From 0d83dde74f532a4fecab8a5356bbe4e70e90a63c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 22:30:12 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0250.json | 180 ++++++------- 2006/0xxx/CVE-2006-0546.json | 120 ++++----- 2006/1xxx/CVE-2006-1355.json | 170 ++++++------- 2006/1xxx/CVE-2006-1639.json | 200 +++++++-------- 2006/5xxx/CVE-2006-5162.json | 180 ++++++------- 2006/5xxx/CVE-2006-5422.json | 160 ++++++------ 2006/5xxx/CVE-2006-5993.json | 34 +-- 2010/0xxx/CVE-2010-0240.json | 140 +++++----- 2010/0xxx/CVE-2010-0353.json | 34 +-- 2010/0xxx/CVE-2010-0476.json | 160 ++++++------ 2010/2xxx/CVE-2010-2657.json | 170 ++++++------- 2010/2xxx/CVE-2010-2725.json | 130 +++++----- 2010/3xxx/CVE-2010-3334.json | 210 +++++++-------- 2010/3xxx/CVE-2010-3382.json | 120 ++++----- 2010/3xxx/CVE-2010-3704.json | 480 +++++++++++++++++------------------ 2010/3xxx/CVE-2010-3849.json | 270 ++++++++++---------- 2010/4xxx/CVE-2010-4009.json | 170 ++++++------- 2010/4xxx/CVE-2010-4134.json | 34 +-- 2010/4xxx/CVE-2010-4400.json | 170 ++++++------- 2014/3xxx/CVE-2014-3143.json | 34 +-- 2014/3xxx/CVE-2014-3371.json | 34 +-- 2014/3xxx/CVE-2014-3852.json | 130 +++++----- 2014/3xxx/CVE-2014-3918.json | 34 +-- 2014/4xxx/CVE-2014-4334.json | 150 +++++------ 2014/4xxx/CVE-2014-4398.json | 160 ++++++------ 2014/4xxx/CVE-2014-4867.json | 120 ++++----- 2014/4xxx/CVE-2014-4961.json | 34 +-- 2014/8xxx/CVE-2014-8374.json | 34 +-- 2014/8xxx/CVE-2014-8451.json | 120 ++++----- 2014/8xxx/CVE-2014-8558.json | 130 +++++----- 2014/8xxx/CVE-2014-8953.json | 140 +++++----- 2014/9xxx/CVE-2014-9268.json | 130 +++++----- 2014/9xxx/CVE-2014-9271.json | 180 ++++++------- 2014/9xxx/CVE-2014-9433.json | 180 ++++++------- 2014/9xxx/CVE-2014-9770.json | 160 ++++++------ 2014/9xxx/CVE-2014-9867.json | 140 +++++----- 2016/2xxx/CVE-2016-2484.json | 130 +++++----- 2016/2xxx/CVE-2016-2834.json | 280 ++++++++++---------- 2016/3xxx/CVE-2016-3114.json | 120 ++++----- 2016/3xxx/CVE-2016-3861.json | 190 +++++++------- 2016/6xxx/CVE-2016-6017.json | 34 +-- 2016/6xxx/CVE-2016-6161.json | 180 ++++++------- 2016/6xxx/CVE-2016-6192.json | 130 +++++----- 2016/6xxx/CVE-2016-6263.json | 200 +++++++-------- 2016/7xxx/CVE-2016-7063.json | 34 +-- 45 files changed, 3170 insertions(+), 3170 deletions(-) diff --git a/2006/0xxx/CVE-2006-0250.json b/2006/0xxx/CVE-2006-0250.json index 8193a93e67a..a6b28230ae3 100644 --- a/2006/0xxx/CVE-2006-0250.json +++ b/2006/0xxx/CVE-2006-0250.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0250", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the snmp_input function in snmptrapd in CMU SNMP utilities (cmu-snmp) allows remote attackers to execute arbitrary code by sending crafted SNMP messages to UDP port 162." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0250", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060116 Digital Armaments Security Advisory 01.16.2006: CMU SNMP utilities snmptrad Format String Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/422086/100/0/threaded" - }, - { - "name" : "http://www.digitalarmaments.com/2006040164883273.html", - "refsource" : "MISC", - "url" : "http://www.digitalarmaments.com/2006040164883273.html" - }, - { - "name" : "16267", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16267" - }, - { - "name" : "ADV-2006-0234", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0234" - }, - { - "name" : "22493", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22493" - }, - { - "name" : "18525", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18525" - }, - { - "name" : "cmusnmp-snmpinput-format-string(24178)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24178" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the snmp_input function in snmptrapd in CMU SNMP utilities (cmu-snmp) allows remote attackers to execute arbitrary code by sending crafted SNMP messages to UDP port 162." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16267", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16267" + }, + { + "name": "22493", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22493" + }, + { + "name": "http://www.digitalarmaments.com/2006040164883273.html", + "refsource": "MISC", + "url": "http://www.digitalarmaments.com/2006040164883273.html" + }, + { + "name": "18525", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18525" + }, + { + "name": "ADV-2006-0234", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0234" + }, + { + "name": "cmusnmp-snmpinput-format-string(24178)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24178" + }, + { + "name": "20060116 Digital Armaments Security Advisory 01.16.2006: CMU SNMP utilities snmptrad Format String Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/422086/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0546.json b/2006/0xxx/CVE-2006-0546.json index 579099abc32..c4a23dfaed2 100644 --- a/2006/0xxx/CVE-2006-0546.json +++ b/2006/0xxx/CVE-2006-0546.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0546", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in index.php in a certain application available from /v1/tr/portfoy.php on www.egeinternet.com allows remote attackers to execute arbitrary code via \"evilcode\" in the key parameter, possibly a PHP remote file include vulnerability in which the attack vector is a URL in the key parameter. NOTE: it is not clear whether this vulnerability is associated with an online service or application service provider. If so, then it should not be included in CVE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0546", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060128 Ege Internet Web Desing Remote Command Exucetion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/423365/100/0/threaded" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in index.php in a certain application available from /v1/tr/portfoy.php on www.egeinternet.com allows remote attackers to execute arbitrary code via \"evilcode\" in the key parameter, possibly a PHP remote file include vulnerability in which the attack vector is a URL in the key parameter. NOTE: it is not clear whether this vulnerability is associated with an online service or application service provider. If so, then it should not be included in CVE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060128 Ege Internet Web Desing Remote Command Exucetion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/423365/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1355.json b/2006/1xxx/CVE-2006-1355.json index 8466b33687f..2cc1b68fac7 100644 --- a/2006/1xxx/CVE-2006-1355.json +++ b/2006/1xxx/CVE-2006-1355.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1355", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "avast! Antivirus 4.6.763 and earlier sets \"BUILTIN\\Everyone\" permissions to critical system files in the installation folder, which allows local users to gain privileges or disable protection by modifying those files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1355", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.dslreports.com/forum/remark,15601404~days=9999~start=20", - "refsource" : "MISC", - "url" : "http://www.dslreports.com/forum/remark,15601404~days=9999~start=20" - }, - { - "name" : "http://forum.avast.com/index.php?topic=19862.0", - "refsource" : "CONFIRM", - "url" : "http://forum.avast.com/index.php?topic=19862.0" - }, - { - "name" : "17158", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17158" - }, - { - "name" : "ADV-2006-1011", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1011" - }, - { - "name" : "19284", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19284" - }, - { - "name" : "avast-default-insecure-permissions(25336)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25336" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "avast! Antivirus 4.6.763 and earlier sets \"BUILTIN\\Everyone\" permissions to critical system files in the installation folder, which allows local users to gain privileges or disable protection by modifying those files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.dslreports.com/forum/remark,15601404~days=9999~start=20", + "refsource": "MISC", + "url": "http://www.dslreports.com/forum/remark,15601404~days=9999~start=20" + }, + { + "name": "19284", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19284" + }, + { + "name": "http://forum.avast.com/index.php?topic=19862.0", + "refsource": "CONFIRM", + "url": "http://forum.avast.com/index.php?topic=19862.0" + }, + { + "name": "ADV-2006-1011", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1011" + }, + { + "name": "avast-default-insecure-permissions(25336)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25336" + }, + { + "name": "17158", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17158" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1639.json b/2006/1xxx/CVE-2006-1639.json index 8c161ac8ccf..11ba963cf24 100644 --- a/2006/1xxx/CVE-2006-1639.json +++ b/2006/1xxx/CVE-2006-1639.