diff --git a/2006/0xxx/CVE-2006-0196.json b/2006/0xxx/CVE-2006-0196.json index 2e5c96a77bb..6ed2ca60a99 100644 --- a/2006/0xxx/CVE-2006-0196.json +++ b/2006/0xxx/CVE-2006-0196.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0196", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Serial line sniffer (aka slsnif) 0.4.4 allows local users to gain privileges via a long value of the HOME environment variable, possibly because of a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0196", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060111 Serial Line Sniffer 0.4.4 Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/421583/100/0/threaded" - }, - { - "name" : "http://shellcoders.com/sintigan/slsnif-ploit.pl", - "refsource" : "MISC", - "url" : "http://shellcoders.com/sintigan/slsnif-ploit.pl" - }, - { - "name" : "ADV-2006-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0212" - }, - { - "name" : "18497", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18497" - }, - { - "name" : "slsnif-home-bo(24082)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24082" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Serial line sniffer (aka slsnif) 0.4.4 allows local users to gain privileges via a long value of the HOME environment variable, possibly because of a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060111 Serial Line Sniffer 0.4.4 Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/421583/100/0/threaded" + }, + { + "name": "slsnif-home-bo(24082)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24082" + }, + { + "name": "ADV-2006-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0212" + }, + { + "name": "http://shellcoders.com/sintigan/slsnif-ploit.pl", + "refsource": "MISC", + "url": "http://shellcoders.com/sintigan/slsnif-ploit.pl" + }, + { + "name": "18497", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18497" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0395.json b/2006/0xxx/CVE-2006-0395.json index 17eac8e83a6..e7fe1b4fcdc 100644 --- a/2006/0xxx/CVE-2006-0395.json +++ b/2006/0xxx/CVE-2006-0395.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0395", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0395", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=303382", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=303382" - }, - { - "name" : "APPLE-SA-2006-03-01", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/client-management/2006/Mar/msg00030.html" - }, - { - "name" : "TA06-062A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-062A.html" - }, - { - "name" : "16907", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16907" - }, - { - "name" : "ADV-2006-0791", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0791" - }, - { - "name" : "23645", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23645" - }, - { - "name" : "19064", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19064" - }, - { - "name" : "macosx-mail-bypass-security(25027)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "macosx-mail-bypass-security(25027)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25027" + }, + { + "name": "23645", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23645" + }, + { + "name": "19064", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19064" + }, + { + "name": "16907", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16907" + }, + { + "name": "ADV-2006-0791", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0791" + }, + { + "name": "APPLE-SA-2006-03-01", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/client-management/2006/Mar/msg00030.html" + }, + { + "name": "TA06-062A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-062A.html" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=303382", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=303382" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0650.json b/2006/0xxx/CVE-2006-0650.json index 85a45b074f8..669970fb157 100644 --- a/2006/0xxx/CVE-2006-0650.json +++ b/2006/0xxx/CVE-2006-0650.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0650", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in cpaint2.inc.php in the CPAINT library before 2.0.3, as used in multiple scripts, allows remote attackers to inject arbitrary web script or HTML via the cpaint_response_type parameter, which is displayed in a resulting error message, as demonstrated using a hex-encoded IFRAME tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0650", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060210 CPAINT AJAX Library Cross Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/424663/100/0/threaded" - }, - { - "name" : "http://www.gulftech.org/?node=research&article_id=00097-02092006", - "refsource" : "MISC", - "url" : "http://www.gulftech.org/?node=research&article_id=00097-02092006" - }, - { - "name" : "http://cpaint.booleansystems.com/forums/viewtopic.php?t=98", - "refsource" : "CONFIRM", - "url" : "http://cpaint.booleansystems.com/forums/viewtopic.php?t=98" - }, - { - "name" : "16559", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16559" - }, - { - "name" : "ADV-2006-0487", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0487" - }, - { - "name" : "1015608", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015608" - }, - { - "name" : "18765", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18765" - }, - { - "name" : "cpaint-response-type-xss(24594)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24594" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in cpaint2.inc.php in the CPAINT library before 2.0.3, as used in multiple scripts, allows remote attackers to inject arbitrary web script or HTML via the cpaint_response_type parameter, which is displayed in a resulting error message, as demonstrated using a hex-encoded IFRAME tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015608", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015608" + }, + { + "name": "20060210 CPAINT AJAX Library Cross Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/424663/100/0/threaded" + }, + { + "name": "18765", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18765" + }, + { + "name": "cpaint-response-type-xss(24594)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24594" + }, + { + "name": "16559", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16559" + }, + { + "name": "http://cpaint.booleansystems.com/forums/viewtopic.php?t=98", + "refsource": "CONFIRM", + "url": "http://cpaint.booleansystems.com/forums/viewtopic.php?t=98" + }, + { + "name": "http://www.gulftech.org/?node=research&article_id=00097-02092006", + "refsource": "MISC", + "url": "http://www.gulftech.org/?node=research&article_id=00097-02092006" + }, + { + "name": "ADV-2006-0487", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0487" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1455.json b/2006/1xxx/CVE-2006-1455.json index f4eba37ad1f..0c7b37997eb 100644 --- a/2006/1xxx/CVE-2006-1455.json +++ b/2006/1xxx/CVE-2006-1455.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1455", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to cause a denial of service (crash and connection interruption) via a QuickTime movie with a missing track, which triggers a null dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1455", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2006-05-11", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html" - }, - { - "name" : "TA06-132A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-132A.html" - }, - { - "name" : "17951", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17951" - }, - { - "name" : "ADV-2006-1779", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1779" - }, - { - "name" : "25599", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25599" - }, - { - "name" : "1016070", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016070" - }, - { - "name" : "20077", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20077" - }, - { - "name" : "quicktime-missing-track-dos(26423)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26423" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to cause a denial of service (crash and connection interruption) via a QuickTime movie with a missing track, which triggers a null dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17951", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17951" + }, + { + "name": "ADV-2006-1779", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1779" + }, + { + "name": "TA06-132A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html" + }, + { + "name": "APPLE-SA-2006-05-11", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html" + }, + { + "name": "1016070", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016070" + }, + { + "name": "25599", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25599" + }, + { + "name": "20077", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20077" + }, + { + "name": "quicktime-missing-track-dos(26423)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26423" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5027.json b/2006/5xxx/CVE-2006-5027.json index c5165ca471d..7556e775f59 100644 --- a/2006/5xxx/CVE-2006-5027.json +++ b/2006/5xxx/CVE-2006-5027.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5027", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Jeroen Vennegoor JevonCMS, possibly pre alpha, allows remote attackers to obtain sensitive information via a direct request for php/main/phplib files (1) db_msql.inc, (2) db_mssql.inc, (3) db_mysql.inc, (4) db_oci8.inc, (5) db_odbc.inc, (6) db_oracle.inc, and (7) db_pgsql.inc; and (8) db_sybase.inc, which reveals the path in various error messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5027", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060922 jevoncms (.inc) Path Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/446741/100/0/threaded" - }, - { - "name" : "1638", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1638" - }, - { - "name" : "jevoncms-phplib-path-disclosure(29126)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29126" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jeroen Vennegoor JevonCMS, possibly pre alpha, allows remote attackers to obtain sensitive information via a direct request for php/main/phplib files (1) db_msql.inc, (2) db_mssql.inc, (3) db_mysql.inc, (4) db_oci8.inc, (5) db_odbc.inc, (6) db_oracle.inc, and (7) db_pgsql.inc; and (8) db_sybase.inc, which reveals the path in various error messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "jevoncms-phplib-path-disclosure(29126)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29126" + }, + { + "name": "1638", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1638" + }, + { + "name": "20060922 jevoncms (.inc) Path Disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/446741/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5351.json b/2006/5xxx/CVE-2006-5351.json index 6892e5e433d..0bcc81e25b2 100644 --- a/2006/5xxx/CVE-2006-5351.json +++ b/2006/5xxx/CVE-2006-5351.