From 1274c1b3d2656459559e617e255793630a9ce8d2 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:54:59 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0204.json | 190 ++++++++-------- 2006/0xxx/CVE-2006-0338.json | 220 +++++++++---------- 2006/0xxx/CVE-2006-0858.json | 140 ++++++------ 2006/0xxx/CVE-2006-0956.json | 150 ++++++------- 2006/1xxx/CVE-2006-1029.json | 140 ++++++------ 2006/1xxx/CVE-2006-1791.json | 150 ++++++------- 2006/3xxx/CVE-2006-3115.json | 140 ++++++------ 2006/3xxx/CVE-2006-3749.json | 200 ++++++++--------- 2006/4xxx/CVE-2006-4157.json | 150 ++++++------- 2006/4xxx/CVE-2006-4199.json | 150 ++++++------- 2006/4xxx/CVE-2006-4519.json | 380 ++++++++++++++++---------------- 2006/4xxx/CVE-2006-4808.json | 270 +++++++++++------------ 2010/2xxx/CVE-2010-2238.json | 200 ++++++++--------- 2010/2xxx/CVE-2010-2301.json | 190 ++++++++-------- 2010/2xxx/CVE-2010-2336.json | 130 +++++------ 2010/2xxx/CVE-2010-2762.json | 230 ++++++++++---------- 2010/2xxx/CVE-2010-2786.json | 200 ++++++++--------- 2010/2xxx/CVE-2010-2864.json | 160 +++++++------- 2010/3xxx/CVE-2010-3089.json | 410 +++++++++++++++++------------------ 2010/3xxx/CVE-2010-3485.json | 120 +++++----- 2010/3xxx/CVE-2010-3798.json | 140 ++++++------ 2010/3xxx/CVE-2010-3834.json | 290 ++++++++++++------------- 2010/4xxx/CVE-2010-4243.json | 300 ++++++++++++------------- 2010/4xxx/CVE-2010-4856.json | 120 +++++----- 2010/4xxx/CVE-2010-4884.json | 140 ++++++------ 2010/4xxx/CVE-2010-4947.json | 120 +++++----- 2011/1xxx/CVE-2011-1571.json | 160 +++++++------- 2014/3xxx/CVE-2014-3487.json | 300 ++++++++++++------------- 2014/3xxx/CVE-2014-3766.json | 34 +-- 2014/3xxx/CVE-2014-3881.json | 140 ++++++------ 2014/7xxx/CVE-2014-7166.json | 34 +-- 2014/7xxx/CVE-2014-7595.json | 140 ++++++------ 2014/7xxx/CVE-2014-7906.json | 190 ++++++++-------- 2014/8xxx/CVE-2014-8342.json | 34 +-- 2014/8xxx/CVE-2014-8515.json | 120 +++++----- 2014/8xxx/CVE-2014-8818.json | 34 +-- 2014/9xxx/CVE-2014-9153.json | 130 +++++------ 2014/9xxx/CVE-2014-9879.json | 140 ++++++------ 2014/9xxx/CVE-2014-9952.json | 130 +++++------ 2016/2xxx/CVE-2016-2245.json | 120 +++++----- 2016/2xxx/CVE-2016-2595.json | 34 +-- 2016/2xxx/CVE-2016-2861.json | 140 ++++++------ 2016/6xxx/CVE-2016-6266.json | 130 +++++------ 2016/6xxx/CVE-2016-6312.json | 130 +++++------ 2016/6xxx/CVE-2016-6953.json | 140 ++++++------ 2016/7xxx/CVE-2016-7110.json | 130 +++++------ 2016/7xxx/CVE-2016-7592.json | 180 +++++++-------- 2017/5xxx/CVE-2017-5237.json | 130 +++++------ 48 files changed, 3875 insertions(+), 3875 deletions(-) diff --git a/2006/0xxx/CVE-2006-0204.json b/2006/0xxx/CVE-2006-0204.json index 2cc226290d5..fe03b2256a1 100644 --- a/2006/0xxx/CVE-2006-0204.json +++ b/2006/0xxx/CVE-2006-0204.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0204", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Wordcircle 2.17 allow remote attackers to inject arbitrary web script or HTML via (1) the \"Course name\" field in index.php when the frm parameter has the value \"mine\" and (2) possibly certain other fields in unspecified scripts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0204", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060112 [eVuln] Wordcircle Multiple SQL Injection & XSS Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/421746/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/28/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/28/summary.html" - }, - { - "name" : "16227", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16227" - }, - { - "name" : "ADV-2006-0185", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0185" - }, - { - "name" : "22359", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22359" - }, - { - "name" : "18440", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18440" - }, - { - "name" : "345", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/345" - }, - { - "name" : "wordcircle-index-xss(24106)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24106" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Wordcircle 2.17 allow remote attackers to inject arbitrary web script or HTML via (1) the \"Course name\" field in index.php when the frm parameter has the value \"mine\" and (2) possibly certain other fields in unspecified scripts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0185", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0185" + }, + { + "name": "wordcircle-index-xss(24106)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24106" + }, + { + "name": "22359", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22359" + }, + { + "name": "345", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/345" + }, + { + "name": "18440", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18440" + }, + { + "name": "16227", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16227" + }, + { + "name": "http://evuln.com/vulns/28/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/28/summary.html" + }, + { + "name": "20060112 [eVuln] Wordcircle Multiple SQL Injection & XSS Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/421746/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0338.json b/2006/0xxx/CVE-2006-0338.json index beba0afe45a..af6cf4ec267 100644 --- a/2006/0xxx/CVE-2006-0338.json +++ b/2006/0xxx/CVE-2006-0338.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0338", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allow remote attackers to hide arbitrary files and data via malformed (1) RAR and (2) ZIP archives, which are not properly scanned." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0338", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.f-secure.com/security/fsc-2006-1.shtml", - "refsource" : "CONFIRM", - "url" : "http://www.f-secure.com/security/fsc-2006-1.shtml" - }, - { - "name" : "Q-103", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/q-103.shtml" - }, - { - "name" : "16309", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16309" - }, - { - "name" : "ADV-2006-0257", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0257" - }, - { - "name" : "22633", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22633" - }, - { - "name" : "1015507", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015507" - }, - { - "name" : "1015508", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015508" - }, - { - "name" : "1015509", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015509" - }, - { - "name" : "1015510", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015510" - }, - { - "name" : "18529", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18529" - }, - { - "name" : "fsecure-rar-zip-scan-bypass(24199)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24199" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allow remote attackers to hide arbitrary files and data via malformed (1) RAR and (2) ZIP archives, which are not properly scanned." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.f-secure.com/security/fsc-2006-1.shtml", + "refsource": "CONFIRM", + "url": "http://www.f-secure.com/security/fsc-2006-1.shtml" + }, + { + "name": "fsecure-rar-zip-scan-bypass(24199)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24199" + }, + { + "name": "1015510", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015510" + }, + { + "name": "18529", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18529" + }, + { + "name": "22633", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22633" + }, + { + "name": "1015509", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015509" + }, + { + "name": "16309", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16309" + }, + { + "name": "Q-103", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/q-103.shtml" + }, + { + "name": "1015508", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015508" + }, + { + "name": "1015507", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015507" + }, + { + "name": "ADV-2006-0257", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0257" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0858.json b/2006/0xxx/CVE-2006-0858.json index 2c9a4f9c1cd..347a40c88ec 100644 --- a/2006/0xxx/CVE-2006-0858.json +++ b/2006/0xxx/CVE-2006-0858.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0858", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unquoted Windows search path vulnerability in (1) snsmcon.exe, (2) the autostartup mechanism, and (3) an unspecified installation component in StarForce Safe'n'Sec Personal + Anti-Spyware 2.0 and earlier, and possibly other StarForce Safe'n'Sec products, might allow local users to gain privileges via a malicious \"program\" file in the C: folder." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0858", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060219 [TZO-062006] Safe'nVulnerable", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/425504/100/0/threaded" - }, - { - "name" : "http://secdev.zoller.lu/research/safnsec.htm", - "refsource" : "MISC", - "url" : "http://secdev.zoller.lu/research/safnsec.htm" - }, - { - "name" : "16762", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16762" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unquoted Windows search path vulnerability in (1) snsmcon.exe, (2) the autostartup mechanism, and (3) an unspecified installation component in StarForce Safe'n'Sec Personal + Anti-Spyware 2.0 and earlier, and possibly other StarForce Safe'n'Sec products, might allow local users to gain privileges via a malicious \"program\" file in the C: folder." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16762", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16762" + }, + { + "name": "20060219 [TZO-062006] Safe'nVulnerable", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/425504/100/0/threaded" + }, + { + "name": "http://secdev.zoller.lu/research/safnsec.htm", + "refsource": "MISC", + "url": "http://secdev.zoller.lu/research/safnsec.htm" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0956.json b/2006/0xxx/CVE-2006-0956.json index b4e5edb8eb5..d911cc6521f 100644 --- a/2006/0xxx/CVE-2006-0956.json +++ b/2006/0xxx/CVE-2006-0956.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0956", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "nuauth in NuFW before 1.0.21 does not properly handle blocking TLS sockets, which allows remote authenticated users to cause a denial of service (service hang) by flooding packets at the authentication server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0956", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.nufw.org/+NuFW-1-21-minor-security-fix+.html", - "refsource" : "CONFIRM", - "url" : "http://www.nufw.org/+NuFW-1-21-minor-security-fix+.html" - }, - { - "name" : "16868", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16868" - }, - { - "name" : "ADV-2006-0762", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0762" - }, - { - "name" : "19046", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19046" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "nuauth in NuFW before 1.0.21 does not properly handle blocking TLS sockets, which allows remote authenticated users to cause a denial of service (service hang) by flooding packets at the authentication server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0762", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0762" + }, + { + "name": "19046", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19046" + }, + { + "name": "http://www.nufw.org/+NuFW-1-21-minor-security-fix+.html", + "refsource": "CONFIRM", + "url": "http://www.nufw.org/+NuFW-1-21-minor-security-fix+.html" + }, + { + "name": "16868", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16868" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1029.json b/2006/1xxx/CVE-2006-1029.json index b1737be6202..c01cc816da2 100644 --- a/2006/1xxx/CVE-2006-1029.json +++ b/2006/1xxx/CVE-2006-1029.