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1639", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in wpBlog 0.4 allows remote attackers to execute arbitrary SQL commands via the postid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1639", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060417 [eVuln] Wire Plastik wpBlog SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431186/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/119/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/119/summary.html" - }, - { - "name" : "17381", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17381" - }, - { - "name" : "ADV-2006-1238", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1238" - }, - { - "name" : "24385", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24385" - }, - { - "name" : "1015951", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015951" - }, - { - "name" : "19538", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19538" - }, - { - "name" : "734", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/734" - }, - { - "name" : "wpblog-index-sql-injection(25628)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25628" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in wpBlog 0.4 allows remote attackers to execute arbitrary SQL commands via the postid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24385", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24385" + }, + { + "name": "wpblog-index-sql-injection(25628)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25628" + }, + { + "name": "17381", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17381" + }, + { + "name": "ADV-2006-1238", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1238" + }, + { + "name": "1015951", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015951" + }, + { + "name": "http://evuln.com/vulns/119/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/119/summary.html" + }, + { + "name": "734", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/734" + }, + { + "name": "19538", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19538" + }, + { + "name": "20060417 [eVuln] Wire Plastik wpBlog SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431186/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5162.json b/2006/5xxx/CVE-2006-5162.json index 2cd2000c0b9..6b9abbe3012 100644 --- a/2006/5xxx/CVE-2006-5162.json +++ b/2006/5xxx/CVE-2006-5162.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5162", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "wininet.dll in Microsoft Internet Explorer 6.0 SP2 and earlier allows remote attackers to cause a denial of service (unhandled exception and crash) via a long Content-Type header, which triggers a stack overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5162", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060722 Microsoft Internet Explorer DOS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-07/0379.html" - }, - { - "name" : "2039", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2039" - }, - { - "name" : "19092", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19092" - }, - { - "name" : "ADV-2006-2917", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2917" - }, - { - "name" : "29129", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29129" - }, - { - "name" : "1683", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1683" - }, - { - "name" : "ie-wininet-dos(27900)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27900" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "wininet.dll in Microsoft Internet Explorer 6.0 SP2 and earlier allows remote attackers to cause a denial of service (unhandled exception and crash) via a long Content-Type header, which triggers a stack overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29129", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29129" + }, + { + "name": "ie-wininet-dos(27900)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27900" + }, + { + "name": "2039", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2039" + }, + { + "name": "ADV-2006-2917", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2917" + }, + { + "name": "20060722 Microsoft Internet Explorer DOS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0379.html" + }, + { + "name": "19092", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19092" + }, + { + "name": "1683", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1683" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5422.json b/2006/5xxx/CVE-2006-5422.json index 830eea6f322..68addfb859f 100644 --- a/2006/5xxx/CVE-2006-5422.json +++ b/2006/5xxx/CVE-2006-5422.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5422", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in calcul-page.php in Lodel (patchlodel) 0.7.3 allows remote attackers to execute arbitrary PHP code via a URL in the home parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5422", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061014 patchlodel-0.7.3 - Remote File Include Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=116104206220783&w=2" - }, - { - "name" : "20551", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20551" - }, - { - "name" : "ADV-2006-4082", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4082" - }, - { - "name" : "22429", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22429" - }, - { - "name" : "patchlodel-calcul-file-include(29606)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29606" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in calcul-page.php in Lodel (patchlodel) 0.7.3 allows remote attackers to execute arbitrary PHP code via a URL in the home parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4082", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4082" + }, + { + "name": "20551", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20551" + }, + { + "name": "22429", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22429" + }, + { + "name": "patchlodel-calcul-file-include(29606)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29606" + }, + { + "name": "20061014 patchlodel-0.7.3 - Remote File Include Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=116104206220783&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5993.json b/2006/5xxx/CVE-2006-5993.json index b1e9d1387c7..faad4202038 100644 --- a/2006/5xxx/CVE-2006-5993.json +++ b/2006/5xxx/CVE-2006-5993.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5993", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-5993", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0240.json b/2010/0xxx/CVE-2010-0240.json index 66e006ae277..16a47a7675a 100644 --- a/2010/0xxx/CVE-2010-0240.json +++ b/2010/0xxx/CVE-2010-0240.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0240", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka \"Header MDL Fragmentation Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-0240", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-009", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-009" - }, - { - "name" : "TA10-040A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-040A.html" - }, - { - "name" : "oval:org.mitre.oval:def:8400", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8400" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka \"Header MDL Fragmentation Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS10-009", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-009" + }, + { + "name": "TA10-040A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-040A.html" + }, + { + "name": "oval:org.mitre.oval:def:8400", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8400" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0353.json b/2010/0xxx/CVE-2010-0353.json index 2cf27ee8481..ef790d3c9df 100644 --- a/2010/0xxx/CVE-2010-0353.json +++ b/2010/0xxx/CVE-2010-0353.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0353", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0353", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0476.json b/2010/0xxx/CVE-2010-0476.json index d41570d9794..e540dcf418b 100644 --- a/2010/0xxx/CVE-2010-0476.json +++ b/2010/0xxx/CVE-2010-0476.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0476", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses (1) SMBv1 or (2) SMBv2, aka \"SMB Client Response Parsing Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-0476", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-020", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-020" - }, - { - "name" : "TA10-103A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-103A.html" - }, - { - "name" : "39336", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39336" - }, - { - "name" : "oval:org.mitre.oval:def:6918", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6918" - }, - { - "name" : "39372", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39372" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses (1) SMBv1 or (2) SMBv2, aka \"SMB Client Response Parsing Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39336", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39336" + }, + { + "name": "39372", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39372" + }, + { + "name": "MS10-020", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-020" + }, + { + "name": "oval:org.mitre.oval:def:6918", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6918" + }, + { + "name": "TA10-103A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-103A.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2657.json b/2010/2xxx/CVE-2010-2657.json index e21ecdbbe68..74e8c031e01 100644 --- a/2010/2xxx/CVE-2010-2657.json +++ b/2010/2xxx/CVE-2010-2657.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2657", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 10.60 on Windows and Mac OS X does not properly prevent certain double-click operations from running a program located on a web site, which allows user-assisted remote attackers to execute arbitrary code via a crafted web page that bypasses a dialog." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2657", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/mac/1060/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/1060/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/1060/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/1060/" - }, - { - "name" : "http://www.opera.com/support/search/view/957/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/support/search/view/957/" - }, - { - "name" : "oval:org.mitre.oval:def:11856", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11856" - }, - { - "name" : "40375", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40375" - }, - { - "name" : "ADV-2010-1664", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1664" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 10.60 on Windows and Mac OS X does not properly prevent certain double-click operations from running a program located on a web site, which allows user-assisted remote attackers to execute arbitrary code via a crafted web page that bypasses a dialog." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40375", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40375" + }, + { + "name": "http://www.opera.com/docs/changelogs/mac/1060/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/1060/" + }, + { + "name": "oval:org.mitre.oval:def:11856", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11856" + }, + { + "name": "http://www.opera.com/support/search/view/957/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/support/search/view/957/" + }, + { + "name": "ADV-2010-1664", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1664" + }, + { + "name": "http://www.opera.com/docs/changelogs/windows/1060/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/1060/" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2725.json b/2010/2xxx/CVE-2010-2725.json index bca165ff71c..c2c96bd269f 100644 --- a/2010/2xxx/CVE-2010-2725.json +++ b/2010/2xxx/CVE-2010-2725.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2725", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BarnOwl before 1.6.2 does not check the return code of calls to the (1) ZPending and (2) ZReceiveNotice functions in libzephyr, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2725", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://barnowl.mit.edu/wiki/release-notes/1.6.2", - "refsource" : "CONFIRM", - "url" : "http://barnowl.mit.edu/wiki/release-notes/1.6.2" - }, - { - "name" : "http://github.com/barnowl/barnowl/blob/barnowl-1.6.2/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://github.com/barnowl/barnowl/blob/barnowl-1.6.2/ChangeLog" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BarnOwl before 1.6.2 does not check the return code of calls to the (1) ZPending and (2) ZReceiveNotice functions in libzephyr, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://github.com/barnowl/barnowl/blob/barnowl-1.6.2/ChangeLog", + "refsource": "CONFIRM", + "url": "http://github.com/barnowl/barnowl/blob/barnowl-1.6.2/ChangeLog" + }, + { + "name": "http://barnowl.mit.edu/wiki/release-notes/1.6.2", + "refsource": "CONFIRM", + "url": "http://barnowl.mit.edu/wiki/release-notes/1.6.2" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3334.json b/2010/3xxx/CVE-2010-3334.json index cb646145959..656805b420f 100644 --- a/2010/3xxx/CVE-2010-3334.json +++ b/2010/3xxx/CVE-2010-3334.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3334", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka \"Office Art Drawing Records Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-3334", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101109 Secunia Research: Microsoft Office Drawing Shape Container Parsing Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514699/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2010-4/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2010-4/" - }, - { - "name" : "MS10-087", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-087" - }, - { - "name" : "TA10-313A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-313A.html" - }, - { - "name" : "44656", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44656" - }, - { - "name" : "oval:org.mitre.oval:def:11439", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11439" - }, - { - "name" : "1024705", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024705" - }, - { - "name" : "38521", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38521" - }, - { - "name" : "42144", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42144" - }, - { - "name" : "ADV-2010-2923", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2923" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka \"Office Art Drawing Records Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024705", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024705" + }, + { + "name": "oval:org.mitre.oval:def:11439", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11439" + }, + { + "name": "42144", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42144" + }, + { + "name": "20101109 Secunia Research: Microsoft Office Drawing Shape Container Parsing Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514699/100/0/threaded" + }, + { + "name": "38521", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38521" + }, + { + "name": "ADV-2010-2923", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2923" + }, + { + "name": "44656", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44656" + }, + { + "name": "http://secunia.com/secunia_research/2010-4/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2010-4/" + }, + { + "name": "MS10-087", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-087" + }, + { + "name": "TA10-313A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-313A.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3382.json b/2010/3xxx/CVE-2010-3382.json index 40753c69bc1..8501c176283 100644 --- a/2010/3xxx/CVE-2010-3382.json +++ b/2010/3xxx/CVE-2010-3382.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3382", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "tauex in Tuning and Analysis Utilities (TAU) 2.16.4 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3382", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598303", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598303" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "tauex in Tuning and Analysis Utilities (TAU) 2.16.4 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598303", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598303" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3704.json b/2010/3xxx/CVE-2010-3704.json index 33dc6ff5825..e3b4960a5d3 100644 --- a/2010/3xxx/CVE-2010-3704.json +++ b/2010/3xxx/CVE-2010-3704.json @@ -1,242 +1,242 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3704", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3704", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20101004 Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/10/04/6" - }, - { - "name" : "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch" - }, - { - "name" : "http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473", - "refsource" : "CONFIRM", - "url" : "http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=638960", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=638960" - }, - { - "name" : "http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html", - "refsource" : "CONFIRM", - "url" : "http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html" - }, - { - "name" : "DSA-2119", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2119" - }, - { - "name" : "DSA-2135", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2135" - }, - { - "name" : "FEDORA-2010-15857", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html" - }, - { - "name" : "FEDORA-2010-15911", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html" - }, - { - "name" : "FEDORA-2010-15981", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html" - }, - { - "name" : "FEDORA-2010-16662", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html" - }, - { - "name" : "FEDORA-2010-16705", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html" - }, - { - "name" : "FEDORA-2010-16744", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html" - }, - { - "name" : "MDVSA-2010:228", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:228" - }, - { - "name" : "MDVSA-2010:229", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:229" - }, - { - "name" : "MDVSA-2010:230", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:230" - }, - { - "name" : "MDVSA-2010:231", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:231" - }, - { - "name" : "MDVSA-2012:144", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144" - }, - { - "name" : "RHSA-2010:0749", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0749.html" - }, - { - "name" : "RHSA-2010:0751", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0751.html" - }, - { - "name" : "RHSA-2010:0752", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0752.html" - }, - { - "name" : "RHSA-2010:0753", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0753.html" - }, - { - "name" : "RHSA-2010:0859", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0859.html" - }, - { - "name" : "RHSA-2012:1201", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1201.html" - }, - { - "name" : "SSA:2010-324-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.571720" - }, - { - "name" : "SUSE-SR:2010:022", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html" - }, - { - "name" : "SUSE-SR:2010:024", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html" - }, - { - "name" : "USN-1005-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1005-1" - }, - { - "name" : "43841", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43841" - }, - { - "name" : "42141", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42141" - }, - { - "name" : "42397", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42397" - }, - { - "name" : "42357", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42357" - }, - { - "name" : "42691", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42691" - }, - { - "name" : "43079", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43079" - }, - { - "name" : "ADV-2010-2897", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2897" - }, - { - "name" : "ADV-2010-3097", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3097" - }, - { - "name" : "ADV-2011-0230", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0230" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2010-16662", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html" + }, + { + "name": "[oss-security] 