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5351", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Oracle Application Express (formerly Oracle HTML DB) 1.5 up to 2.0 have unknown impact and remote attack vectors, aka Vuln# (1) APEX01, (2) APEX02, (3) APEX03, (4) APEX05, (5) APEX06, (6) APEX07, (7) APEX08, (8) APEX09, (9) APEX10, (10) APEX11, (11) APEX12, (12) APEX13, (13) APEX14, (14) APEX15, (15) APEX16, (16) APEX17, (17) APEX18, (18) APEX19, (19) APEX22, (20) APEX23, (21) APEX24, (22) APEX25, (23) APEX26, (24) APEX27, (25) APEX28, (26) APEX29, (27) APEX30, (28) APEX31, (29) APEX32, (30) APEX33, (31) APEX34, and (32) APEX35. NOTE: as of 20061027, it is likely that some of these identifiers are associated with cross-site scripting (XSS) in WWV_FLOW_ITEM_HELP and NOTIFICATION_MSG, but these have been provided separate identifiers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5351", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded" - }, - { - "name" : "TA06-291A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-291A.html" - }, - { - "name" : "20588", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20588" - }, - { - "name" : "ADV-2006-4065", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4065" - }, - { - "name" : "1017077", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017077" - }, - { - "name" : "22396", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22396" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Oracle Application Express (formerly Oracle HTML DB) 1.5 up to 2.0 have unknown impact and remote attack vectors, aka Vuln# (1) APEX01, (2) APEX02, (3) APEX03, (4) APEX05, (5) APEX06, (6) APEX07, (7) APEX08, (8) APEX09, (9) APEX10, (10) APEX11, (11) APEX12, (12) APEX13, (13) APEX14, (14) APEX15, (15) APEX16, (16) APEX17, (17) APEX18, (18) APEX19, (19) APEX22, (20) APEX23, (21) APEX24, (22) APEX25, (23) APEX26, (24) APEX27, (25) APEX28, (26) APEX29, (27) APEX30, (28) APEX31, (29) APEX32, (30) APEX33, (31) APEX34, and (32) APEX35. NOTE: as of 20061027, it is likely that some of these identifiers are associated with cross-site scripting (XSS) in WWV_FLOW_ITEM_HELP and NOTIFICATION_MSG, but these have been provided separate identifiers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html" + }, + { + "name": "20588", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20588" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded" + }, + { + "name": "ADV-2006-4065", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4065" + }, + { + "name": "22396", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22396" + }, + { + "name": "1017077", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017077" + }, + { + "name": "TA06-291A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-291A.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5448.json b/2006/5xxx/CVE-2006-5448.json index cdf769b0261..d7f25eb5908 100644 --- a/2006/5xxx/CVE-2006-5448.json +++ b/2006/5xxx/CVE-2006-5448.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5448", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The drmstor.dll ActiveX object in Microsoft Windows Digital Rights Management System (DRM) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long parameter to the StoreLicense function, which triggers \"memory corruption\" and possibly a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5448", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061009 MS Windows DRM software Memory Corruption", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/448097/100/200/threaded" - }, - { - "name" : "1756", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1756" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The drmstor.dll ActiveX object in Microsoft Windows Digital Rights Management System (DRM) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long parameter to the StoreLicense function, which triggers \"memory corruption\" and possibly a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1756", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1756" + }, + { + "name": "20061009 MS Windows DRM software Memory Corruption", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/448097/100/200/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5619.json b/2006/5xxx/CVE-2006-5619.json index bab8f824f37..ff0ad78c05f 100644 --- a/2006/5xxx/CVE-2006-5619.json +++ b/2006/5xxx/CVE-2006-5619.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5619", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The seqfile handling (ip6fl_get_n function in ip6_flowlabel.c) in Linux kernel 2.6 up to 2.6.18-stable allows local users to cause a denial of service (hang or oops) via unspecified manipulations that trigger an infinite loop while searching for flowlabels." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5619", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061109 rPSA-2006-0204-1 kernel", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451097/100/0/threaded" - }, - { - "name" : "[linux-kernel] 20061105 Linux 2.6.16.31-rc1", - "refsource" : "MLIST", - "url" : "http://lkml.org/lkml/2006/11/5/46" - }, - { - "name" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bcd620757d3a4ae78ef0ca41adb5d9e400ed92b6", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bcd620757d3a4ae78ef0ca41adb5d9e400ed92b6" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-760", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-760" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm" - }, - { - "name" : "DSA-1233", - "refsource" : "DEBIAN", - "url" : "http://www.us.debian.org/security/2006/dsa-1233" - }, - { - "name" : "MDKSA-2007:002", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:002" - }, - { - "name" : "MDKSA-2007:012", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:012" - }, - { - "name" : "MDKSA-2007:025", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:025" - }, - { - "name" : "RHSA-2007:0014", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2007-0014.html" - }, - { - "name" : "SUSE-SA:2006:079", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_79_kernel.html" - }, - { - "name" : "USN-395-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-395-1" - }, - { - "name" : "20847", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20847" - }, - { - "name" : "oval:org.mitre.oval:def:9311", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9311" - }, - { - "name" : "ADV-2006-4297", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4297" - }, - { - "name" : "22665", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22665" - }, - { - "name" : "22754", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22754" - }, - { - "name" : "23370", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23370" - }, - { - "name" : "23384", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23384" - }, - { - "name" : "23593", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23593" - }, - { - "name" : "23752", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23752" - }, - { - "name" : "23997", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23997" - }, - { - "name" : "24206", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24206" - }, - { - "name" : "23474", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23474" - }, - { - "name" : "kernel-seqfile-ipv6-dos(29970)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29970" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The seqfile handling (ip6fl_get_n function in ip6_flowlabel.c) in Linux kernel 2.6 up to 2.6.18-stable allows local users to cause a denial of service (hang or oops) via unspecified manipulations that trigger an infinite loop while searching for flowlabels." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[linux-kernel] 20061105 Linux 2.6.16.31-rc1", + "refsource": "MLIST", + "url": "http://lkml.org/lkml/2006/11/5/46" + }, + { + "name": "MDKSA-2007:025", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:025" + }, + { + "name": "SUSE-SA:2006:079", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_79_kernel.html" + }, + { + "name": "RHSA-2007:0014", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2007-0014.html" + }, + { + "name": "https://issues.rpath.com/browse/RPL-760", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-760" + }, + { + "name": "MDKSA-2007:012", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:012" + }, + { + "name": "23593", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23593" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm" + }, + { + "name": "23384", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23384" + }, + { + "name": "23752", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23752" + }, + { + "name": "20847", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20847" + }, + { + "name": "24206", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24206" + }, + { + "name": "oval:org.mitre.oval:def:9311", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9311" + }, + { + "name": "22754", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22754" + }, + { + "name": "22665", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22665" + }, + { + "name": "23474", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23474" + }, + { + "name": "DSA-1233", + "refsource": "DEBIAN", + "url": "http://www.us.debian.org/security/2006/dsa-1233" + }, + { + "name": "23370", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23370" + }, + { + "name": "20061109 rPSA-2006-0204-1 kernel", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451097/100/0/threaded" + }, + { + "name": "23997", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23997" + }, + { + "name": "MDKSA-2007:002", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:002" + }, + { + "name": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bcd620757d3a4ae78ef0ca41adb5d9e400ed92b6", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bcd620757d3a4ae78ef0ca41adb5d9e400ed92b6" + }, + { + "name": "USN-395-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-395-1" + }, + { + "name": "kernel-seqfile-ipv6-dos(29970)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29970" + }, + { + "name": "ADV-2006-4297", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4297" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5722.json b/2006/5xxx/CVE-2006-5722.json index 1fe900b2eeb..79ca4a681e4 100644 --- a/2006/5xxx/CVE-2006-5722.json +++ b/2006/5xxx/CVE-2006-5722.