/options-general.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9395", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/129641/WordPress-Simplelife-1.2-CSRF-XSS.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129641/WordPress-Simplelife-1.2-CSRF-XSS.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Simplelife plugin 1.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) simplehoverback, (2) simplehovertext, (3) flickrback, or (4) simple_flimit parameter in the simplelife.php page to wp-admin/options-general.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/129641/WordPress-Simplelife-1.2-CSRF-XSS.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129641/WordPress-Simplelife-1.2-CSRF-XSS.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9578.json b/2014/9xxx/CVE-2014-9578.json index d509a7fd88a..163c9098f21 100644 --- a/2014/9xxx/CVE-2014-9578.json +++ b/2014/9xxx/CVE-2014-9578.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9578", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VDG Security SENSE (formerly DIVA) 2.3.13 performs authentication with a password hash instead of a password, which allows remote attackers to gain login access by leveraging knowledge of a password hash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9578", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141218 SEC Consult SA-20141218-0 :: Multiple critical vulnerabilities in VDG Security SENSE (formerly DIVA)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/76" - }, - { - "name" : "http://packetstormsecurity.com/files/129656/VDG-Security-SENSE-2.3.13-File-Disclosure-Bypass-Buffer-Overflow.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129656/VDG-Security-SENSE-2.3.13-File-Disclosure-Bypass-Buffer-Overflow.html" - }, - { - "name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-0_VDG_Security_SENSE_Multiple_critical_vulnerabilities_v10.txt", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-0_VDG_Security_SENSE_Multiple_critical_vulnerabilities_v10.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VDG Security SENSE (formerly DIVA) 2.3.13 performs authentication with a password hash instead of a password, which allows remote attackers to gain login access by leveraging knowledge of a password hash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141218 SEC Consult SA-20141218-0 :: Multiple critical vulnerabilities in VDG Security SENSE (formerly DIVA)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/76" + }, + { + "name": "http://packetstormsecurity.com/files/129656/VDG-Security-SENSE-2.3.13-File-Disclosure-Bypass-Buffer-Overflow.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129656/VDG-Security-SENSE-2.3.13-File-Disclosure-Bypass-Buffer-Overflow.html" + }, + { + "name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-0_VDG_Security_SENSE_Multiple_critical_vulnerabilities_v10.txt", + "refsource": "MISC", + "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-0_VDG_Security_SENSE_Multiple_critical_vulnerabilities_v10.txt" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9969.json b/2014/9xxx/CVE-2014-9969.json index 2e24f2ab9be..90e1717c126 100644 --- a/2014/9xxx/CVE-2014-9969.json +++ b/2014/9xxx/CVE-2014-9969.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2017-07-01T00:00:00", - "ID" : "CVE-2014-9969", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "All Qualcomm products", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all Qualcomm products with Android releases from CAF using the Linux kernel, the GPS client may use an insecure cryptographic algorithm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use of a Broken or Risky Cryptographic Algorithm in GNSS" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2017-07-01T00:00:00", + "ID": "CVE-2014-9969", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All Qualcomm products", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-07-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-07-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, the GPS client may use an insecure cryptographic algorithm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use of a Broken or Risky Cryptographic Algorithm in GNSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-07-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-07-01" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3316.json b/2016/3xxx/CVE-2016-3316.json index eb992c0617e..c7f0379a51a 100644 --- a/2016/3xxx/CVE-2016-3316.json +++ b/2016/3xxx/CVE-2016-3316.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3316", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Word 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to execute arbitrary code via a crafted file, aka \"Microsoft Office Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3316", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40238", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40238/" - }, - { - "name" : "MS16-099", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-099" - }, - { - "name" : "92300", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92300" - }, - { - "name" : "1036559", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036559" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Word 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to execute arbitrary code via a crafted file, aka \"Microsoft Office Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036559", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036559" + }, + { + "name": "92300", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92300" + }, + { + "name": "40238", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40238/" + }, + { + "name": "MS16-099", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-099" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3372.json b/2016/3xxx/CVE-2016-3372.json index 99e9e76b3fd..89261786189 100644 --- a/2016/3xxx/CVE-2016-3372.json +++ b/2016/3xxx/CVE-2016-3372.