20101004 Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/10/04/6" + }, + { + "name": "FEDORA-2010-15857", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html" + }, + { + "name": "RHSA-2010:0859", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0859.html" + }, + { + "name": "42357", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42357" + }, + { + "name": "MDVSA-2010:228", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:228" + }, + { + "name": "ADV-2011-0230", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0230" + }, + { + "name": "RHSA-2010:0752", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0752.html" + }, + { + "name": "http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html", + "refsource": "CONFIRM", + "url": "http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=638960", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=638960" + }, + { + "name": "MDVSA-2010:230", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:230" + }, + { + "name": "SUSE-SR:2010:022", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html" + }, + { + "name": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473", + "refsource": "CONFIRM", + "url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473" + }, + { + "name": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch", + "refsource": "CONFIRM", + "url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch" + }, + { + "name": "RHSA-2012:1201", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html" + }, + { + "name": "MDVSA-2010:231", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:231" + }, + { + "name": "FEDORA-2010-16705", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html" + }, + { + "name": "SSA:2010-324-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.571720" + }, + { + "name": "RHSA-2010:0751", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0751.html" + }, + { + "name": "42397", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42397" + }, + { + "name": "42141", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42141" + }, + { + "name": "FEDORA-2010-15911", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html" + }, + { + "name": "MDVSA-2012:144", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144" + }, + { + "name": "ADV-2010-3097", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3097" + }, + { + "name": "USN-1005-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1005-1" + }, + { + "name": "RHSA-2010:0749", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0749.html" + }, + { + "name": "FEDORA-2010-15981", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html" + }, + { + "name": "FEDORA-2010-16744", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html" + }, + { + "name": "ADV-2010-2897", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2897" + }, + { + "name": "42691", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42691" + }, + { + "name": "DSA-2119", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2119" + }, + { + "name": "SUSE-SR:2010:024", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html" + }, + { + "name": "MDVSA-2010:229", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:229" + }, + { + "name": "43841", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43841" + }, + { + "name": "DSA-2135", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2135" + }, + { + "name": "RHSA-2010:0753", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0753.html" + }, + { + "name": "43079", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43079" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3849.json b/2010/3xxx/CVE-2010-3849.json index dc520761e74..318b90b540f 100644 --- a/2010/3xxx/CVE-2010-3849.json +++ b/2010/3xxx/CVE-2010-3849.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3849", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a sendmsg call that specifies a NULL value for the remote address field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3849", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101207 Linux kernel exploit", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0086.html" - }, - { - "name" : "[oss-security] 20101129 kernel: Multiple vulnerabilities in AF_ECONET", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/11/30/1" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fa0e846494792e722d817b9d3d625a4ef4896c96", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fa0e846494792e722d817b9d3d625a4ef4896c96" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=644156", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=644156" - }, - { - "name" : "DSA-2126", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2126" - }, - { - "name" : "MDVSA-2010:257", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:257" - }, - { - "name" : "SUSE-SA:2011:005", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html" - }, - { - "name" : "SUSE-SA:2011:007", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" - }, - { - "name" : "SUSE-SA:2011:008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html" - }, - { - "name" : "USN-1023-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1023-1" - }, - { - "name" : "43056", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43056" - }, - { - "name" : "43291", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43291" - }, - { - "name" : "ADV-2011-0213", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0213" - }, - { - "name" : "ADV-2011-0298", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0298" - }, - { - "name" : "ADV-2011-0375", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0375" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a sendmsg call that specifies a NULL value for the remote address field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43056", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43056" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=644156", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=644156" + }, + { + "name": "20101207 Linux kernel exploit", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0086.html" + }, + { + "name": "SUSE-SA:2011:007", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" + }, + { + "name": "[oss-security] 20101129 kernel: Multiple vulnerabilities in AF_ECONET", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/11/30/1" + }, + { + "name": "ADV-2011-0298", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0298" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2" + }, + { + "name": "MDVSA-2010:257", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:257" + }, + { + "name": "SUSE-SA:2011:005", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html" + }, + { + "name": "ADV-2011-0375", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0375" + }, + { + "name": "USN-1023-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1023-1" + }, + { + "name": "SUSE-SA:2011:008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html" + }, + { + "name": "43291", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43291" + }, + { + "name": "ADV-2011-0213", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0213" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fa0e846494792e722d817b9d3d625a4ef4896c96", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fa0e846494792e722d817b9d3d625a4ef4896c96" + }, + { + "name": "DSA-2126", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2126" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4009.json b/2010/4xxx/CVE-2010-4009.json index f8fdc2eba49..f12df8ff0b6 100644 --- a/2010/4xxx/CVE-2010-4009.json +++ b/2010/4xxx/CVE-2010-4009.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4009", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-4009", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4447", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4447" - }, - { - "name" : "http://support.apple.com/kb/HT4581", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4581" - }, - { - "name" : "APPLE-SA-2010-12-07-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html" - }, - { - "name" : "APPLE-SA-2011-03-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html" - }, - { - "name" : "oval:org.mitre.oval:def:16218", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16218" - }, - { - "name" : "1024830", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024830" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2010-12-07-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html" + }, + { + "name": "APPLE-SA-2011-03-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html" + }, + { + "name": "oval:org.mitre.oval:def:16218", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16218" + }, + { + "name": "http://support.apple.com/kb/HT4447", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4447" + }, + { + "name": "1024830", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024830" + }, + { + "name": "http://support.apple.com/kb/HT4581", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4581" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4134.json b/2010/4xxx/CVE-2010-4134.json index 15dcd0fa3df..9db50714cd3 100644 --- a/2010/4xxx/CVE-2010-4134.json +++ b/2010/4xxx/CVE-2010-4134.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4134", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-4134", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4400.json b/2010/4xxx/CVE-2010-4400.json index 49294b0ad8d..6fc4182349a 100644 --- a/2010/4xxx/CVE-2010-4400.json +++ b/2010/4xxx/CVE-2010-4400.