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5722", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Segue CMS 1.5.9 and earlier, when magic_quotes_gpc is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the theme parameter to (1) themesettings.php or (2) index.php, a different vector than CVE-2006-5497. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5722", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ADV-2006-4215", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4215" - }, - { - "name" : "22582", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22582" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Segue CMS 1.5.9 and earlier, when magic_quotes_gpc is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the theme parameter to (1) themesettings.php or (2) index.php, a different vector than CVE-2006-5497. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22582", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22582" + }, + { + "name": "ADV-2006-4215", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4215" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5905.json b/2006/5xxx/CVE-2006-5905.json index 2c3eec710bb..d53d3359389 100644 --- a/2006/5xxx/CVE-2006-5905.json +++ b/2006/5xxx/CVE-2006-5905.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5905", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Web Directory Pro allows remote attackers to (1) backup the database and obtain the backup via a direct request to admin/backup_db.php or (2) modify configuration via a direct request to admin/options.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5905", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061104 Web Directory Pro bypass Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/450556/100/0/threaded" - }, - { - "name" : "8878", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8878" - }, - { - "name" : "35327", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35327" - }, - { - "name" : "1859", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1859" - }, - { - "name" : "webdirectorypro-url-security-bypass(30009)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30009" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Web Directory Pro allows remote attackers to (1) backup the database and obtain the backup via a direct request to admin/backup_db.php or (2) modify configuration via a direct request to admin/options.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "webdirectorypro-url-security-bypass(30009)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30009" + }, + { + "name": "8878", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8878" + }, + { + "name": "1859", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1859" + }, + { + "name": "35327", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35327" + }, + { + "name": "20061104 Web Directory Pro bypass Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/450556/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2455.json b/2007/2xxx/CVE-2007-2455.json index 777259099db..f1cf1767a5d 100644 --- a/2007/2xxx/CVE-2007-2455.json +++ b/2007/2xxx/CVE-2007-2455.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2455", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Parallels allows local users to cause a denial of service (virtual machine abort) via (1) certain INT instructions, as demonstrated by INT 0xAA; (2) an IRET instruction when an invalid address is at the top of the stack; (3) a malformed MOVNTI instruction, as demonstrated by using a register as a destination; or a write operation to (4) SEGR6 or (5) SEGR7." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2455", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://taviso.decsystem.org/virtsec.pdf", - "refsource" : "MISC", - "url" : "http://taviso.decsystem.org/virtsec.pdf" - }, - { - "name" : "41164", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41164" - }, - { - "name" : "41165", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41165" - }, - { - "name" : "41166", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41166" - }, - { - "name" : "41167", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41167" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Parallels allows local users to cause a denial of service (virtual machine abort) via (1) certain INT instructions, as demonstrated by INT 0xAA; (2) an IRET instruction when an invalid address is at the top of the stack; (3) a malformed MOVNTI instruction, as demonstrated by using a register as a destination; or a write operation to (4) SEGR6 or (5) SEGR7." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41166", + "refsource": "OSVDB", + "url": "http://osvdb.org/41166" + }, + { + "name": "http://taviso.decsystem.org/virtsec.pdf", + "refsource": "MISC", + "url": "http://taviso.decsystem.org/virtsec.pdf" + }, + { + "name": "41164", + "refsource": "OSVDB", + "url": "http://osvdb.org/41164" + }, + { + "name": "41167", + "refsource": "OSVDB", + "url": "http://osvdb.org/41167" + }, + { + "name": "41165", + "refsource": "OSVDB", + "url": "http://osvdb.org/41165" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2849.json b/2007/2xxx/CVE-2007-2849.json index 1c6346e228e..4e460a7d43e 100644 --- a/2007/2xxx/CVE-2007-2849.json +++ b/2007/2xxx/CVE-2007-2849.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2849", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "KnowledgeTree Document Management (aka KnowledgeTree Open Source) before STABLE 3.3.7 does not require a password for an unregistered user, when the user exists in Active Directory, which allows remote attackers to log onto KTDMS without the intended authorization check." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2849", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=510338", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=510338" - }, - { - "name" : "http://sourceforge.net/forum/forum.php?forum_id=698243", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/forum/forum.php?forum_id=698243" - }, - { - "name" : "24110", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24110" - }, - { - "name" : "ADV-2007-1920", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1920" - }, - { - "name" : "36578", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36578" - }, - { - "name" : "25360", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25360" - }, - { - "name" : "knowledgetree-unspecified-security-bypass(34463)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34463" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "KnowledgeTree Document Management (aka KnowledgeTree Open Source) before STABLE 3.3.7 does not require a password for an unregistered user, when the user exists in Active Directory, which allows remote attackers to log onto KTDMS without the intended authorization check." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25360", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25360" + }, + { + "name": "http://sourceforge.net/forum/forum.php?forum_id=698243", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/forum/forum.php?forum_id=698243" + }, + { + "name": "24110", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24110" + }, + { + "name": "knowledgetree-unspecified-security-bypass(34463)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34463" + }, + { + "name": "ADV-2007-1920", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1920" + }, + { + "name": "36578", + "refsource": "OSVDB", + "url": "http://osvdb.org/36578" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=510338", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=510338" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0107.json b/2010/0xxx/CVE-2010-0107.json index 6d4fcbba409..425f68980ed 100644 --- a/2010/0xxx/CVE-2010-0107.json +++ b/2010/0xxx/CVE-2010-0107.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0107", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9; allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. NOTE: this is only a vulnerability if the attacker can \"masquerade as an authorized site.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0107", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100224 VUPEN Security Research - Symantec Products \"SYMLTCOM.dll\" Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/509717/100/0/threaded" - }, - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_01", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_01" - }, - { - "name" : "38217", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38217" - }, - { - "name" : "62412", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/62412" - }, - { - "name" : "1023628", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023628" - }, - { - "name" : "1023629", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023629" - }, - { - "name" : "1023630", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023630" - }, - { - "name" : "1023631", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023631" - }, - { - "name" : "38654", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38654" - }, - { - "name" : "ADV-2010-0411", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0411" - }, - { - "name" : "symantec-symltcom-activex-bo(56357)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56357" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9; allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. NOTE: this is only a vulnerability if the attacker can \"masquerade as an authorized site.