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3372", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel API in Microsoft Windows Vista SP2 and Windows Server 2008 SP2 does not properly enforce permissions, which allows local users to spoof processes, spoof inter-process communication, or cause a denial of service via a crafted application, aka \"Windows Kernel Elevation of Privilege Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-111", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-111" - }, - { - "name" : "92815", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92815" - }, - { - "name" : "1036802", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036802" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel API in Microsoft Windows Vista SP2 and Windows Server 2008 SP2 does not properly enforce permissions, which allows local users to spoof processes, spoof inter-process communication, or cause a denial of service via a crafted application, aka \"Windows Kernel Elevation of Privilege Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-111", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-111" + }, + { + "name": "92815", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92815" + }, + { + "name": "1036802", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036802" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3462.json b/2016/3xxx/CVE-2016-3462.json index f333adf1530..04c71a0617b 100644 --- a/2016/3xxx/CVE-2016-3462.json +++ b/2016/3xxx/CVE-2016-3462.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3462", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Network Configuration Service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3462", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" - }, - { - "name" : "1035629", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035629" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Network Configuration Service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1035629", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035629" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3808.json b/2016/3xxx/CVE-2016-3808.json index 4d86f77f381..93241caad42 100644 --- a/2016/3xxx/CVE-2016-3808.json +++ b/2016/3xxx/CVE-2016-3808.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3808", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The serial peripheral interface driver in Android before 2016-07-05 on Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28430009." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3808", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-07-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-07-01.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The serial peripheral interface driver in Android before 2016-07-05 on Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28430009." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-07-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-07-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7142.json b/2016/7xxx/CVE-2016-7142.json index 541340014d9..6f46a78a5b8 100644 --- a/2016/7xxx/CVE-2016-7142.json +++ b/2016/7xxx/CVE-2016-7142.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7142", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7142", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160904 CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/04/3" - }, - { - "name" : "[oss-security] 20160905 Re: CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/05/8" - }, - { - "name" : "http://www.inspircd.org/2016/09/03/v2023-released.html", - "refsource" : "CONFIRM", - "url" : "http://www.inspircd.org/2016/09/03/v2023-released.html" - }, - { - "name" : "https://github.com/inspircd/inspircd/commit/74fafb7f11b06747f69f182ad5e3769b665eea7a", - "refsource" : "CONFIRM", - "url" : "https://github.com/inspircd/inspircd/commit/74fafb7f11b06747f69f182ad5e3769b665eea7a" - }, - { - "name" : "DSA-3662", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3662" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.inspircd.org/2016/09/03/v2023-released.html", + "refsource": "CONFIRM", + "url": "http://www.inspircd.org/2016/09/03/v2023-released.html" + }, + { + "name": "https://github.com/inspircd/inspircd/commit/74fafb7f11b06747f69f182ad5e3769b665eea7a", + "refsource": "CONFIRM", + "url": "https://github.com/inspircd/inspircd/commit/74fafb7f11b06747f69f182ad5e3769b665eea7a" + }, + { + "name": "[oss-security] 20160905 Re: CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/05/8" + }, + { + "name": "[oss-security] 20160904 CVE ID request: certificate spoofing through crafted SASL message in inspircd, charybdis", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/04/3" + }, + { + "name": "DSA-3662", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3662" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7325.json b/2016/7xxx/CVE-2016-7325.json index e938a4c5d4d..231819f734c 100644 --- a/2016/7xxx/CVE-2016-7325.json +++ b/2016/7xxx/CVE-2016-7325.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7325", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7325", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8017.json b/2016/8xxx/CVE-2016-8017.json index 36c7dcd4916..77caf8d04f1 100644 --- a/2016/8xxx/CVE-2016-8017.json +++ b/2016/8xxx/CVE-2016-8017.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "ID" : "CVE-2016-8017", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "VirusScan Enterprise Linux (VSEL)", - "version" : { - "version_data" : [ - { - "version_value" : "2.0.3 (and earlier)" - } - ] - } - } - ] - }, - "vendor_name" : "Intel" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Special element injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to read files on the webserver via a crafted user input." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Special element injection vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "ID": "CVE-2016-8017", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VirusScan Enterprise Linux (VSEL)", + "version": { + "version_data": [ + { + "version_value": "2.0.3 (and earlier)" + } + ] + } + } + ] + }, + "vendor_name": "Intel" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40911", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40911/" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10181", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10181" - }, - { - "name" : "94823", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94823" - }, - { - "name" : "1037433", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037433" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Special element injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to read files on the webserver via a crafted user input." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Special element injection vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94823", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94823" + }, + { + "name": "1037433", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037433" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10181", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10181" + }, + { + "name": "40911", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40911/" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8269.json b/2016/8xxx/CVE-2016-8269.json index c05896cee30..2ca66d45ac3 100644 --- a/2016/8xxx/CVE-2016-8269.json +++ b/2016/8xxx/CVE-2016-8269.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8269", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8269", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8599.json b/2016/8xxx/CVE-2016-8599.json index 33ef7fe5321..128ee634e97 100644 --- a/2016/8xxx/CVE-2016-8599.json +++ b/2016/8xxx/CVE-2016-8599.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8599", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8599", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8857.json b/2016/8xxx/CVE-2016-8857.json index bf6ef06adb3..137a41cf10f 100644 --- a/2016/8xxx/CVE-2016-8857.json +++ b/2016/8xxx/CVE-2016-8857.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8857", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8857", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9165.json b/2016/9xxx/CVE-2016-9165.json index 77ff00a4b64..19d244b1fe1 100644 --- a/2016/9xxx/CVE-2016-9165.json +++ b/2016/9xxx/CVE-2016-9165.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9165", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication or gain privileges via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9165", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-606", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-606" - }, - { - "name" : "https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html", - "refsource" : "CONFIRM", - "url" : "https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html" - }, - { - "name" : "94257", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94257" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication or gain privileges via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94257", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94257" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-606", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-606" + }, + { + "name": "https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html", + "refsource": "CONFIRM", + "url": "https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9652.json b/2016/9xxx/CVE-2016-9652.json index 4ee0bb97058..6d5c224dee8 100644 --- a/2016/9xxx/CVE-2016-9652.json +++ b/2016/9xxx/CVE-2016-9652.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9652", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9652", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9912.json b/2016/9xxx/CVE-2016-9912.json index 6310b1e55e2..94bea8ff61a 100644 --- a/2016/9xxx/CVE-2016-9912.json +++ b/2016/9xxx/CVE-2016-9912.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9912", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while destroying gpu resource object in 'virtio_gpu_resource_destroy'. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-9912", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161208 Re: CVE request Qemu: display: virtio-gpu: memory leakage when destroying gpu resource", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/12/08/6" - }, - { - "name" : "GLSA-201701-49", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-49" - }, - { - "name" : "94760", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94760" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while destroying gpu resource object in 'virtio_gpu_resource_destroy'. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20161208 Re: CVE request Qemu: display: virtio-gpu: memory leakage when destroying gpu resource", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/12/08/6" + }, + { + "name": "GLSA-201701-49", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-49" + }, + { + "name": "94760", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94760" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2444.json b/2019/2xxx/CVE-2019-2444.json index 3f71d73973a..42b395db190 100644 --- a/2019/2xxx/CVE-2019-2444.json +++ b/2019/2xxx/CVE-2019-2444.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2444", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Oracle Database", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.2.0.1" - }, - { - "version_affected" : "=", - "version_value" : "18c" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 18c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Core RDBMS. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Core RDBMS." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2444", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Database", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.2.0.1" + }, + { + "version_affected": "=", + "version_value": "18c" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "106584", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106584" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 18c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Core RDBMS. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Core RDBMS." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "106584", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106584" + } + ] + } +} \ No newline at end of file