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4400", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in _rights.php in DynPG CMS 4.2.0 allows remote attackers to execute arbitrary SQL commands via the giveRights_UserId parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4400", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15646", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15646" - }, - { - "name" : "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt" - }, - { - "name" : "http://www.htbridge.ch/advisory/sql_injection_in_dynpg.html", - "refsource" : "MISC", - "url" : "http://www.htbridge.ch/advisory/sql_injection_in_dynpg.html" - }, - { - "name" : "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update&read_article=226", - "refsource" : "CONFIRM", - "url" : "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update&read_article=226" - }, - { - "name" : "45115", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45115" - }, - { - "name" : "69631", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/69631" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in _rights.php in DynPG CMS 4.2.0 allows remote attackers to execute arbitrary SQL commands via the giveRights_UserId parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update&read_article=226", + "refsource": "CONFIRM", + "url": "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update&read_article=226" + }, + { + "name": "45115", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45115" + }, + { + "name": "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt" + }, + { + "name": "http://www.htbridge.ch/advisory/sql_injection_in_dynpg.html", + "refsource": "MISC", + "url": "http://www.htbridge.ch/advisory/sql_injection_in_dynpg.html" + }, + { + "name": "69631", + "refsource": "OSVDB", + "url": "http://osvdb.org/69631" + }, + { + "name": "15646", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15646" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3143.json b/2014/3xxx/CVE-2014-3143.json index 3e8d861306b..763afde48e4 100644 --- a/2014/3xxx/CVE-2014-3143.json +++ b/2014/3xxx/CVE-2014-3143.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3143", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3143", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3371.json b/2014/3xxx/CVE-2014-3371.json index 4f1d85b7b3d..2ac81aff700 100644 --- a/2014/3xxx/CVE-2014-3371.json +++ b/2014/3xxx/CVE-2014-3371.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3371", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-3371", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3852.json b/2014/3xxx/CVE-2014-3852.json index 48e38fe859b..d4c6fcf1ae0 100644 --- a/2014/3xxx/CVE-2014-3852.json +++ b/2014/3xxx/CVE-2014-3852.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3852", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pyplate 0.08 does not include the HTTPOnly flag in a Set-Cookie header for the id cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3852", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140514 CVE request: Pyplate multiple vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/05/14/3" - }, - { - "name" : "[oss-security] 20140523 Re: CVE request: Pyplate multiple vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/05/23/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pyplate 0.08 does not include the HTTPOnly flag in a Set-Cookie header for the id cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140523 Re: CVE request: Pyplate multiple vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/05/23/1" + }, + { + "name": "[oss-security] 20140514 CVE request: Pyplate multiple vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/05/14/3" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3918.json b/2014/3xxx/CVE-2014-3918.json index c6f026159a7..ed7c1b68255 100644 --- a/2014/3xxx/CVE-2014-3918.json +++ b/2014/3xxx/CVE-2014-3918.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3918", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3918", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4334.json b/2014/4xxx/CVE-2014-4334.json index 2ad401743bc..4210c24ab33 100644 --- a/2014/4xxx/CVE-2014-4334.json +++ b/2014/4xxx/CVE-2014-4334.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4334", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Ubisoft Rayman Legends before 1.3.140380 allows remote attackers to execute arbitrary code via a long string in the \"second connection\" to TCP port 1001." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4334", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "33804", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/33804" - }, - { - "name" : "http://packetstormsecurity.com/files/127133/Ubisoft-Rayman-Legends-1.2.103716-Buffer-Overflow.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127133/Ubisoft-Rayman-Legends-1.2.103716-Buffer-Overflow.html" - }, - { - "name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5187.php", - "refsource" : "MISC", - "url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5187.php" - }, - { - "name" : "68080", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68080" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Ubisoft Rayman Legends before 1.3.140380 allows remote attackers to execute arbitrary code via a long string in the \"second connection\" to TCP port 1001." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5187.php", + "refsource": "MISC", + "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5187.php" + }, + { + "name": "68080", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68080" + }, + { + "name": "33804", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/33804" + }, + { + "name": "http://packetstormsecurity.com/files/127133/Ubisoft-Rayman-Legends-1.2.103716-Buffer-Overflow.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127133/Ubisoft-Rayman-Legends-1.2.103716-Buffer-Overflow.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4398.json b/2014/4xxx/CVE-2014-4398.json index 28ed4c8a773..91b83e6c282 100644 --- a/2014/4xxx/CVE-2014-4398.json +++ b/2014/4xxx/CVE-2014-4398.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4398", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4398", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://code.google.com/p/google-security-research/issues/detail?id=32", - "refsource" : "MISC", - "url" : "https://code.google.com/p/google-security-research/issues/detail?id=32" - }, - { - "name" : "http://support.apple.com/kb/HT6443", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6443" - }, - { - "name" : "69894", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69894" - }, - { - "name" : "1030868", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030868" - }, - { - "name" : "macosx-cve20144398-code-exec(96058)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96058" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "macosx-cve20144398-code-exec(96058)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96058" + }, + { + "name": "69894", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69894" + }, + { + "name": "https://code.google.com/p/google-security-research/issues/detail?id=32", + "refsource": "MISC", + "url": "https://code.google.com/p/google-security-research/issues/detail?id=32" + }, + { + "name": "1030868", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030868" + }, + { + "name": "http://support.apple.com/kb/HT6443", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6443" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4867.json b/2014/4xxx/CVE-2014-4867.json index 0f0b5e00ee4..3d09035cd72 100644 --- a/2014/4xxx/CVE-2014-4867.json +++ b/2014/4xxx/CVE-2014-4867.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4867", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cryoserver Security Appliance 7.3.x uses weak permissions for /etc/init.d/cryoserver, which allows local users to gain privileges by leveraging access to the support account and running the /bin/cryo-mgmt program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-4867", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#280844", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/280844" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cryoserver Security Appliance 7.3.x uses weak permissions for /etc/init.d/cryoserver, which allows local users to gain privileges by leveraging access to the support account and running the /bin/cryo-mgmt program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#280844", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/280844" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4961.json b/2014/4xxx/CVE-2014-4961.json index ab14f6f210b..63ffe709891 100644 --- a/2014/4xxx/CVE-2014-4961.json +++ b/2014/4xxx/CVE-2014-4961.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4961", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4961", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8374.json b/2014/8xxx/CVE-2014-8374.json index 3207855141d..771eb480111 100644 --- a/2014/8xxx/CVE-2014-8374.json +++ b/2014/8xxx/CVE-2014-8374.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8374", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8374", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8451.json b/2014/8xxx/CVE-2014-8451.json index 2e31d1c6a9b..0d60c94fe88 100644 --- a/2014/8xxx/CVE-2014-8451.json +++ b/2014/8xxx/CVE-2014-8451.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8451", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2014-8448." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2014-8451", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://helpx.adobe.com/security/products/reader/apsb14-28.html", - "refsource" : "CONFIRM", - "url" : "http://helpx.adobe.com/security/products/reader/apsb14-28.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2014-8448." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://helpx.adobe.com/security/products/reader/apsb14-28.html", + "refsource": "CONFIRM", + "url": "http://helpx.adobe.com/security/products/reader/apsb14-28.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8558.json b/2014/8xxx/CVE-2014-8558.json index 4e807616a4a..7f9832191c9 100644 --- a/2014/8xxx/CVE-2014-8558.json +++ b/2014/8xxx/CVE-2014-8558.