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62412", + "refsource": "OSVDB", + "url": "http://osvdb.org/62412" + }, + { + "name": "20100224 VUPEN Security Research - Symantec Products \"SYMLTCOM.dll\" Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/509717/100/0/threaded" + }, + { + "name": "1023630", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023630" + }, + { + "name": "38654", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38654" + }, + { + "name": "symantec-symltcom-activex-bo(56357)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56357" + }, + { + "name": "ADV-2010-0411", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0411" + }, + { + "name": "1023631", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023631" + }, + { + "name": "38217", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38217" + }, + { + "name": "1023628", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023628" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_01", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_01" + }, + { + "name": "1023629", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023629" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0493.json b/2010/0xxx/CVE-2010-0493.json index 7de3aba7b5f..e7be83fcce0 100644 --- a/2010/0xxx/CVE-2010-0493.json +++ b/2010/0xxx/CVE-2010-0493.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0493", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-0493", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0710.json b/2010/0xxx/CVE-2010-0710.json index def5b08ce9b..7fa8183398b 100644 --- a/2010/0xxx/CVE-2010-0710.json +++ b/2010/0xxx/CVE-2010-0710.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0710", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 Build 103, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the newsid parameter when the sec parameter is 26. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0710", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "62358", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/62358" - }, - { - "name" : "38596", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38596" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 Build 103, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the newsid parameter when the sec parameter is 26. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62358", + "refsource": "OSVDB", + "url": "http://osvdb.org/62358" + }, + { + "name": "38596", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38596" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1553.json b/2010/1xxx/CVE-2010-1553.json index 30231a83b61..d69922c3f6c 100644 --- a/2010/1xxx/CVE-2010-1553.json +++ b/2010/1xxx/CVE-2010-1553.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1553", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid MaxAge parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2010-1553", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100511 ZDI-10-084: HP OpenView NNM getnnmdata.exe CGI Invalid MaxAge Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/511241/100/0/threaded" - }, - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-10-084/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-10-084/" - }, - { - "name" : "HPSBMA02527", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127360750704351&w=2" - }, - { - "name" : "SSRT010098", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127360750704351&w=2" - }, - { - "name" : "SSRT090228", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127360750704351&w=2" - }, - { - "name" : "8153", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8153" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid MaxAge parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT010098", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127360750704351&w=2" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-10-084/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-10-084/" + }, + { + "name": "SSRT090228", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127360750704351&w=2" + }, + { + "name": "HPSBMA02527", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127360750704351&w=2" + }, + { + "name": "20100511 ZDI-10-084: HP OpenView NNM getnnmdata.exe CGI Invalid MaxAge Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/511241/100/0/threaded" + }, + { + "name": "8153", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8153" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1821.json b/2010/1xxx/CVE-2010-1821.json index ca2f1f2fe74..8596c9341fe 100644 --- a/2010/1xxx/CVE-2010-1821.json +++ b/2010/1xxx/CVE-2010-1821.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1821", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows local users to obtain system privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-1821", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2016-01-28-4188", - "refsource" : "APPLE", - "url" : "https://support.apple.com/en-us/HT4188" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows local users to obtain system privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2016-01-28-4188", + "refsource": "APPLE", + "url": "https://support.apple.com/en-us/HT4188" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3052.json b/2010/3xxx/CVE-2010-3052.json index 2d0f31c5094..9342aae05ea 100644 --- a/2010/3xxx/CVE-2010-3052.json +++ b/2010/3xxx/CVE-2010-3052.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3052", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3052", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3079.json b/2010/3xxx/CVE-2010-3079.json index 51054bf2f11..0d51592d4b8 100644 --- a/2010/3xxx/CVE-2010-3079.json +++ b/2010/3xxx/CVE-2010-3079.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3079", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "kernel/trace/ftrace.c in the Linux kernel before 2.6.35.5, when debugfs is enabled, does not properly handle interaction between mutex possession and llseek operations, which allows local users to cause a denial of service (NULL pointer dereference and outage of all function tracing files) via an lseek call on a file descriptor associated with the set_ftrace_filter file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3079", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9c55cb12c1c172e2d51e85fbb5a4796ca86b77e7", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9c55cb12c1c172e2d51e85fbb5a4796ca86b77e7" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.5", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.5" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=631623", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=631623" - }, - { - "name" : "RHSA-2010:0842", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0842.html" - }, - { - "name" : "SUSE-SA:2010:050", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html" - }, - { - "name" : "SUSE-SA:2011:007", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" - }, - { - "name" : "USN-1041-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1041-1" - }, - { - "name" : "43684", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43684" - }, - { - "name" : "42758", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42758" - }, - { - "name" : "ADV-2011-0070", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0070" - }, - { - "name" : "ADV-2011-0298", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0298" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "kernel/trace/ftrace.c in the Linux kernel before 2.6.35.5, when debugfs is enabled, does not properly handle interaction between mutex possession and llseek operations, which allows local users to cause a denial of service (NULL pointer dereference and outage of all function tracing files) via an lseek call on a file descriptor associated with the set_ftrace_filter file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.5", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.5" + }, + { + "name": "USN-1041-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1041-1" + }, + { + "name": "SUSE-SA:2011:007", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" + }, + { + "name": "RHSA-2010:0842", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0842.html" + }, + { + "name": "ADV-2011-0298", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0298" + }, + { + "name": "SUSE-SA:2010:050", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=631623", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=631623" + }, + { + "name": "42758", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42758" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9c55cb12c1c172e2d51e85fbb5a4796ca86b77e7", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9c55cb12c1c172e2d51e85fbb5a4796ca86b77e7" + }, + { + "name": "43684", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43684" + }, + { + "name": "ADV-2011-0070", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0070" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3343.json b/2010/3xxx/CVE-2010-3343.json index 64cc12d3b32..a3a9dcacbb4 100644 --- a/2010/3xxx/CVE-2010-3343.json +++ b/2010/3xxx/CVE-2010-3343.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3343", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka \"HTML Object Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-3343", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-090", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090" - }, - { - "name" : "TA10-348A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-348A.html" - }, - { - "name" : "oval:org.mitre.oval:def:12372", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12372" - }, - { - "name" : "1024872", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024872" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka \"HTML Object Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-348A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html" + }, + { + "name": "MS10-090", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090" + }, + { + "name": "oval:org.mitre.oval:def:12372", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12372" + }, + { + "name": "1024872", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024872" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3495.json b/2010/3xxx/CVE-2010-3495.json index 88c7dcafbdc..e7c95240d21 100644 --- a/2010/3xxx/CVE-2010-3495.json +++ b/2010/3xxx/CVE-2010-3495.