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1029", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The cross-site scripting (XSS) countermeasures in class.inputfilter.php in Joomla! 1.0.7 allow remote attackers to cause a denial of service via a crafted mosmsg parameter to index.php with a malformed sequence of multiple tags, as demonstrated using \"<<>AAA<><>\", possibly due to nested or empty tags." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1029", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060302 JOOMLA CMS 1.0.7 DoS & path disclosing", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426538/100/0/threaded" - }, - { - "name" : "http://www.joomla.org/content/view/938/78/", - "refsource" : "MISC", - "url" : "http://www.joomla.org/content/view/938/78/" - }, - { - "name" : "23816", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23816" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The cross-site scripting (XSS) countermeasures in class.inputfilter.php in Joomla! 1.0.7 allow remote attackers to cause a denial of service via a crafted mosmsg parameter to index.php with a malformed sequence of multiple tags, as demonstrated using \"<<>AAA<><>\", possibly due to nested or empty tags." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060302 JOOMLA CMS 1.0.7 DoS & path disclosing", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426538/100/0/threaded" + }, + { + "name": "23816", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23816" + }, + { + "name": "http://www.joomla.org/content/view/938/78/", + "refsource": "MISC", + "url": "http://www.joomla.org/content/view/938/78/" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1791.json b/2006/1xxx/CVE-2006-1791.json index 3b266834b1a..8f9ee376ed6 100644 --- a/2006/1xxx/CVE-2006-1791.json +++ b/2006/1xxx/CVE-2006-1791.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1791", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in acc.php in QuickBlogger 1.4 allows remote attackers to read or include arbitrary local files via the request parameter. NOTE: this issue can also produce resultant XSS when the associated include statement fails." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1791", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060412 QuickBlogger v1.4 Cross-Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/430878/100/0/threaded" - }, - { - "name" : "20060414 Re: QuickBlogger v1.4 Cross-Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431059/100/0/threaded" - }, - { - "name" : "15942", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15942" - }, - { - "name" : "quickblogger-acc-xss(25795)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25795" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in acc.php in QuickBlogger 1.4 allows remote attackers to read or include arbitrary local files via the request parameter. NOTE: this issue can also produce resultant XSS when the associated include statement fails." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "quickblogger-acc-xss(25795)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25795" + }, + { + "name": "20060414 Re: QuickBlogger v1.4 Cross-Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431059/100/0/threaded" + }, + { + "name": "15942", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15942" + }, + { + "name": "20060412 QuickBlogger v1.4 Cross-Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/430878/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3115.json b/2006/3xxx/CVE-2006-3115.json index 46eada1186c..c87d9f47ec3 100644 --- a/2006/3xxx/CVE-2006-3115.json +++ b/2006/3xxx/CVE-2006-3115.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3115", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in view.php in phpRaid 3.0.4, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the raid_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2006-3115", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2006-47/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2006-47/advisory/" - }, - { - "name" : "20200", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20200" - }, - { - "name" : "phpraid-view-sql-injection(27457)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27457" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in view.php in phpRaid 3.0.4, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the raid_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://secunia.com/secunia_research/2006-47/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2006-47/advisory/" + }, + { + "name": "phpraid-view-sql-injection(27457)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27457" + }, + { + "name": "20200", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20200" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3749.json b/2006/3xxx/CVE-2006-3749.json index 08bc89d1bb2..7bae5288cc4 100644 --- a/2006/3xxx/CVE-2006-3749.json +++ b/2006/3xxx/CVE-2006-3749.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3749", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in sitemap.xml.php in Sitemap component (com_sitemap) 2.0.0 for Mambo 4.5.1 CMS, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3749", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060712 [ECHO_ADV_38$2006] Multiple Mambo/Joomla Component Remote File Include Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-07/0180.html" - }, - { - "name" : "http://advisories.echo.or.id/adv/adv38-matdhule-2006.txt", - "refsource" : "MISC", - "url" : "http://advisories.echo.or.id/adv/adv38-matdhule-2006.txt" - }, - { - "name" : "2028", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2028" - }, - { - "name" : "18991", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18991" - }, - { - "name" : "24592", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24592" - }, - { - "name" : "ADV-2006-2803", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2803" - }, - { - "name" : "21055", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21055" - }, - { - "name" : "1249", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1249" - }, - { - "name" : "sitemap-sitemapxml-file-include(27723)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27723" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in sitemap.xml.php in Sitemap component (com_sitemap) 2.0.0 for Mambo 4.5.1 CMS, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060712 [ECHO_ADV_38$2006] Multiple Mambo/Joomla Component Remote File Include Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0180.html" + }, + { + "name": "21055", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21055" + }, + { + "name": "sitemap-sitemapxml-file-include(27723)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27723" + }, + { + "name": "18991", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18991" + }, + { + "name": "24592", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24592" + }, + { + "name": "1249", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1249" + }, + { + "name": "2028", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2028" + }, + { + "name": "http://advisories.echo.or.id/adv/adv38-matdhule-2006.txt", + "refsource": "MISC", + "url": "http://advisories.echo.or.id/adv/adv38-matdhule-2006.txt" + }, + { + "name": "ADV-2006-2803", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2803" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4157.json b/2006/4xxx/CVE-2006-4157.json index 79844b35ec4..ad74a13161b 100644 --- a/2006/4xxx/CVE-2006-4157.json +++ b/2006/4xxx/CVE-2006-4157.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4157", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Yet another Bulletin Board (YaBB) allows remote attackers to inject arbitrary web script or HTML via the categories parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4157", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060810 Yabb XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/442817/100/0/threaded" - }, - { - "name" : "19460", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19460" - }, - { - "name" : "1016684", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016684" - }, - { - "name" : "yabb-index-script-xss(28324)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28324" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Yet another Bulletin Board (YaBB) allows remote attackers to inject arbitrary web script or HTML via the categories parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060810 Yabb XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/442817/100/0/threaded" + }, + { + "name": "19460", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19460" + }, + { + "name": "1016684", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016684" + }, + { + "name": "yabb-index-script-xss(28324)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28324" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4199.json b/2006/4xxx/CVE-2006-4199.json index 5b67ca78549..46756aa2d35 100644 --- a/2006/4xxx/CVE-2006-4199.json +++ b/2006/4xxx/CVE-2006-4199.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4199", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Soft3304 04WebServer 1.83 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page, a different vulnerability than CVE-2004-1512." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4199", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.soft3304.net/04WebServer/Security.html", - "refsource" : "CONFIRM", - "url" : "http://www.soft3304.net/04WebServer/Security.html" - }, - { - "name" : "19496", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19496" - }, - { - "name" : "21504", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21504" - }, - { - "name" : "04webserver-error-page-xss(28354)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28354" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Soft3304 04WebServer 1.83 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page, a different vulnerability than CVE-2004-1512." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19496", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19496" + }, + { + "name": "http://www.soft3304.net/04WebServer/Security.html", + "refsource": "CONFIRM", + "url": "http://www.soft3304.net/04WebServer/Security.html" + }, + { + "name": "04webserver-error-page-xss(28354)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28354" + }, + { + "name": "21504", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21504" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4519.json b/2006/4xxx/CVE-2006-4519.json index 3b56175f724..71b28fe07e4 100644 --- a/2006/4xxx/CVE-2006-4519.json +++ b/2006/4xxx/CVE-2006-4519.json @@ -1,192 +1,192 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4519", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4519", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070709 Multiple Vendor GIMP Multiple Integer Overflow Vulnerabilities", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=551" - }, - { - "name" : "20070801 FLEA-2007-0038-1 