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8558", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "JExperts Channel Platform 5.0.33_CCB allows remote authenticated users to bypass access restrictions via crafted action and key parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8558", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141106 CVE-2014-8558 - JExperts Tecnologia - Channel Software Escalation Access Issues", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Nov/10" - }, - { - "name" : "http://packetstormsecurity.com/files/129010/JExperts-Tecnologia-Channel-Software-Privilege-Escalation.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129010/JExperts-Tecnologia-Channel-Software-Privilege-Escalation.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "JExperts Channel Platform 5.0.33_CCB allows remote authenticated users to bypass access restrictions via crafted action and key parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141106 CVE-2014-8558 - JExperts Tecnologia - Channel Software Escalation Access Issues", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Nov/10" + }, + { + "name": "http://packetstormsecurity.com/files/129010/JExperts-Tecnologia-Channel-Software-Privilege-Escalation.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129010/JExperts-Tecnologia-Channel-Software-Privilege-Escalation.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8953.json b/2014/8xxx/CVE-2014-8953.json index eebac52993d..3665d5c0343 100644 --- a/2014/8xxx/CVE-2014-8953.json +++ b/2014/8xxx/CVE-2014-8953.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8953", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Php Scriptlerim Who's Who script allow remote attackers to hijack the authentication of administrators or requests that (1) add an admin account via a request to filepath/yonetim/plugin/adminsave.php or have unspecified impact via a request to (2) ayarsave.php, (3) uyesave.php, (4) slaytadd.php, or (5) slaytsave.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8953", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35129", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35129" - }, - { - "name" : "http://packetstormsecurity.com/files/129102/Whos-Who-Script-Cross-Site-Request-Forgery.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129102/Whos-Who-Script-Cross-Site-Request-Forgery.html" - }, - { - "name" : "whoswhoscript-multiple-csrf(98631)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98631" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Php Scriptlerim Who's Who script allow remote attackers to hijack the authentication of administrators or requests that (1) add an admin account via a request to filepath/yonetim/plugin/adminsave.php or have unspecified impact via a request to (2) ayarsave.php, (3) uyesave.php, (4) slaytadd.php, or (5) slaytsave.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/129102/Whos-Who-Script-Cross-Site-Request-Forgery.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129102/Whos-Who-Script-Cross-Site-Request-Forgery.html" + }, + { + "name": "35129", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35129" + }, + { + "name": "whoswhoscript-multiple-csrf(98631)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98631" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9268.json b/2014/9xxx/CVE-2014-9268.json index 531f520807c..d893dde3d16 100644 --- a/2014/9xxx/CVE-2014-9268.json +++ b/2014/9xxx/CVE-2014-9268.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9268", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AdView.AdViewer.1 ActiveX control in Autodesk Design Review (ADR) before 2013 Hotfix 1 allows remote attackers to execute arbitrary code via a crafted DWF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9268", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-402/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-402/" - }, - { - "name" : "http://knowledge.autodesk.com/support/design-review/downloads/caas/downloads/content/autodesk-design-review-2013-hotfix.html", - "refsource" : "CONFIRM", - "url" : "http://knowledge.autodesk.com/support/design-review/downloads/caas/downloads/content/autodesk-design-review-2013-hotfix.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AdView.AdViewer.1 ActiveX control in Autodesk Design Review (ADR) before 2013 Hotfix 1 allows remote attackers to execute arbitrary code via a crafted DWF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://knowledge.autodesk.com/support/design-review/downloads/caas/downloads/content/autodesk-design-review-2013-hotfix.html", + "refsource": "CONFIRM", + "url": "http://knowledge.autodesk.com/support/design-review/downloads/caas/downloads/content/autodesk-design-review-2013-hotfix.html" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-14-402/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-402/" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9271.json b/2014/9xxx/CVE-2014-9271.json index ffd5e46ad0f..456d2152171 100644 --- a/2014/9xxx/CVE-2014-9271.json +++ b/2014/9xxx/CVE-2014-9271.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9271", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in file_download.php in MantisBT before 1.2.18 allows remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extension, related to inline attachments, as demonstrated by a .swf.jpeg filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141201 CVE Request: Multiple XSS vulnerabilities in MantisBT", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q4/867" - }, - { - "name" : "[oss-security] 20141204 Re: CVE Request: Multiple XSS vulnerabilities in MantisBT", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q4/902" - }, - { - "name" : "[oss-security] 20141205 Re: CVE Request: Multiple XSS vulnerabilities in MantisBT", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q4/924" - }, - { - "name" : "https://github.com/mantisbt/mantisbt/commit/9fb8cf36f", - "refsource" : "CONFIRM", - "url" : "https://github.com/mantisbt/mantisbt/commit/9fb8cf36f" - }, - { - "name" : "https://www.mantisbt.org/bugs/view.php?id=17874", - "refsource" : "CONFIRM", - "url" : "https://www.mantisbt.org/bugs/view.php?id=17874" - }, - { - "name" : "DSA-3120", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3120" - }, - { - "name" : "62101", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62101" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in file_download.php in MantisBT before 1.2.18 allows remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extension, related to inline attachments, as demonstrated by a .swf.jpeg filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62101", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62101" + }, + { + "name": "[oss-security] 20141201 CVE Request: Multiple XSS vulnerabilities in MantisBT", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q4/867" + }, + { + "name": "https://www.mantisbt.org/bugs/view.php?id=17874", + "refsource": "CONFIRM", + "url": "https://www.mantisbt.org/bugs/view.php?id=17874" + }, + { + "name": "[oss-security] 20141204 Re: CVE Request: Multiple XSS vulnerabilities in MantisBT", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q4/902" + }, + { + "name": "[oss-security] 20141205 Re: CVE Request: Multiple XSS vulnerabilities in MantisBT", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q4/924" + }, + { + "name": "https://github.com/mantisbt/mantisbt/commit/9fb8cf36f", + "refsource": "CONFIRM", + "url": "https://github.com/mantisbt/mantisbt/commit/9fb8cf36f" + }, + { + "name": "DSA-3120", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3120" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9433.json b/2014/9xxx/CVE-2014-9433.json index 97246e92fa0..045f8f0d3b8 100644 --- a/2014/9xxx/CVE-2014-9433.json +++ b/2014/9xxx/CVE-2014-9433.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9433", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in cms/front_content.php in Contenido before 4.9.6, when advanced mod rewrite (AMR) is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) idart, (2) lang, or (3) idcat parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9433", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141224 Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534320/100/0/threaded" - }, - { - "name" : "20141224 Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/111" - }, - { - "name" : "http://sroesemann.blogspot.de/2014/12/report-for-advisory-sroeadv-2014-03.html", - "refsource" : "MISC", - "url" : "http://sroesemann.blogspot.de/2014/12/report-for-advisory-sroeadv-2014-03.html" - }, - { - "name" : "http://packetstormsecurity.com/files/129713/CMS-Contenido-4.9.5-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129713/CMS-Contenido-4.9.5-Cross-Site-Scripting.html" - }, - { - "name" : "http://www.contenido.org/de/cms/CONTENIDO/News/index-c-2044-3.html", - "refsource" : "CONFIRM", - "url" : "http://www.contenido.org/de/cms/CONTENIDO/News/index-c-2044-3.html" - }, - { - "name" : "61396", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61396" - }, - { - "name" : "contenido-frontcontent-xss(99497)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in cms/front_content.php in Contenido before 4.9.6, when advanced mod rewrite (AMR) is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) idart, (2) lang, or (3) idcat parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "61396", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61396" + }, + { + "name": "20141224 Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534320/100/0/threaded" + }, + { + "name": "20141224 Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/111" + }, + { + "name": "http://sroesemann.blogspot.de/2014/12/report-for-advisory-sroeadv-2014-03.html", + "refsource": "MISC", + "url": "http://sroesemann.blogspot.de/2014/12/report-for-advisory-sroeadv-2014-03.html" + }, + { + "name": "http://packetstormsecurity.com/files/129713/CMS-Contenido-4.9.5-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129713/CMS-Contenido-4.9.5-Cross-Site-Scripting.html" + }, + { + "name": "contenido-frontcontent-xss(99497)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99497" + }, + { + "name": "http://www.contenido.org/de/cms/CONTENIDO/News/index-c-2044-3.html", + "refsource": "CONFIRM", + "url": "http://www.contenido.org/de/cms/CONTENIDO/News/index-c-2044-3.