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3495", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in ZEO/StorageServer.py in Zope Object Database (ZODB) before 3.10.0 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, a related issue to CVE-2010-3492." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3495", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100909 CVE Request -- Python -- accept() implementation in async core is broken => more subcases", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/09/6" - }, - { - "name" : "[oss-security] 20100910 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/11/2" - }, - { - "name" : "[oss-security] 20100922 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/22/3" - }, - { - "name" : "[oss-security] 20100924 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/24/3" - }, - { - "name" : "http://bugs.python.org/issue6706", - "refsource" : "MISC", - "url" : "http://bugs.python.org/issue6706" - }, - { - "name" : "http://pypi.python.org/pypi/ZODB3/3.10.0#id1", - "refsource" : "CONFIRM", - "url" : "http://pypi.python.org/pypi/ZODB3/3.10.0#id1" - }, - { - "name" : "https://bugs.launchpad.net/zodb/+bug/135108", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/zodb/+bug/135108" - }, - { - "name" : "SUSE-SR:2010:024", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html" - }, - { - "name" : "41755", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in ZEO/StorageServer.py in Zope Object Database (ZODB) before 3.10.0 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, a related issue to CVE-2010-3492." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20100910 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/11/2" + }, + { + "name": "https://bugs.launchpad.net/zodb/+bug/135108", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/zodb/+bug/135108" + }, + { + "name": "http://pypi.python.org/pypi/ZODB3/3.10.0#id1", + "refsource": "CONFIRM", + "url": "http://pypi.python.org/pypi/ZODB3/3.10.0#id1" + }, + { + "name": "[oss-security] 20100924 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/24/3" + }, + { + "name": "[oss-security] 20100922 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/22/3" + }, + { + "name": "http://bugs.python.org/issue6706", + "refsource": "MISC", + "url": "http://bugs.python.org/issue6706" + }, + { + "name": "[oss-security] 20100909 CVE Request -- Python -- accept() implementation in async core is broken => more subcases", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/09/6" + }, + { + "name": "SUSE-SR:2010:024", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html" + }, + { + "name": "41755", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41755" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3561.json b/2010/3xxx/CVE-2010-3561.json index af80c15ce14..0b4937ab4a4 100644 --- a/2010/3xxx/CVE-2010-3561.json +++ b/2010/3xxx/CVE-2010-3561.json @@ -1,197 +1,197 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3561", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this involves the use of the privileged accept method in the ServerSocket class, which does not limit which hosts can connect and allows remote attackers to bypass intended network access restrictions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-3561", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100114315", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100114315" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100114327", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100114327" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=639880", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=639880" - }, - { - "name" : "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100123193", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100123193" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" - }, - { - "name" : "FEDORA-2010-16240", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html" - }, - { - "name" : "FEDORA-2010-16294", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html" - }, - { - "name" : "FEDORA-2010-16312", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBUX02608", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" - }, - { - "name" : "SSRT100333", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "RHSA-2010:0770", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0770.html" - }, - { - "name" : "RHSA-2010:0768", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0768.html" - }, - { - "name" : "RHSA-2010:0865", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0865.html" - }, - { - "name" : "SUSE-SR:2010:019", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" - }, - { - "name" : "USN-1010-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1010-1" - }, - { - "name" : "44013", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44013" - }, - { - "name" : "oval:org.mitre.oval:def:12200", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12200" - }, - { - "name" : "oval:org.mitre.oval:def:12437", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12437" - }, - { - "name" : "41972", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41972" - }, - { - "name" : "42377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42377" - }, - { - "name" : "42974", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42974" - }, - { - "name" : "ADV-2010-3086", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3086" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this involves the use of the privileged accept method in the ServerSocket class, which does not limit which hosts can connect and allows remote attackers to bypass intended network access restrictions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.avaya.com/css/P8/documents/100114327", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100114327" + }, + { + "name": "RHSA-2010:0865", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100114315", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100114315" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "RHSA-2010:0770", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html" + }, + { + "name": "SSRT100333", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" + }, + { + "name": "RHSA-2010:0768", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html" + }, + { + "name": "FEDORA-2010-16240", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html" + }, + { + "name": "44013", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44013" + }, + { + "name": "USN-1010-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1010-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=639880", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639880" + }, + { + "name": "oval:org.mitre.oval:def:12200", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12200" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html" + }, + { + "name": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" + }, + { + "name": "42974", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42974" + }, + { + "name": "41972", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41972" + }, + { + "name": "ADV-2010-3086", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3086" + }, + { + "name": "HPSBUX02608", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" + }, + { + "name": "oval:org.mitre.oval:def:12437", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12437" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100123193", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100123193" + }, + { + "name": "42377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42377" + }, + { + "name": "SUSE-SR:2010:019", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" + }, + { + "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" + }, + { + "name": "FEDORA-2010-16312", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html" + }, + { + "name": "FEDORA-2010-16294", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4789.json b/2010/4xxx/CVE-2010-4789.json index ba7ac36236c..684295f5ec6 100644 --- a/2010/4xxx/CVE-2010-4789.json +++ b/2010/4xxx/CVE-2010-4789.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4789", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the proxy-server implementation in IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.65 (aka 6.0.0.8-TIV-ITDS-IF0007) and 6.3 before 6.3.0.1 (aka 6.3.0.0-TIV-ITDS-IF0001) allows remote authenticated users to cause a denial of service (daemon crash) via a paged search that is interrupted by an LDAP Unbind operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4789", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg24029659", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg24029659" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg24029672", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg24029672" - }, - { - "name" : "IO13364", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg1IO13364" - }, - { - "name" : "IO13451", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg1IO13451" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the proxy-server implementation in IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.65 (aka 6.0.0.8-TIV-ITDS-IF0007) and 6.3 before 6.3.0.1 (aka 6.3.0.0-TIV-ITDS-IF0001) allows remote authenticated users to cause a denial of service (daemon crash) via a paged search that is interrupted by an LDAP Unbind operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg24029659", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg24029659" + }, + { + "name": "IO13364", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=swg1IO13364" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg24029672", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg24029672" + }, + { + "name": "IO13451", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=swg1IO13451" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0782.json b/2014/0xxx/CVE-2014-0782.json index 13a71f37f8b..7fa637a2bf3 100644 --- a/2014/0xxx/CVE-2014-0782.json +++ b/2014/0xxx/CVE-2014-0782.