gimp", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/475257/100/0/threaded" - }, - { - "name" : "http://bugzilla.gnome.org/show_bug.cgi?id=451379", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.gnome.org/show_bug.cgi?id=451379" - }, - { - "name" : "http://developer.gimp.org/NEWS-2.2", - "refsource" : "CONFIRM", - "url" : "http://developer.gimp.org/NEWS-2.2" - }, - { - "name" : "http://issues.foresightlinux.org/browse/FL-457", - "refsource" : "CONFIRM", - "url" : "http://issues.foresightlinux.org/browse/FL-457" - }, - { - "name" : "DSA-1335", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1335" - }, - { - "name" : "GLSA-200707-09", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200707-09.xml" - }, - { - "name" : "MDKSA-2007:170", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:170" - }, - { - "name" : "RHSA-2007:0513", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0513.html" - }, - { - "name" : "USN-494-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-494-1" - }, - { - "name" : "24835", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24835" - }, - { - "name" : "42139", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42139" - }, - { - "name" : "42140", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42140" - }, - { - "name" : "42141", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42141" - }, - { - "name" : "42142", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42142" - }, - { - "name" : "42143", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42143" - }, - { - "name" : "42144", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42144" - }, - { - "name" : "42145", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42145" - }, - { - "name" : "oval:org.mitre.oval:def:10842", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10842" - }, - { - "name" : "ADV-2007-2471", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2471" - }, - { - "name" : "1018349", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018349" - }, - { - "name" : "26132", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26132" - }, - { - "name" : "26215", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26215" - }, - { - "name" : "26240", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26240" - }, - { - "name" : "26575", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26575" - }, - { - "name" : "26939", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26939" - }, - { - "name" : "gimp-plugins-code-execution(35308)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35308" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26132", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26132" + }, + { + "name": "ADV-2007-2471", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2471" + }, + { + "name": "20070801 FLEA-2007-0038-1 gimp", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/475257/100/0/threaded" + }, + { + "name": "gimp-plugins-code-execution(35308)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35308" + }, + { + "name": "42139", + "refsource": "OSVDB", + "url": "http://osvdb.org/42139" + }, + { + "name": "GLSA-200707-09", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200707-09.xml" + }, + { + "name": "oval:org.mitre.oval:def:10842", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10842" + }, + { + "name": "26240", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26240" + }, + { + "name": "26575", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26575" + }, + { + "name": "42140", + "refsource": "OSVDB", + "url": "http://osvdb.org/42140" + }, + { + "name": "USN-494-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-494-1" + }, + { + "name": "http://bugzilla.gnome.org/show_bug.cgi?id=451379", + "refsource": "CONFIRM", + "url": "http://bugzilla.gnome.org/show_bug.cgi?id=451379" + }, + { + "name": "http://developer.gimp.org/NEWS-2.2", + "refsource": "CONFIRM", + "url": "http://developer.gimp.org/NEWS-2.2" + }, + { + "name": "RHSA-2007:0513", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0513.html" + }, + { + "name": "20070709 Multiple Vendor GIMP Multiple Integer Overflow Vulnerabilities", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=551" + }, + { + "name": "42143", + "refsource": "OSVDB", + "url": "http://osvdb.org/42143" + }, + { + "name": "42145", + "refsource": "OSVDB", + "url": "http://osvdb.org/42145" + }, + { + "name": "24835", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24835" + }, + { + "name": "26215", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26215" + }, + { + "name": "1018349", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018349" + }, + { + "name": "42144", + "refsource": "OSVDB", + "url": "http://osvdb.org/42144" + }, + { + "name": "MDKSA-2007:170", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:170" + }, + { + "name": "42141", + "refsource": "OSVDB", + "url": "http://osvdb.org/42141" + }, + { + "name": "DSA-1335", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1335" + }, + { + "name": "26939", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26939" + }, + { + "name": "42142", + "refsource": "OSVDB", + "url": "http://osvdb.org/42142" + }, + { + "name": "http://issues.foresightlinux.org/browse/FL-457", + "refsource": "CONFIRM", + "url": "http://issues.foresightlinux.org/browse/FL-457" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4808.json b/2006/4xxx/CVE-2006-4808.json index 72c6340dbc5..13aae8fe5ae 100644 --- a/2006/4xxx/CVE-2006-4808.json +++ b/2006/4xxx/CVE-2006-4808.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4808", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TGA image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-4808", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.discontinuity.info/~rowan/pocs/libimlib2_pocs-1.2.0-2.2.tar.gz", - "refsource" : "MISC", - "url" : "http://www.discontinuity.info/~rowan/pocs/libimlib2_pocs-1.2.0-2.2.tar.gz" - }, - { - "name" : "GLSA-200612-20", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200612-20.xml" - }, - { - "name" : "MDKSA-2006:198", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:198" - }, - { - "name" : "MDKSA-2007:156", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:156" - }, - { - "name" : "SUSE-SR:2006:026", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_26_sr.html" - }, - { - "name" : "USN-376-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-376-1" - }, - { - "name" : "USN-376-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-376-2" - }, - { - "name" : "20903", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20903" - }, - { - "name" : "ADV-2006-4349", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4349" - }, - { - "name" : "30103", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30103" - }, - { - "name" : "22732", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22732" - }, - { - "name" : "22744", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22744" - }, - { - "name" : "22752", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22752" - }, - { - "name" : "23441", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23441" - }, - { - "name" : "22932", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22932" - }, - { - "name" : "imlib2-loadertgac-bo(30068)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30068" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TGA image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "imlib2-loadertgac-bo(30068)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30068" + }, + { + "name": "22932", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22932" + }, + { + "name": "MDKSA-2007:156", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:156" + }, + { + "name": "22752", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22752" + }, + { + "name": "MDKSA-2006:198", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:198" + }, + { + "name": "SUSE-SR:2006:026", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_26_sr.html" + }, + { + "name": "20903", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20903" + }, + { + "name": "http://www.discontinuity.info/~rowan/pocs/libimlib2_pocs-1.2.0-2.2.tar.gz", + "refsource": "MISC", + "url": "http://www.discontinuity.info/~rowan/pocs/libimlib2_pocs-1.2.0-2.2.tar.gz" + }, + { + "name": "USN-376-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-376-2" + }, + { + "name": "GLSA-200612-20", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200612-20.xml" + }, + { + "name": "ADV-2006-4349", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4349" + }, + { + "name": "23441", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23441" + }, + { + "name": "30103", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30103" + }, + { + "name": "22732", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22732" + }, + { + "name": "22744", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22744" + }, + { + "name": "USN-376-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-376-1" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2238.json b/2010/2xxx/CVE-2010-2238.json index 07d7faec048..b9b9f27aa83 100644 --- a/2010/2xxx/CVE-2010-2238.json +++ b/2010/2xxx/CVE-2010-2238.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2238", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2238", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://libvirt.org/news.html", - "refsource" : "MISC", - "url" : "http://libvirt.org/news.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=607811", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=607811" - }, - { - "name" : "FEDORA-2010-10960", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html" - }, - { - "name" : "FEDORA-2010-11021", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html" - }, - { - "name" : "SUSE-SR:2010:017", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" - }, - { - "name" : "USN-1008-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1008-1" - }, - { - "name" : "USN-1008-2", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1008-2" - }, - { - "name" : "USN-1008-3", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1008-3" - }, - { - "name" : "ADV-2010-2763", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2763" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2010-10960", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html" + }, + { + "name": "USN-1008-2", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1008-2" + }, + { + "name": "FEDORA-2010-11021", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=607811", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=607811" + }, + { + "name": "http://libvirt.org/news.html", + "refsource": "MISC", + "url": "http://libvirt.org/news.html" + }, + { + "name": "USN-1008-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1008-1" + }, + { + "name": "SUSE-SR:2010:017", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" + }, + { + "name": "USN-1008-3", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1008-3" + }, + { + "name": "ADV-2010-2763", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2763" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2301.json b/2010/2xxx/CVE-2010-2301.json index 8c49049f3b4..8a0817ca253 100644 --- a/2010/2xxx/CVE-2010-2301.json +++ b/2010/2xxx/CVE-2010-2301.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2301", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in editing/markup.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to inject arbitrary web script or HTML via vectors related to the node.innerHTML property of a TEXTAREA element. NOTE: this might overlap CVE-2010-1762." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2301", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=43902", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=43902" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html" - }, - { - "name" : "https://bugs.webkit.org/show_bug.cgi?id=38922", - "refsource" : "CONFIRM", - "url" : "https://bugs.webkit.org/show_bug.cgi?id=38922" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "oval:org.mitre.oval:def:11861", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11861" - }, - { - "name" : "40072", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40072" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in editing/markup.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to inject arbitrary web script or HTML via vectors related to the node.innerHTML property of a TEXTAREA element. NOTE: this might overlap CVE-2010-1762." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=43902", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=43902" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "40072", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40072" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "https://bugs.webkit.org/show_bug.cgi?id=38922", + "refsource": "CONFIRM", + "url": "https://bugs.webkit.org/show_bug.cgi?id=38922" + }, + { + "name": "oval:org.mitre.oval:def:11861", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11861" + }, + { + "name": "http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2336.json b/2010/2xxx/CVE-2010-2336.json index 6f9bd7c5ec0..18ecdb238ef 100644 --- a/2010/2xxx/CVE-2010-2336.json +++ b/2010/2xxx/CVE-2010-2336.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2336", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "index.php in Yamamah Photo Gallery 1.00 allows remote attackers to obtain the source code of executable files within the web document root via the download parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2336", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "13845", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/13845" - }, - { - "name" : "http://www.yamamah.org/home/?page=39", - "refsource" : "MISC", - "url" : "http://www.yamamah.org/home/?page=39" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "index.php in Yamamah Photo Gallery 1.00 allows remote attackers to obtain the source code of executable files within the web document root via the download parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13845", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/13845" + }, + { + "name": "http://www.yamamah.org/home/?page=39", + "refsource": "MISC", + "url": "http://www.yamamah.org/home/?page=39" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2762.json b/2010/2xxx/CVE-2010-2762.json index 2fcec386359..c9918f14425 100644 --- a/2010/2xxx/CVE-2010-2762.json +++ b/2010/2xxx/CVE-2010-2762.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2762", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to a chrome privileged object and a chain ending in an outer object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2762", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-59.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-59.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=584180", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=584180" - }, - { - "name" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", - "refsource" : "CONFIRM", - "url" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100112690", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100112690" - }, - { - "name" : "MDVSA-2010:173", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:173" - }, - { - "name" : "SUSE-SA:2010:049", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html" - }, - { - "name" : "43092", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43092" - }, - { - "name" : "oval:org.mitre.oval:def:11492", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11492" - }, - { - "name" : "42867", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42867" - }, - { - "name" : "ADV-2010-2323", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2323" - }, - { - "name" : "ADV-2011-0061", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0061" - }, - { - "name" : "firefox-sjow-code-exec(61656)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61656" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to a chrome privileged object and a chain ending in an outer object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=584180", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=584180" + }, + { + "name": "SUSE-SA:2010:049", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html" + }, + { + "name": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", + "refsource": "CONFIRM", + "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100112690", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100112690" + }, + { + "name": "42867", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42867" + }, + { + "name": "ADV-2011-0061", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0061" + }, + { + "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-59.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-59.html" + }, + { + "name": "MDVSA-2010:173", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:173" + }, + { + "name": "ADV-2010-2323", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2323" + }, + { + "name": "firefox-sjow-code-exec(61656)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61656" + }, + { + "name": "43092", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43092" + }, + { + "name": "oval:org.mitre.oval:def:11492", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11492" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2786.json b/2010/2xxx/CVE-2010-2786.json index b6a795545da..383463fd0ae 100644 --- a/2010/2xxx/CVE-2010-2786.json +++ b/2010/2xxx/CVE-2010-2786.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2786", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Piwik 0.6 through 0.6.3 allows remote attackers to include arbitrary local files and possibly have unspecified other impact via directory traversal sequences in a crafted data-renderer request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2786", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100728 CVE Request: Piwik < 0.6.4 Arbitrary file inclusion", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=128032989120346&w=2" - }, - { - "name" : "[oss-security] 20100729 Re: CVE Request: Piwik < 0.6.4 Arbitrary file inclusion", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=128041221832498&w=2" - }, - { - "name" : "http://piwik.org/blog/2010/07/piwik-0-6-4-security-advisory/", - "refsource" : "CONFIRM", - "url" : "http://piwik.org/blog/2010/07/piwik-0-6-4-security-advisory/" - }, - { - "name" : "http://piwik.org/changelog/", - "refsource" : "CONFIRM", - "url" : "http://piwik.org/changelog/" - }, - { - "name" : "42031", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42031" - }, - { - "name" : "66759", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/66759" - }, - { - "name" : "40703", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40703" - }, - { - "name" : "ADV-2010-1971", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1971" - }, - { - "name" : "piwik-data-renderer-file-include(60808)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60808" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Piwik 0.6 through 0.6.3 allows remote attackers to include arbitrary local files and possibly have unspecified other impact via directory traversal sequences in a crafted data-renderer request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://piwik.org/blog/2010/07/piwik-0-6-4-security-advisory/", + "refsource": "CONFIRM", + "url": "http://piwik.org/blog/2010/07/piwik-0-6-4-security-advisory/" + }, + { + "name": "http://piwik.org/changelog/", + "refsource": "CONFIRM", + "url": "http://piwik.org/changelog/" + }, + { + "name": "[oss-security] 20100729 Re: CVE Request: Piwik < 0.6.4 Arbitrary file inclusion", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=128041221832498&w=2" + }, + { + "name": "66759", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/66759" + }, + { + "name": "ADV-2010-1971", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1971" + }, + { + "name": "[oss-security] 20100728 CVE Request: Piwik < 0.6.4 Arbitrary file inclusion", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=128032989120346&w=2" + }, + { + "name": "42031", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42031" + }, + { + "name": "piwik-data-renderer-file-include(60808)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60808" + }, + { + "name": "40703", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40703" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2864.json b/2010/2xxx/CVE-2010-2864.json index 5915ce4abf1..c5b5ec16e35 100644 --- a/2010/2xxx/CVE-2010-2864.json +++ b/2010/2xxx/CVE-2010-2864.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2864", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x24C6 of a certain file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-2864", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100825 Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-2864", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/513334/100/0/threaded" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-20.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-20.html" - }, - { - "name" : "oval:org.mitre.oval:def:11913", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11913" - }, - { - "name" : "1024361", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024361" - }, - { - "name" : "ADV-2010-2176", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2176" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x24C6 of a certain file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024361", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024361" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-20.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html" + }, + { + "name": "20100825 Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-2864", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/513334/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:11913", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11913" + }, + { + "name": "ADV-2010-2176", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2176" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3089.json b/2010/3xxx/CVE-2010-3089.json index f8f04c04e5c..c3dcb68aa98 100644 --- a/2010/3xxx/CVE-2010-3089.json +++ b/2010/3xxx/CVE-2010-3089.json @@ -1,207 +1,207 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3089", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3089", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[mailman-announce] 20100905 Mailman security patch.", - "refsource" : "MLIST", - "url" : "http://mail.python.org/pipermail/mailman-announce/2010-September/000150.html" - }, - { - "name" : "[mailman-announce] 20100909 Mailman security patch.", - "refsource" : "MLIST", - "url" : "http://mail.python.org/pipermail/mailman-announce/2010-September/000151.html" - }, - { - "name" : "[oss-security] 20100913 CVE Request: mailman", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=128438736513097&w=2" - }, - { - "name" : "[oss-security] 20100913 Re: CVE Request: mailman", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=128441369020123&w=2" - }, - { - "name" : "[oss-security] 20100913 Re: CVE Request: mailman", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=128441237618793&w=2" - }, - { - "name" : "[oss-security] 20100913 Re: CVE Request: mailman", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=128441135117819&w=2" - }, - { - "name" : "[oss-security] 20100913 Re: CVE Request: mailman", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=128440851513718&w=2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=631859", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=631859" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=631881", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=631881" - }, - { - "name" : "https://launchpad.net/mailman/+milestone/2.1.14rc1", - "refsource" : "CONFIRM", - "url" : "https://launchpad.net/mailman/+milestone/2.1.14rc1" - }, - { - "name" : "http://support.apple.com/kb/HT4581", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4581" - }, - { - "name" : "APPLE-SA-2011-03-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html" - }, - { - "name" : "DSA-2170", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2170" - }, - { - "name" : "FEDORA-2010-14834", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052312.html" - }, - { - "name" : "FEDORA-2010-14877", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052297.html" - }, - { - "name" : "RHSA-2011:0307", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0307.html" - }, - { - "name" : "RHSA-2011:0308", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0308.html" - }, - { - "name" : "SUSE-SR:2011:009", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html" - }, - { - "name" : "openSUSE-SU-2011:0424", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2011-05/msg00000.html" - }, - { - "name" : "USN-1069-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1069-1" - }, - { - "name" : "41265", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41265" - }, - { - "name" : "42502", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42502" - }, - { - "name" : "43294", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43294" - }, - { - "name" : "43425", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43425" - }, - { - "name" : "43549", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43549" - }, - { - "name" : "43580", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43580" - }, - { - "name" : "ADV-2010-3271", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3271" - }, - { - "name" : "ADV-2011-0436", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0436" - }, - { - "name" : "ADV-2011-0460", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0460" - }, - { - "name" : "ADV-2011-0542", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0542" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20100913 CVE Request: mailman", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=128438736513097&w=2" + }, + { + "name": "RHSA-2011:0307", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0307.html" + }, + { + "name": "[oss-security] 20100913 Re: CVE Request: mailman", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=128441369020123&w=2" + }, + { + "name": "FEDORA-2010-14877", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052297.html" + }, + { + "name": "43294", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43294" + }, + { + "name": "SUSE-SR:2011:009", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html" + }, + { + "name": "ADV-2011-0460", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0460" + }, + { + "name": "openSUSE-SU-2011:0424", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00000.html" + }, + { + "name": "DSA-2170", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2170" + }, + { + "name": "FEDORA-2010-14834", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052312.html" + }, + { + "name": "42502", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42502" + }, + { + "name": "[oss-security] 20100913 Re: CVE Request: mailman", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=128441135117819&w=2" + }, + { + "name": "https://launchpad.net/mailman/+milestone/2.1.14rc1", + "refsource": "CONFIRM", + "url": "https://launchpad.net/mailman/+milestone/2.1.14rc1" + }, + { + "name": "USN-1069-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1069-1" + }, + { + "name": "RHSA-2011:0308", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0308.html" + }, + { + "name": "APPLE-SA-2011-03-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html" + }, + { + "name": "[oss-security] 20100913 Re: CVE Request: mailman", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=128440851513718&w=2" + }, + { + "name": "41265", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41265" + }, + { + "name": "ADV-2011-0436", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0436" + }, + { + "name": "[mailman-announce] 20100909 Mailman security patch.", + "refsource": "MLIST", + "url": "http://mail.python.org/pipermail/mailman-announce/2010-September/000151.html" + }, + { + "name": "ADV-2010-3271", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3271" + }, + { + "name": "[oss-security] 20100913 Re: CVE Request: mailman", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=128441237618793&w=2" + }, + { + "name": "43425", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43425" + }, + { + "name": "ADV-2011-0542", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0542" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=631881", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=631881" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=631859", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=631859" + }, + { + "name": "43580", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43580" + }, + { + "name": "[mailman-announce] 20100905 Mailman security patch.", + "refsource": "MLIST", + "url": "http://mail.python.org/pipermail/mailman-announce/2010-September/000150.html" + }, + { + "name": "43549", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43549" + }, + { + "name": "http://support.apple.com/kb/HT4581", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4581" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3485.json b/2010/3xxx/CVE-2010-3485.json index 8a860a75b7b..e57d24b4d56 100644 --- a/2010/3xxx/CVE-2010-3485.json +++ b/2010/3xxx/CVE-2010-3485.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3485", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the userhandle cookie to LightNEasy.php, a different vector than CVE-2008-6593. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3485", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41502", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41502" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the userhandle cookie to LightNEasy.php, a different vector than CVE-2008-6593. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41502", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41502" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3798.json b/2010/3xxx/CVE-2010-3798.json index ab065aba988..3d53b0437bb 100644 --- a/2010/3xxx/CVE-2010-3798.json +++ b/2010/3xxx/CVE-2010-3798.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3798", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in xar in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted xar archive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-3798", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4435", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4435" - }, - { - "name" : "APPLE-SA-2010-11-10-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" - }, - { - "name" : "1024723", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024723" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in xar in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted xar archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024723", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024723" + }, + { + "name": "http://support.apple.com/kb/HT4435", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4435" + }, + { + "name": "APPLE-SA-2010-11-10-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3834.json b/2010/3xxx/CVE-2010-3834.json index 2858fbcbee0..ad17d761027 100644 --- a/2010/3xxx/CVE-2010-3834.json +++ b/2010/3xxx/CVE-2010-3834.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3834", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to \"materializing a derived table that required a temporary table for grouping\" and \"user variable assignments.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3834", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.mysql.com/bug.php?id=55568", - "refsource" : "MISC", - "url" : "http://bugs.mysql.com/bug.php?id=55568" - }, - { - "name" : "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html", - "refsource" : "CONFIRM", - "url" : "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html" - }, - { - "name" : "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html", - "refsource" : "CONFIRM", - "url" : "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html" - }, - { - "name" : "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html", - "refsource" : "CONFIRM", - "url" : "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=640808", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=640808" - }, - { - "name" : "http://support.apple.com/kb/HT4723", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4723" - }, - { - "name" : "APPLE-SA-2011-06-23-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html" - }, - { - "name" : "DSA-2143", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2143" - }, - { - "name" : "MDVSA-2010:222", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:222" - }, - { - "name" : "MDVSA-2010:223", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:223" - }, - { - "name" : "TLSA-2011-3", - "refsource" : "TURBO", - "url" : "http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt" - }, - { - "name" : "USN-1017-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1017-1" - }, - { - "name" : "USN-1397-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1397-1" - }, - { - "name" : "43676", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43676" - }, - { - "name" : "42875", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42875" - }, - { - "name" : "ADV-2011-0105", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0105" - }, - { - "name" : "ADV-2011-0345", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0345" - }, - { - "name" : "mysql-derived-table-dos(64844)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64844" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to \"materializing a derived table that required a temporary table for grouping\" and \"user variable assignments.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html", + "refsource": "CONFIRM", + "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html" + }, + { + "name": "mysql-derived-table-dos(64844)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64844" + }, + { + "name": "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html", + "refsource": "CONFIRM", + "url": "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html" + }, + { + "name": "USN-1397-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1397-1" + }, + { + "name": "http://support.apple.com/kb/HT4723", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4723" + }, + { + "name": "42875", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42875" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=640808", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=640808" + }, + { + "name": "USN-1017-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1017-1" + }, + { + "name": "APPLE-SA-2011-06-23-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html" + }, + { + "name": "TLSA-2011-3", + "refsource": "TURBO", + "url": "http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt" + }, + { + "name": "ADV-2011-0105", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0105" + }, + { + "name": "MDVSA-2010:222", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:222" + }, + { + "name": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html", + "refsource": "CONFIRM", + "url": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html" + }, + { + "name": "DSA-2143", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2143" + }, + { + "name": "43676", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43676" + }, + { + "name": "ADV-2011-0345", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0345" + }, + { + "name": "http://bugs.mysql.com/bug.php?id=55568", + "refsource": "MISC", + "url": "http://bugs.mysql.com/bug.php?id=55568" + }, + { + "name": "MDVSA-2010:223", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:223" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4243.json b/2010/4xxx/CVE-2010-4243.json index 9ff80392aca..bd888573fec 100644 --- a/2010/4xxx/CVE-2010-4243.json +++ b/2010/4xxx/CVE-2010-4243.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4243", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an \"OOM dodging issue,\" a related issue to CVE-2010-3858." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-4243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/520102/100/0/threaded" - }, - { - "name" : "15619", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15619" - }, - { - "name" : "[linux-kernel] 20100827 [PATCH] exec argument expansion can inappropriately trigger OOM-killer", - "refsource" : "MLIST", - "url" : "http://lkml.org/lkml/2010/8/27/429" - }, - { - "name" : "[linux-kernel] 20100830 Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer", - "refsource" : "MLIST", - "url" : "http://lkml.org/lkml/2010/8/29/206" - }, - { - "name" : "[linux-kernel] 20100830 Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer", - "refsource" : "MLIST", - "url" : "http://lkml.org/lkml/2010/8/30/138" - }, - { - "name" : "[linux-kernel] 20100830 Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer", - "refsource" : "MLIST", - "url" : "http://lkml.org/lkml/2010/8/30/378" - }, - { - "name" : "[linux-kernel] 20101130 [PATCH 1/2] exec: make argv/envp memory visible to oom-killer", - "refsource" : "MLIST", - "url" : "http://linux.derkeiler.com/Mailing-Lists/Kernel/2010-11/msg13278.html" - }, - { - "name" : "[oss-security] 20101122 CVE request: kernel: mm: mem allocated invisible to oom_kill() when not attached to any threads", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/11/22/6" - }, - { - "name" : "[oss-security] 20101122 Re: CVE request: kernel: mm: mem allocated invisible to oom_kill() when not attached to any threads", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/11/22/15" - }, - { - "name" : "http://grsecurity.net/~spender/64bit_dos.c", - "refsource" : "MISC", - "url" : "http://grsecurity.net/~spender/64bit_dos.c" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3c77f845722158206a7209c45ccddc264d19319c", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3c77f845722158206a7209c45ccddc264d19319c" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=625688", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=625688" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" - }, - { - "name" : "RHSA-2011:0017", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0017.html" - }, - { - "name" : "45004", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45004" - }, - { - "name" : "42884", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42884" - }, - { - "name" : "46397", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46397" - }, - { - "name" : "linux-kernel-execve-dos(64700)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64700" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an \"OOM dodging issue,\" a related issue to CVE-2010-3858." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20101122 CVE request: kernel: mm: mem allocated invisible to oom_kill() when not attached to any threads", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/11/22/6" + }, + { + "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded" + }, + { + "name": "RHSA-2011:0017", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0017.html" + }, + { + "name": "46397", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46397" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=625688", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=625688" + }, + { + "name": "linux-kernel-execve-dos(64700)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64700" + }, + { + "name": "[linux-kernel] 20100830 Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer", + "refsource": "MLIST", + "url": "http://lkml.org/lkml/2010/8/30/378" + }, + { + "name": "15619", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15619" + }, + { + "name": "[linux-kernel] 20101130 [PATCH 1/2] exec: make argv/envp memory visible to oom-killer", + "refsource": "MLIST", + "url": "http://linux.derkeiler.com/Mailing-Lists/Kernel/2010-11/msg13278.html" + }, + { + "name": "[oss-security] 20101122 Re: CVE request: kernel: mm: mem allocated invisible to oom_kill() when not attached to any threads", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/11/22/15" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" + }, + { + "name": "42884", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42884" + }, + { + "name": "[linux-kernel] 20100827 [PATCH] exec argument expansion can inappropriately trigger OOM-killer", + "refsource": "MLIST", + "url": "http://lkml.org/lkml/2010/8/27/429" + }, + { + "name": "[linux-kernel] 20100830 Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer", + "refsource": "MLIST", + "url": "http://lkml.org/lkml/2010/8/30/138" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3c77f845722158206a7209c45ccddc264d19319c", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3c77f845722158206a7209c45ccddc264d19319c" + }, + { + "name": "http://grsecurity.net/~spender/64bit_dos.c", + "refsource": "MISC", + "url": "http://grsecurity.net/~spender/64bit_dos.c" + }, + { + "name": "[linux-kernel] 20100830 Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer", + "refsource": "MLIST", + "url": "http://lkml.org/lkml/2010/8/29/206" + }, + { + "name": "45004", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45004" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4856.json b/2010/4xxx/CVE-2010-4856.json index 271a11bc17f..ec0d7e025a4 100644 --- a/2010/4xxx/CVE-2010-4856.json +++ b/2010/4xxx/CVE-2010-4856.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4856", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in arsiv.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the tarih parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4856", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15219", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15219" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in arsiv.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the tarih parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15219", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15219" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4884.json b/2010/4xxx/CVE-2010-4884.json index c22ce5ef45b..c2f6f80a06a 100644 --- a/2010/4xxx/CVE-2010-4884.json +++ b/2010/4xxx/CVE-2010-4884.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4884", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in guestbook/gbook.php in Gaestebuch 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the script_pfad parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4884", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14810", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14810" - }, - { - "name" : "http://packetstormsecurity.org/1008-exploits/hinnendahlgb-rfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1008-exploits/hinnendahlgb-rfi.txt" - }, - { - "name" : "8436", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8436" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in guestbook/gbook.php in Gaestebuch 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the script_pfad parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/1008-exploits/hinnendahlgb-rfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1008-exploits/hinnendahlgb-rfi.txt" + }, + { + "name": "14810", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14810" + }, + { + "name": "8436", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8436" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4947.json b/2010/4xxx/CVE-2010-4947.json index 7391b90fb5f..ee61444e2c7 100644 --- a/2010/4xxx/CVE-2010-4947.json +++ b/2010/4xxx/CVE-2010-4947.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4947", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in advanced_search_result.php in ALLPC 2.5 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4947", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15128", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15128" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in advanced_search_result.php in ALLPC 2.5 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15128", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15128" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1571.json b/2011/1xxx/CVE-2011-1571.json index adc0cac3a8d..63dfd40c284 100644 --- a/2011/1xxx/CVE-2011-1571.json +++ b/2011/1xxx/CVE-2011-1571.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1571", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1571", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110329 CVE requests : Liferay 6.0.6", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/29/1" - }, - { - "name" : "[oss-security] 20110408 Re: CVE requests : Liferay 6.0.6", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/04/08/5" - }, - { - "name" : "[oss-security] 20110411 Re: CVE requests : Liferay 6.0.6", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/04/11/9" - }, - { - "name" : "http://issues.liferay.com/browse/LPS-14726", - "refsource" : "CONFIRM", - "url" : "http://issues.liferay.com/browse/LPS-14726" - }, - { - "name" : "http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952", - "refsource" : "CONFIRM", - "url" : "http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://issues.liferay.com/browse/LPS-14726", + "refsource": "CONFIRM", + "url": "http://issues.liferay.com/browse/LPS-14726" + }, + { + "name": "[oss-security] 20110408 Re: CVE requests : Liferay 6.0.6", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/04/08/5" + }, + { + "name": "[oss-security] 20110411 Re: CVE requests : Liferay 6.0.6", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/04/11/9" + }, + { + "name": "[oss-security] 20110329 CVE requests : Liferay 6.0.6", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/29/1" + }, + { + "name": "http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952", + "refsource": "CONFIRM", + "url": "http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3487.json b/2014/3xxx/CVE-2014-3487.json index e5d9094641c..083afaefccc 100644 --- a/2014/3xxx/CVE-2014-3487.json +++ b/2014/3xxx/CVE-2014-3487.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3487", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3487", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[file] 20140612 file-5.19 is now available", - "refsource" : "MLIST", - "url" : "http://mx.gw.com/pipermail/file/2014/001553.html" - }, - { - "name" : "http://www.php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php" - }, - { - "name" : "https://bugs.php.net/bug.php?id=67413", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=67413" - }, - { - "name" : "https://github.com/file/file/commit/93e063ee374b6a75729df9e7201fb511e47e259d", - "refsource" : "CONFIRM", - "url" : "https://github.com/file/file/commit/93e063ee374b6a75729df9e7201fb511e47e259d" - }, - { - "name" : "http://support.apple.com/kb/HT6443", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6443" - }, - { - "name" : "https://support.apple.com/HT204659", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204659" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" - }, - { - "name" : "APPLE-SA-2015-04-08-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" - }, - { - "name" : "DSA-2974", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2974" - }, - { - "name" : "DSA-3021", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3021" - }, - { - "name" : "HPSBUX03102", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141017844705317&w=2" - }, - { - "name" : "SSRT101681", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141017844705317&w=2" - }, - { - "name" : "RHSA-2014:1765", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1765.html" - }, - { - "name" : "RHSA-2014:1766", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1766.html" - }, - { - "name" : "openSUSE-SU-2014:1236", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html" - }, - { - "name" : "68120", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68120" - }, - { - "name" : "59794", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59794" - }, - { - "name" : "59831", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59831" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT204659", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204659" + }, + { + "name": "RHSA-2014:1766", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html" + }, + { + "name": "DSA-3021", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3021" + }, + { + "name": "HPSBUX03102", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141017844705317&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" + }, + { + "name": "DSA-2974", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2974" + }, + { + "name": "59794", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59794" + }, + { + "name": "http://www.php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php" + }, + { + "name": "[file] 