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9770.json b/2014/9xxx/CVE-2014-9770.json index a244dde90cc..97cd14643b4 100644 --- a/2014/9xxx/CVE-2014-9770.json +++ b/2014/9xxx/CVE-2014-9770.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9770", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "tmpfiles.d/systemd.conf in systemd before 214 uses weak permissions for journal files under (1) /run/log/journal/%m and (2) /var/log/journal/%m, which allows local users to obtain sensitive information by reading these files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "ID": "CVE-2014-9770", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160408 CVE Request: systemd / journald created world readable journal files", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/04/08/14" - }, - { - "name" : "[oss-security] 20160408 Re: CVE Request: systemd / journald created world readable journal files", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/04/08/15" - }, - { - "name" : "https://bugzilla.suse.com/show_bug.cgi?id=972612", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.suse.com/show_bug.cgi?id=972612" - }, - { - "name" : "openSUSE-SU-2016:1101", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00044.html" - }, - { - "name" : "openSUSE-SU-2016:1414", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-05/msg00109.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "tmpfiles.d/systemd.conf in systemd before 214 uses weak permissions for journal files under (1) /run/log/journal/%m and (2) /var/log/journal/%m, which allows local users to obtain sensitive information by reading these files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160408 Re: CVE Request: systemd / journald created world readable journal files", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/04/08/15" + }, + { + "name": "[oss-security] 20160408 CVE Request: systemd / journald created world readable journal files", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/04/08/14" + }, + { + "name": "openSUSE-SU-2016:1414", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00109.html" + }, + { + "name": "openSUSE-SU-2016:1101", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00044.html" + }, + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=972612", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=972612" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9867.json b/2014/9xxx/CVE-2014-9867.json index 5f5fdfc3198..783e1c26701 100644 --- a/2014/9xxx/CVE-2014-9867.json +++ b/2014/9xxx/CVE-2014-9867.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9867", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate the number of streams, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749629 and Qualcomm internal bug CR514702." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2014-9867", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-08-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-08-01.html" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=322c518689a7f820165ca4c5d6b750b02ac34665", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=322c518689a7f820165ca4c5d6b750b02ac34665" - }, - { - "name" : "92219", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92219" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate the number of streams, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749629 and Qualcomm internal bug CR514702." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-08-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-08-01.html" + }, + { + "name": "92219", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92219" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=322c518689a7f820165ca4c5d6b750b02ac34665", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=322c518689a7f820165ca4c5d6b750b02ac34665" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2484.json b/2016/2xxx/CVE-2016-2484.json index 17c0b7311dc..5376fb41484 100644 --- a/2016/2xxx/CVE-2016-2484.json +++ b/2016/2xxx/CVE-2016-2484.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2484", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate OMX buffer sizes for the GSM and G711 codecs, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27793163." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-2484", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-06-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-06-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/frameworks/av/+/7cea5cb64b83d690fe02bc210bbdf08f5a87636f", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/av/+/7cea5cb64b83d690fe02bc210bbdf08f5a87636f" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate OMX buffer sizes for the GSM and G711 codecs, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27793163." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://android.googlesource.com/platform/frameworks/av/+/7cea5cb64b83d690fe02bc210bbdf08f5a87636f", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/av/+/7cea5cb64b83d690fe02bc210bbdf08f5a87636f" + }, + { + "name": "http://source.android.com/security/bulletin/2016-06-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-06-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2834.json b/2016/2xxx/CVE-2016-2834.json index bc3ec6376a1..6657408c061 100644 --- a/2016/2xxx/CVE-2016-2834.json +++ b/2016/2xxx/CVE-2016-2834.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2834", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2016-2834", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2016/mfsa2016-61.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2016/mfsa2016-61.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1206283", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1206283" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1221620", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1221620" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1241034", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1241034" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1241037", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1241037" - }, - { - "name" : "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.23_release_notes", - "refsource" : "CONFIRM", - "url" : "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.23_release_notes" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "DSA-3688", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3688" - }, - { - "name" : "RHSA-2016:2779", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2779.html" - }, - { - "name" : "openSUSE-SU-2016:1552", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html" - }, - { - "name" : "openSUSE-SU-2016:1557", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html" - }, - { - "name" : "SUSE-SU-2016:1691", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html" - }, - { - "name" : "USN-2993-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2993-1" - }, - { - "name" : "USN-3029-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3029-1" - }, - { - "name" : "91072", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91072" - }, - { - "name" : "1036057", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036057" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036057", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036057" + }, + { + "name": "DSA-3688", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3688" + }, + { + "name": "openSUSE-SU-2016:1557", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1241034", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1241034" + }, + { + "name": "RHSA-2016:2779", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-61.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-61.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1221620", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1221620" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.23_release_notes", + "refsource": "CONFIRM", + "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.23_release_notes" + }, + { + "name": "USN-3029-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3029-1" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1206283", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1206283" + }, + { + "name": "91072", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91072" + }, + { + "name": "openSUSE-SU-2016:1552", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html" + }, + { + "name": "USN-2993-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2993-1" + }, + { + "name": "SUSE-SU-2016:1691", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1241037", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1241037" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3114.json b/2016/3xxx/CVE-2016-3114.json index ed7e6807699..48489bae270 100644 --- a/2016/3xxx/CVE-2016-3114.json +++ b/2016/3xxx/CVE-2016-3114.