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0782", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM VP Entry Class R5.03.00 and earlier, Exaopc R3.71.02 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier allows remote attackers to execute arbitrary code via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2014-0782", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-133-01", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-133-01" - }, - { - "name" : "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0001E.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0001E.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM VP Entry Class R5.03.00 and earlier, Exaopc R3.71.02 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier allows remote attackers to execute arbitrary code via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0001E.pdf", + "refsource": "CONFIRM", + "url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0001E.pdf" + }, + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-133-01", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-133-01" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4104.json b/2014/4xxx/CVE-2014-4104.json index e1ceb496ee2..5d2b8796a50 100644 --- a/2014/4xxx/CVE-2014-4104.json +++ b/2014/4xxx/CVE-2014-4104.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-4104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-052", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052" - }, - { - "name" : "69612", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69612" - }, - { - "name" : "1030818", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030818" - }, - { - "name" : "ms-ie-cve20144104-code-exec(95534)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95534" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69612", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69612" + }, + { + "name": "1030818", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030818" + }, + { + "name": "ms-ie-cve20144104-code-exec(95534)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95534" + }, + { + "name": "MS14-052", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4393.json b/2014/4xxx/CVE-2014-4393.json index a705df2ac46..719b7462653 100644 --- a/2014/4xxx/CVE-2014-4393.json +++ b/2014/4xxx/CVE-2014-4393.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4393", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the shader compiler in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GLSL shader." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT6443", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6443" - }, - { - "name" : "69916", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69916" - }, - { - "name" : "1030868", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030868" - }, - { - "name" : "macosx-cve20144393-bo(96053)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96053" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the shader compiler in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GLSL shader." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "macosx-cve20144393-bo(96053)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96053" + }, + { + "name": "69916", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69916" + }, + { + "name": "1030868", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030868" + }, + { + "name": "http://support.apple.com/kb/HT6443", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6443" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4699.json b/2014/4xxx/CVE-2014-4699.json index 3ee3e002950..3cce5cc0260 100644 --- a/2014/4xxx/CVE-2014-4699.json +++ b/2014/4xxx/CVE-2014-4699.json @@ -1,222 +1,222 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4699", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4699", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "34134", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/34134" - }, - { - "name" : "[oss-security] 20140704 CVE-2014-4699: Linux ptrace bug", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/07/04/4" - }, - { - "name" : "[oss-security] 20140705 Re: CVE-2014-4699: Linux ptrace bug", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/07/05/4" - }, - { - "name" : "[oss-security] 20140708 Re: CVE-2014-4699: Linux ptrace bug", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/07/08/5" - }, - { - "name" : "[oss-security] 20140708 Re: CVE-2014-4699: Linux ptrace bug", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/07/08/16" - }, - { - "name" : "http://packetstormsecurity.com/files/127573/Linux-Kernel-ptrace-sysret-Local-Privilege-Escalation.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127573/Linux-Kernel-ptrace-sysret-Local-Privilege-Escalation.html" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b9cd18de4db3c9ffa7e17b0dc0ca99ed5aa4d43a", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b9cd18de4db3c9ffa7e17b0dc0ca99ed5aa4d43a" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.4", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.4" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1115927", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1115927" - }, - { - "name" : "https://github.com/torvalds/linux/commit/b9cd18de4db3c9ffa7e17b0dc0ca99ed5aa4d43a", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/b9cd18de4db3c9ffa7e17b0dc0ca99ed5aa4d43a" - }, - { - "name" : "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.47", - "refsource" : "CONFIRM", - "url" : "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.47" - }, - { - "name" : "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.11", - "refsource" : "CONFIRM", - "url" : "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.11" - }, - { - "name" : "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.97", - "refsource" : "CONFIRM", - "url" : "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.97" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-3047.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-3047.html" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-3048.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-3048.html" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-0924.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-0924.html" - }, - { - "name" : "DSA-2972", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2972" - }, - { - "name" : "USN-2266-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2266-1" - }, - { - "name" : "USN-2267-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2267-1" - }, - { - "name" : "USN-2268-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2268-1" - }, - { - "name" : "USN-2269-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2269-1" - }, - { - "name" : "USN-2270-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2270-1" - }, - { - "name" : "USN-2271-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2271-1" - }, - { - "name" : "USN-2272-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2272-1" - }, - { - "name" : "USN-2273-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2273-1" - }, - { - "name" : "USN-2274-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2274-1" - }, - { - "name" : "108754", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/108754" - }, - { - "name" : "59633", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59633" - }, - { - "name" : "59639", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59639" - }, - { - "name" : "59654", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59654" - }, - { - "name" : "60220", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60220" - }, - { - "name" : "60380", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60380" - }, - { - "name" : "60393", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60393" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://linux.oracle.com/errata/ELSA-2014-3047.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-3047.html" + }, + { + "name": "USN-2269-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2269-1" + }, + { + "name": "USN-2274-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2274-1" + }, + { + "name": "USN-2268-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2268-1" + }, + { + "name": "USN-2267-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2267-1" + }, + { + "name": "108754", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/108754" + }, + { + "name": "60220", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60220" + }, + { + "name": "[oss-security] 20140704 CVE-2014-4699: Linux ptrace bug", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/07/04/4" + }, + { + "name": "USN-2271-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2271-1" + }, + { + "name": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.11", + "refsource": "CONFIRM", + "url": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.11" + }, + { + "name": "59654", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59654" + }, + { + "name": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.97", + "refsource": "CONFIRM", + "url": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.97" + }, + { + "name": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.47", + "refsource": "CONFIRM", + "url": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.47" + }, + { + "name": "USN-2266-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2266-1" + }, + { + "name": "[oss-security] 20140708 Re: CVE-2014-4699: Linux ptrace bug", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/07/08/5" + }, + { + "name": "[oss-security] 20140708 Re: CVE-2014-4699: Linux ptrace bug", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/07/08/16" + }, + { + "name": "59633", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59633" + }, + { + "name": "http://packetstormsecurity.com/files/127573/Linux-Kernel-ptrace-sysret-Local-Privilege-Escalation.