20140612 file-5.19 is now available", + "refsource": "MLIST", + "url": "http://mx.gw.com/pipermail/file/2014/001553.html" + }, + { + "name": "APPLE-SA-2015-04-08-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" + }, + { + "name": "http://support.apple.com/kb/HT6443", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6443" + }, + { + "name": "https://github.com/file/file/commit/93e063ee374b6a75729df9e7201fb511e47e259d", + "refsource": "CONFIRM", + "url": "https://github.com/file/file/commit/93e063ee374b6a75729df9e7201fb511e47e259d" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" + }, + { + "name": "RHSA-2014:1765", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html" + }, + { + "name": "SSRT101681", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141017844705317&w=2" + }, + { + "name": "https://bugs.php.net/bug.php?id=67413", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=67413" + }, + { + "name": "59831", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59831" + }, + { + "name": "68120", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68120" + }, + { + "name": "openSUSE-SU-2014:1236", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3766.json b/2014/3xxx/CVE-2014-3766.json index ad9f93610dd..ce556eb852f 100644 --- a/2014/3xxx/CVE-2014-3766.json +++ b/2014/3xxx/CVE-2014-3766.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3766", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3766", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3881.json b/2014/3xxx/CVE-2014-3881.json index ab5c3cc0a9a..67d2fe5b655 100644 --- a/2014/3xxx/CVE-2014-3881.json +++ b/2014/3xxx/CVE-2014-3881.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3881", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in Intercom Web Kyukincho 3.x before 3.0.030 allows remote attackers to hijack the authentication of arbitrary users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-3881", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://jvn.jp/en/jp/JVN80006084/995199/index.html", - "refsource" : "CONFIRM", - "url" : "http://jvn.jp/en/jp/JVN80006084/995199/index.html" - }, - { - "name" : "JVN#36259412", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN36259412/index.html" - }, - { - "name" : "JVNDB-2014-000064", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000064" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in Intercom Web Kyukincho 3.x before 3.0.030 allows remote attackers to hijack the authentication of arbitrary users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://jvn.jp/en/jp/JVN80006084/995199/index.html", + "refsource": "CONFIRM", + "url": "http://jvn.jp/en/jp/JVN80006084/995199/index.html" + }, + { + "name": "JVN#36259412", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN36259412/index.html" + }, + { + "name": "JVNDB-2014-000064", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000064" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7166.json b/2014/7xxx/CVE-2014-7166.json index 7c08ae63399..5014d7d8037 100644 --- a/2014/7xxx/CVE-2014-7166.json +++ b/2014/7xxx/CVE-2014-7166.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7166", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7166", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7595.json b/2014/7xxx/CVE-2014-7595.json index fae7652d7d2..7232a27a9c6 100644 --- a/2014/7xxx/CVE-2014-7595.json +++ b/2014/7xxx/CVE-2014-7595.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7595", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The devada.co.uk (aka com.wdevadacouk) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7595", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#717489", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/717489" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The devada.co.uk (aka com.wdevadacouk) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#717489", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/717489" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7906.json b/2014/7xxx/CVE-2014-7906.json index d7c6f696b39..394acb68865 100644 --- a/2014/7xxx/CVE-2014-7906.json +++ b/2014/7xxx/CVE-2014-7906.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7906", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the Pepper plugins in Google Chrome before 39.0.2171.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Flash content that triggers an attempted PepperMediaDeviceManager access outside of the object's lifetime." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-7906", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html" - }, - { - "name" : "https://chromium.googlesource.com/chromium/src/+/3a2cf7d1376ae33054b878232fb38b8fbed29e31", - "refsource" : "CONFIRM", - "url" : "https://chromium.googlesource.com/chromium/src/+/3a2cf7d1376ae33054b878232fb38b8fbed29e31" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=423030", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=423030" - }, - { - "name" : "RHSA-2014:1894", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1894.html" - }, - { - "name" : "71159", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71159" - }, - { - "name" : "1031241", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031241" - }, - { - "name" : "60194", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60194" - }, - { - "name" : "google-chrome-cve20147906-code-exec(98794)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98794" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the Pepper plugins in Google Chrome before 39.0.2171.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Flash content that triggers an attempted PepperMediaDeviceManager access outside of the object's lifetime." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031241", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031241" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=423030", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=423030" + }, + { + "name": "RHSA-2014:1894", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1894.html" + }, + { + "name": "60194", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60194" + }, + { + "name": "https://chromium.googlesource.com/chromium/src/+/3a2cf7d1376ae33054b878232fb38b8fbed29e31", + "refsource": "CONFIRM", + "url": "https://chromium.googlesource.com/chromium/src/+/3a2cf7d1376ae33054b878232fb38b8fbed29e31" + }, + { + "name": "google-chrome-cve20147906-code-exec(98794)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98794" + }, + { + "name": "71159", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71159" + }, + { + "name": "http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8342.json b/2014/8xxx/CVE-2014-8342.json index 50756de7d74..400333cd462 100644 --- a/2014/8xxx/CVE-2014-8342.json +++ b/2014/8xxx/CVE-2014-8342.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8342", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8342", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8515.json b/2014/8xxx/CVE-2014-8515.json index 4bb40d868dc..36c2bde3afa 100644 --- a/2014/8xxx/CVE-2014-8515.json +++ b/2014/8xxx/CVE-2014-8515.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8515", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web interface in BitTorrent allows remote attackers to execute arbitrary commands by leveraging knowledge of the pairing values and a crafted request to port 10000." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8515", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-418/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-418/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web interface in BitTorrent allows remote attackers to execute arbitrary commands by leveraging knowledge of the pairing values and a crafted request to port 10000." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-14-418/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-418/" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8818.json b/2014/8xxx/CVE-2014-8818.json index 8bc5acadc0c..91dd350ec41 100644 --- a/2014/8xxx/CVE-2014-8818.json +++ b/2014/8xxx/CVE-2014-8818.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8818", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8818", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9153.json b/2014/9xxx/CVE-2014-9153.json index e352f0249e4..51caf3e7b40 100644 --- a/2014/9xxx/CVE-2014-9153.json +++ b/2014/9xxx/CVE-2014-9153.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9153", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Services module 7.x-3.x before 7.x-3.10 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the callback parameter in a JSONP response." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9153", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.drupal.org/node/2344389", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2344389" - }, - { - "name" : "https://www.drupal.org/node/2344423", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2344423" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Services module 7.x-3.x before 7.x-3.10 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the callback parameter in a JSONP response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/node/2344423", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2344423" + }, + { + "name": "https://www.drupal.org/node/2344389", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2344389" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9879.json b/2014/9xxx/CVE-2014-9879.json index 6f540006288..c8016fd1775 100644 --- a/2014/9xxx/CVE-2014-9879.json +++ b/2014/9xxx/CVE-2014-9879.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9879", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mdss mdp3 driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate user-space data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769221 and Qualcomm internal bug CR524490." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2014-9879", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-08-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-08-01.html" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=ecc8116e1befb3a764109f47ba0389434ddabbe4", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=ecc8116e1befb3a764109f47ba0389434ddabbe4" - }, - { - "name" : "92219", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92219" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mdss mdp3 driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate user-space data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769221 and Qualcomm internal bug CR524490." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-08-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-08-01.html" + }, + { + "name": "92219", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92219" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=ecc8116e1befb3a764109f47ba0389434ddabbe4", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=ecc8116e1befb3a764109f47ba0389434ddabbe4" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9952.json b/2014/9xxx/CVE-2014-9952.json index cdf953b93db..e194b27d0e8 100644 --- a/2014/9xxx/CVE-2014-9952.json +++ b/2014/9xxx/CVE-2014-9952.