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3114", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Kallithea before 0.3.2 allows remote authenticated users to edit or delete open pull requests or delete comments by leveraging read access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-3114", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160502 [SECURITY ISSUES] CVE-2016-3691 and CVE-2016-3114", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/05/02/3" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Kallithea before 0.3.2 allows remote authenticated users to edit or delete open pull requests or delete comments by leveraging read access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160502 [SECURITY ISSUES] CVE-2016-3691 and CVE-2016-3114", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/05/02/3" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3861.json b/2016/3xxx/CVE-2016-3861.json index 2e7cf9f9214..fa9e653cb9c 100644 --- a/2016/3xxx/CVE-2016-3861.json +++ b/2016/3xxx/CVE-2016-3861.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3861", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles conversions between Unicode character encodings with different encoding widths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted file, aka internal bug 29250543." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3861", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40354", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40354/" - }, - { - "name" : "http://source.android.com/security/bulletin/2016-09-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-09-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/frameworks/av/+/3944c65637dfed14a5a895685edfa4bacaf9f76e", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/av/+/3944c65637dfed14a5a895685edfa4bacaf9f76e" - }, - { - "name" : "https://android.googlesource.com/platform/frameworks/base/+/866dc26ad4a98cc835d075b627326e7d7e52ffa1", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/base/+/866dc26ad4a98cc835d075b627326e7d7e52ffa1" - }, - { - "name" : "https://android.googlesource.com/platform/frameworks/native/+/1f4b49e64adf4623eefda503bca61e253597b9bf", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/native/+/1f4b49e64adf4623eefda503bca61e253597b9bf" - }, - { - "name" : "https://android.googlesource.com/platform/system/core/+/ecf5fd58a8f50362ce9e8d4245a33d56f29f142b", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/system/core/+/ecf5fd58a8f50362ce9e8d4245a33d56f29f142b" - }, - { - "name" : "92811", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92811" - }, - { - "name" : "1036763", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036763" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles conversions between Unicode character encodings with different encoding widths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted file, aka internal bug 29250543." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://android.googlesource.com/platform/frameworks/native/+/1f4b49e64adf4623eefda503bca61e253597b9bf", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/native/+/1f4b49e64adf4623eefda503bca61e253597b9bf" + }, + { + "name": "http://source.android.com/security/bulletin/2016-09-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-09-01.html" + }, + { + "name": "https://android.googlesource.com/platform/frameworks/av/+/3944c65637dfed14a5a895685edfa4bacaf9f76e", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/av/+/3944c65637dfed14a5a895685edfa4bacaf9f76e" + }, + { + "name": "https://android.googlesource.com/platform/system/core/+/ecf5fd58a8f50362ce9e8d4245a33d56f29f142b", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/system/core/+/ecf5fd58a8f50362ce9e8d4245a33d56f29f142b" + }, + { + "name": "1036763", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036763" + }, + { + "name": "92811", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92811" + }, + { + "name": "https://android.googlesource.com/platform/frameworks/base/+/866dc26ad4a98cc835d075b627326e7d7e52ffa1", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/base/+/866dc26ad4a98cc835d075b627326e7d7e52ffa1" + }, + { + "name": "40354", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40354/" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6017.json b/2016/6xxx/CVE-2016-6017.json index 387c1c842e6..3e4ebe97c35 100644 --- a/2016/6xxx/CVE-2016-6017.json +++ b/2016/6xxx/CVE-2016-6017.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6017", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6017", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6161.json b/2016/6xxx/CVE-2016-6161.json index b8f292c7507..26219b2649d 100644 --- a/2016/6xxx/CVE-2016-6161.json +++ b/2016/6xxx/CVE-2016-6161.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6161", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2016-6161", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160705 CVE Request: libgd: global out of bounds read when encoding gif from malformed input with gd2togif", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/05/6" - }, - { - "name" : "[oss-security] 20160705 Re: CVE Request: libgd: global out of bounds read when encoding gif from malformed input with gd2togif", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/05/7" - }, - { - "name" : "https://github.com/libgd/libgd/issues/209", - "refsource" : "CONFIRM", - "url" : "https://github.com/libgd/libgd/issues/209" - }, - { - "name" : "DSA-3619", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3619" - }, - { - "name" : "openSUSE-SU-2016:2363", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html" - }, - { - "name" : "openSUSE-SU-2016:2117", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html" - }, - { - "name" : "USN-3030-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3030-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2016:2117", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html" + }, + { + "name": "https://github.com/libgd/libgd/issues/209", + "refsource": "CONFIRM", + "url": "https://github.com/libgd/libgd/issues/209" + }, + { + "name": "openSUSE-SU-2016:2363", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html" + }, + { + "name": "[oss-security] 20160705 CVE Request: libgd: global out of bounds read when encoding gif from malformed input with gd2togif", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/05/6" + }, + { + "name": "[oss-security] 20160705 Re: CVE Request: libgd: global out of bounds read when encoding gif from malformed input with gd2togif", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/05/7" + }, + { + "name": "DSA-3619", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3619" + }, + { + "name": "USN-3030-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3030-1" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6192.json b/2016/6xxx/CVE-2016-6192.json index 7d0a11f19b7..e0b5eceb0b9 100644 --- a/2016/6xxx/CVE-2016-6192.json +++ b/2016/6xxx/CVE-2016-6192.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6192", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6193." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6192", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160708-01-smartphone-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160708-01-smartphone-en" - }, - { - "name" : "91735", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91735" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6193." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160708-01-smartphone-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160708-01-smartphone-en" + }, + { + "name": "91735", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91735" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6263.json b/2016/6xxx/CVE-2016-6263.json index e172a9dccfe..2abd54df837 100644 --- a/2016/6xxx/CVE-2016-6263.json +++ b/2016/6xxx/CVE-2016-6263.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6263", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6263", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[help-libidn] 20160720 Libidn 1.33 released", - "refsource" : "MLIST", - "url" : "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html" - }, - { - "name" : "[oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/20/6" - }, - { - "name" : "[oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/21/4" - }, - { - "name" : "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555", - "refsource" : "CONFIRM", - "url" : "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555" - }, - { - "name" : "DSA-3658", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3658" - }, - { - "name" : "openSUSE-SU-2016:1924", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html" - }, - { - "name" : "openSUSE-SU-2016:2135", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html" - }, - { - "name" : "USN-3068-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3068-1" - }, - { - "name" : "92070", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92070" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/21/4" + }, + { + "name": "openSUSE-SU-2016:2135", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html" + }, + { + "name": "[oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/20/6" + }, + { + "name": "openSUSE-SU-2016:1924", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html" + }, + { + "name": "92070", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92070" + }, + { + "name": "DSA-3658", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3658" + }, + { + "name": "[help-libidn] 20160720 Libidn 1.33 released", + "refsource": "MLIST", + "url": "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html" + }, + { + "name": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555", + "refsource": "CONFIRM", + "url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555" + }, + { + "name": "USN-3068-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3068-1" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7063.json b/2016/7xxx/CVE-2016-7063.json index ec9410f45c8..0e9e5609a53 100644 --- a/2016/7xxx/CVE-2016-7063.json +++ b/2016/7xxx/CVE-2016-7063.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7063", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7063", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file