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127573/Linux-Kernel-ptrace-sysret-Local-Privilege-Escalation.html" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.4", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.4" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-0924.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-0924.html" + }, + { + "name": "[oss-security] 20140705 Re: CVE-2014-4699: Linux ptrace bug", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/07/05/4" + }, + { + "name": "60393", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60393" + }, + { + "name": "60380", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60380" + }, + { + "name": "USN-2270-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2270-1" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-3048.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-3048.html" + }, + { + "name": "34134", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/34134" + }, + { + "name": "59639", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59639" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b9cd18de4db3c9ffa7e17b0dc0ca99ed5aa4d43a", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b9cd18de4db3c9ffa7e17b0dc0ca99ed5aa4d43a" + }, + { + "name": "USN-2273-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2273-1" + }, + { + "name": "USN-2272-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2272-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1115927", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1115927" + }, + { + "name": "DSA-2972", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2972" + }, + { + "name": "https://github.com/torvalds/linux/commit/b9cd18de4db3c9ffa7e17b0dc0ca99ed5aa4d43a", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/b9cd18de4db3c9ffa7e17b0dc0ca99ed5aa4d43a" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8026.json b/2014/8xxx/CVE-2014-8026.json index e1da658af97..475b0d0b6ee 100644 --- a/2014/8xxx/CVE-2014-8026.json +++ b/2014/8xxx/CVE-2014-8026.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8026", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Guest Server in Cisco Jabber allows remote attackers to inject arbitrary web script or HTML via a (1) GET or (2) POST parameter, aka Bug ID CSCus08074." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-8026", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141222 Cisco Jabber Guest Server Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8026" - }, - { - "name" : "20150107 Cisco Jabber Guest Server Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/viewAlert.x?alertId=36872" - }, - { - "name" : "71769", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71769" - }, - { - "name" : "1031422", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031422" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Guest Server in Cisco Jabber allows remote attackers to inject arbitrary web script or HTML via a (1) GET or (2) POST parameter, aka Bug ID CSCus08074." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031422", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031422" + }, + { + "name": "20141222 Cisco Jabber Guest Server Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8026" + }, + { + "name": "20150107 Cisco Jabber Guest Server Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=36872" + }, + { + "name": "71769", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71769" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8415.json b/2014/8xxx/CVE-2014-8415.json index d5159627892..1d834b3d44a 100644 --- a/2014/8xxx/CVE-2014-8415.json +++ b/2014/8xxx/CVE-2014-8415.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8415", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the chan_pjsip channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a cancel request for a SIP session with a queued action to (1) answer a session or (2) send ringing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8415", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://downloads.asterisk.org/pub/security/AST-2014-015.html", - "refsource" : "CONFIRM", - "url" : "http://downloads.asterisk.org/pub/security/AST-2014-015.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the chan_pjsip channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a cancel request for a SIP session with a queued action to (1) answer a session or (2) send ringing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://downloads.asterisk.org/pub/security/AST-2014-015.html", + "refsource": "CONFIRM", + "url": "http://downloads.asterisk.org/pub/security/AST-2014-015.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8687.json b/2014/8xxx/CVE-2014-8687.json index aefd5700842..8af4fad50df 100644 --- a/2014/8xxx/CVE-2014-8687.json +++ b/2014/8xxx/CVE-2014-8687.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8687", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute arbitrary code with root privileges by leveraging use of a static encryption key to create session tokens." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8687", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "36202", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/36202/" - }, - { - "name" : "36264", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/36264/" - }, - { - "name" : "http://packetstormsecurity.com/files/130585/Seagate-Business-NAS-2014.00319-Remote-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130585/Seagate-Business-NAS-2014.00319-Remote-Code-Execution.html" - }, - { - "name" : "http://packetstormsecurity.com/files/130609/Seagate-Business-NAS-Unauthenticated-Remote-Command-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130609/Seagate-Business-NAS-Unauthenticated-Remote-Command-Execution.html" - }, - { - "name" : "https://beyondbinary.io/articles/seagate-nas-rce/", - "refsource" : "MISC", - "url" : "https://beyondbinary.io/articles/seagate-nas-rce/" - }, - { - "name" : "72831", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72831" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute arbitrary code with root privileges by leveraging use of a static encryption key to create session tokens." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://beyondbinary.io/articles/seagate-nas-rce/", + "refsource": "MISC", + "url": "https://beyondbinary.io/articles/seagate-nas-rce/" + }, + { + "name": "72831", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72831" + }, + { + "name": "http://packetstormsecurity.com/files/130609/Seagate-Business-NAS-Unauthenticated-Remote-Command-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130609/Seagate-Business-NAS-Unauthenticated-Remote-Command-Execution.html" + }, + { + "name": "http://packetstormsecurity.com/files/130585/Seagate-Business-NAS-2014.00319-Remote-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130585/Seagate-Business-NAS-2014.00319-Remote-Code-Execution.html" + }, + { + "name": "36202", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/36202/" + }, + { + "name": "36264", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/36264/" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8904.json b/2014/8xxx/CVE-2014-8904.json index 3ebbe52e7e4..891fdd2c276 100644 --- a/2014/8xxx/CVE-2014-8904.json +++ b/2014/8xxx/CVE-2014-8904.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8904", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-8904", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "38576", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/38576/" - }, - { - "name" : "http://aix.software.ibm.com/aix/efixes/security/lvm_advisory.asc", - "refsource" : "CONFIRM", - "url" : "http://aix.software.ibm.com/aix/efixes/security/lvm_advisory.asc" - }, - { - "name" : "IV67907", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV67907" - }, - { - "name" : "IV67908", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV67908" - }, - { - "name" : "IV68070", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV68070" - }, - { - "name" : "IV68082", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV68082" - }, - { - "name" : "IV68478", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV68478" - }, - { - "name" : "1031596", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031596" - }, - { - "name" : "62195", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62195" - }, - { - "name" : "ibm-aix-cve20148904-sec-bypass(99193)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99193" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62195", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62195" + }, + { + "name": "1031596", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031596" + }, + { + "name": "http://aix.software.ibm.com/aix/efixes/security/lvm_advisory.asc", + "refsource": "CONFIRM", + "url": "http://aix.software.ibm.com/aix/efixes/security/lvm_advisory.asc" + }, + { + "name": "IV67907", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV67907" + }, + { + "name": "IV68070", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV68070" + }, + { + "name": "ibm-aix-cve20148904-sec-bypass(99193)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99193" + }, + { + "name": "IV68082", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV68082" + }, + { + "name": "38576", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/38576/" + }, + { + "name": "IV68478", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV68478" + }, + { + "name": "IV67908", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV67908" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9072.json b/2014/9xxx/CVE-2014-9072.json index 3c4cc07a5ac..e431c4b34f8 100644 --- a/2014/9xxx/CVE-2014-9072.json +++ b/2014/9xxx/CVE-2014-9072.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9072", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9072", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9308.json b/2014/9xxx/CVE-2014-9308.json index b95e9492b82..fc0d9200ffb 100644 --- a/2014/9xxx/CVE-2014-9308.json +++ b/2014/9xxx/CVE-2014-9308.