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2014-9952", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "All Qualcomm products", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In the Secure File System in all Android releases from CAF using the Linux kernel, a capture-replay vulnerability could potentially exist." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Capture-Replay Vulnerability in Secure File System" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2014-9952", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All Qualcomm products", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-05-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-05-01" - }, - { - "name" : "98253", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98253" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Secure File System in all Android releases from CAF using the Linux kernel, a capture-replay vulnerability could potentially exist." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Capture-Replay Vulnerability in Secure File System" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98253", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98253" + }, + { + "name": "https://source.android.com/security/bulletin/2017-05-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-05-01" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2245.json b/2016/2xxx/CVE-2016-2245.json index f2cac768811..9a444ac0969 100644 --- a/2016/2xxx/CVE-2016-2245.json +++ b/2016/2xxx/CVE-2016-2245.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2245", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HP Support Assistant before 8.1.52.1 allows remote attackers to bypass authentication via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2016-2245", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBGN03438", - "refsource" : "HP", - "url" : "https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05031674" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HP Support Assistant before 8.1.52.1 allows remote attackers to bypass authentication via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBGN03438", + "refsource": "HP", + "url": "https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05031674" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2595.json b/2016/2xxx/CVE-2016-2595.json index a460a2a4ed1..bf6be7b36ad 100644 --- a/2016/2xxx/CVE-2016-2595.json +++ b/2016/2xxx/CVE-2016-2595.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2595", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2595", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2861.json b/2016/2xxx/CVE-2016-2861.json index 54b10679a29..412a3c31a4f 100644 --- a/2016/2xxx/CVE-2016-2861.json +++ b/2016/2xxx/CVE-2016-2861.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2861", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 does not properly encrypt data, which makes it easier for remote attackers to obtain sensitive information by sniffing the network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-2861", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21983036", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21983036" - }, - { - "name" : "PI60897", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI60897" - }, - { - "name" : "PI60898", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI60898" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 does not properly encrypt data, which makes it easier for remote attackers to obtain sensitive information by sniffing the network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "PI60897", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI60897" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21983036", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983036" + }, + { + "name": "PI60898", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI60898" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6266.json b/2016/6xxx/CVE-2016-6266.json index de1173e99ee..068f5b98a10 100644 --- a/2016/6xxx/CVE-2016-6266.json +++ b/2016/6xxx/CVE-2016-6266.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6266", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) host or (2) apikey parameter in a register action, (3) enable parameter in a save_stting action, or (4) host or (5) apikey parameter in a test_connection action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6266", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/", - "refsource" : "MISC", - "url" : "https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/" - }, - { - "name" : "https://success.trendmicro.com/solution/1114913", - "refsource" : "CONFIRM", - "url" : "https://success.trendmicro.com/solution/1114913" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) host or (2) apikey parameter in a register action, (3) enable parameter in a save_stting action, or (4) host or (5) apikey parameter in a test_connection action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/", + "refsource": "MISC", + "url": "https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/" + }, + { + "name": "https://success.trendmicro.com/solution/1114913", + "refsource": "CONFIRM", + "url": "https://success.trendmicro.com/solution/1114913" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6312.json b/2016/6xxx/CVE-2016-6312.json index da784c5678b..f7cb6c63e4a 100644 --- a/2016/6xxx/CVE-2016-6312.json +++ b/2016/6xxx/CVE-2016-6312.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-6312", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows remote authenticated users with access to the webdav repository to cause a denial of service (memory consumption and httpd crash). NOTE: Exists as a regression to CVE-2009-1955." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-6312", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1364122", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1364122" - }, - { - "name" : "92320", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92320" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows remote authenticated users with access to the webdav repository to cause a denial of service (memory consumption and httpd crash). NOTE: Exists as a regression to CVE-2009-1955." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1364122", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1364122" + }, + { + "name": "92320", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92320" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6953.json b/2016/6xxx/CVE-2016-6953.json index 182c143ce3b..c1e0baf5fc2 100644 --- a/2016/6xxx/CVE-2016-6953.json +++ b/2016/6xxx/CVE-2016-6953.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6953", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-6953", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" - }, - { - "name" : "93491", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93491" - }, - { - "name" : "1036986", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036986", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036986" + }, + { + "name": "93491", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93491" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7110.json b/2016/7xxx/CVE-2016-7110.json index 941dee8ab74..4ad426bf6bd 100644 --- a/2016/7xxx/CVE-2016-7110.json +++ b/2016/7xxx/CVE-2016-7110.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7110", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via \"special characters,\" a different vulnerability than CVE-2016-7109." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7110", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-uma-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-uma-en" - }, - { - "name" : "92617", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92617" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via \"special characters,\" a different vulnerability than CVE-2016-7109." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92617", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92617" + }, + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-uma-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-uma-en" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7592.json b/2016/7xxx/CVE-2016-7592.json index 6181b867be2..5cd1eb15a39 100644 --- a/2016/7xxx/CVE-2016-7592.json +++ b/2016/7xxx/CVE-2016-7592.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-7592", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component, which allows remote attackers to obtain sensitive information via crafted JavaScript prompts on a web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-7592", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207421", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207421" - }, - { - "name" : "https://support.apple.com/HT207422", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207422" - }, - { - "name" : "https://support.apple.com/HT207424", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207424" - }, - { - "name" : "https://support.apple.com/HT207427", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207427" - }, - { - "name" : "GLSA-201706-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-15" - }, - { - "name" : "94909", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94909" - }, - { - "name" : "1037459", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037459" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component, which allows remote attackers to obtain sensitive information via crafted JavaScript prompts on a web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT207427", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207427" + }, + { + "name": "https://support.apple.com/HT207421", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207421" + }, + { + "name": "1037459", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037459" + }, + { + "name": "https://support.apple.com/HT207422", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207422" + }, + { + "name": "GLSA-201706-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-15" + }, + { + "name": "https://support.apple.com/HT207424", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207424" + }, + { + "name": "94909", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94909" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5237.json b/2017/5xxx/CVE-2017-5237.json index 611469e92c8..dc8721df9ac 100644 --- a/2017/5xxx/CVE-2017-5237.json +++ b/2017/5xxx/CVE-2017-5237.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@rapid7.com", - "ID" : "CVE-2017-5237", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "EV-07S GPS Tracker", - "version" : { - "version_data" : [ - { - "version_value" : "All" - } - ] - } - } - ] - }, - "vendor_name" : "Eview" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker's phone number can revert the device to a factory default configuration with an SMS command, \"RESET!\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Unauthenticated remote factory reset" - } + "CVE_data_meta": { + "ASSIGNER": "cve@rapid7.com", + "ID": "CVE-2017-5237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EV-07S GPS Tracker", + "version": { + "version_data": [ + { + "version_value": "All" + } + ] + } + } + ] + }, + "vendor_name": "Eview" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities", - "refsource" : "MISC", - "url" : "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities" - }, - { - "name" : "97186", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97186" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker's phone number can revert the device to a factory default configuration with an SMS command, \"RESET!\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unauthenticated remote factory reset" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities", + "refsource": "MISC", + "url": "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities" + }, + { + "name": "97186", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97186" + } + ] + } +} \ No newline at end of file