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9308", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart (aka WordPress Shopping Cart) plugin before 3.0.9 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in products/banners/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9308", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35730", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35730" - }, - { - "name" : "http://packetstormsecurity.com/files/129875/WordPress-Shopping-Cart-3.0.4-Unrestricted-File-Upload.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129875/WordPress-Shopping-Cart-3.0.4-Unrestricted-File-Upload.html" - }, - { - "name" : "http://security.szurek.pl/wordpress-shopping-cart-304-unrestricted-file-upload.html", - "refsource" : "MISC", - "url" : "http://security.szurek.pl/wordpress-shopping-cart-304-unrestricted-file-upload.html" - }, - { - "name" : "https://wordpress.org/plugins/wp-easycart/changelog/", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/wp-easycart/changelog/" - }, - { - "name" : "71983", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71983" - }, - { - "name" : "116806", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/116806" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart (aka WordPress Shopping Cart) plugin before 3.0.9 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in products/banners/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/129875/WordPress-Shopping-Cart-3.0.4-Unrestricted-File-Upload.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129875/WordPress-Shopping-Cart-3.0.4-Unrestricted-File-Upload.html" + }, + { + "name": "71983", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71983" + }, + { + "name": "116806", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/116806" + }, + { + "name": "https://wordpress.org/plugins/wp-easycart/changelog/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/wp-easycart/changelog/" + }, + { + "name": "35730", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35730" + }, + { + "name": "http://security.szurek.pl/wordpress-shopping-cart-304-unrestricted-file-upload.html", + "refsource": "MISC", + "url": "http://security.szurek.pl/wordpress-shopping-cart-304-unrestricted-file-upload.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9343.json b/2014/9xxx/CVE-2014-9343.json index c11d040edb1..a5501081931 100644 --- a/2014/9xxx/CVE-2014-9343.json +++ b/2014/9xxx/CVE-2014-9343.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9343", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in modules/system/controller/selectlanguage.class.php in Snowfox CMS 1.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the rd parameter in a submit action to snowfox/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9343", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/129162/Snowfox-CMS-1.0-Open-Redirect.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129162/Snowfox-CMS-1.0-Open-Redirect.html" - }, - { - "name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5206.php", - "refsource" : "MISC", - "url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5206.php" - }, - { - "name" : "https://github.com/GlobizSolutions/snowfox/releases", - "refsource" : "MISC", - "url" : "https://github.com/GlobizSolutions/snowfox/releases" - }, - { - "name" : "https://github.com/GlobizSolutions/snowfox/commit/55a8e44a9d9a9a788cc1cde6baf0c2c67e0c736a", - "refsource" : "CONFIRM", - "url" : "https://github.com/GlobizSolutions/snowfox/commit/55a8e44a9d9a9a788cc1cde6baf0c2c67e0c736a" - }, - { - "name" : "114850", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/114850" - }, - { - "name" : "mantisbt-cve20146316-open-redirect(99128)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99128" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in modules/system/controller/selectlanguage.class.php in Snowfox CMS 1.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the rd parameter in a submit action to snowfox/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mantisbt-cve20146316-open-redirect(99128)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99128" + }, + { + "name": "114850", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/114850" + }, + { + "name": "https://github.com/GlobizSolutions/snowfox/releases", + "refsource": "MISC", + "url": "https://github.com/GlobizSolutions/snowfox/releases" + }, + { + "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5206.php", + "refsource": "MISC", + "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5206.php" + }, + { + "name": "https://github.com/GlobizSolutions/snowfox/commit/55a8e44a9d9a9a788cc1cde6baf0c2c67e0c736a", + "refsource": "CONFIRM", + "url": "https://github.com/GlobizSolutions/snowfox/commit/55a8e44a9d9a9a788cc1cde6baf0c2c67e0c736a" + }, + { + "name": "http://packetstormsecurity.com/files/129162/Snowfox-CMS-1.0-Open-Redirect.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129162/Snowfox-CMS-1.0-Open-Redirect.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2971.json b/2016/2xxx/CVE-2016-2971.json index 4c342cb3c13..d237ab5add5 100644 --- a/2016/2xxx/CVE-2016-2971.json +++ b/2016/2xxx/CVE-2016-2971.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-08-23T00:00:00", - "ID" : "CVE-2016-2971", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Sametime", - "version" : { - "version_data" : [ - { - "version_value" : "8.5.2" - }, - { - "version_value" : "8.5.2.1" - }, - { - "version_value" : "9.0" - }, - { - "version_value" : "9.0.0.1" - }, - { - "version_value" : "9.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sametime Media Services 8.5.2 and 9.0 can disclose sensitive information in stack trace error logs that could aid an attacker in future attacks. IBM X-Force ID: 113898." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-08-23T00:00:00", + "ID": "CVE-2016-2971", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sametime", + "version": { + "version_data": [ + { + "version_value": "8.5.2" + }, + { + "version_value": "8.5.2.1" + }, + { + "version_value": "9.0" + }, + { + "version_value": "9.0.0.1" + }, + { + "version_value": "9.0.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/113898", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/113898" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22006439", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22006439" - }, - { - "name" : "100599", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100599" - }, - { - "name" : "1039231", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039231" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Sametime Media Services 8.5.2 and 9.0 can disclose sensitive information in stack trace error logs that could aid an attacker in future attacks. IBM X-Force ID: 113898." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100599", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100599" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113898", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113898" + }, + { + "name": "1039231", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039231" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22006439", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22006439" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3149.json b/2016/3xxx/CVE-2016-3149.json index 4ca2e756ed0..6097f55f692 100644 --- a/2016/3xxx/CVE-2016-3149.json +++ b/2016/3xxx/CVE-2016-3149.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3149", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Barco ClickShare CSC-1 devices with firmware before 01.09.03 and CSM-1 devices with firmware before 01.06.02 allow remote attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3149", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20161114 Multiple vulnerabilities in Barco Clickshare", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/539754/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/139713/Barco-ClickShare-XSS-Remote-Code-Execution-Path-Traversal.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/139713/Barco-ClickShare-XSS-Remote-Code-Execution-Path-Traversal.html" - }, - { - "name" : "94323", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94323" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Barco ClickShare CSC-1 devices with firmware before 01.09.03 and CSM-1 devices with firmware before 01.06.02 allow remote attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/139713/Barco-ClickShare-XSS-Remote-Code-Execution-Path-Traversal.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/139713/Barco-ClickShare-XSS-Remote-Code-Execution-Path-Traversal.html" + }, + { + "name": "20161114 Multiple vulnerabilities in Barco Clickshare", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/539754/100/0/threaded" + }, + { + "name": "94323", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94323" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3429.json b/2016/3xxx/CVE-2016-3429.json index ec406cad4e0..6c8493ddb7d 100644 --- a/2016/3xxx/CVE-2016-3429.json +++ b/2016/3xxx/CVE-2016-3429.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3429", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Retail Xstore Point of Service component in Oracle Retail Applications 5.0, 5.5, 6.0, 6.5, 7.0, and 7.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to Xstore Services." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3429", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" - }, - { - "name" : "1035600", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035600" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Retail Xstore Point of Service component in Oracle Retail Applications 5.0, 5.5, 6.0, 6.5, 7.0, and 7.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to Xstore Services." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" + }, + { + "name": "1035600", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035600" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3533.json b/2016/3xxx/CVE-2016-3533.json index 83540482caa..ae9941e73f8 100644 --- a/2016/3xxx/CVE-2016-3533.json +++ b/2016/3xxx/CVE-2016-3533.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3533", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Knowledge Management component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Search. NOTE: the previous information is from the July 2016 CPU. Oracle has not commented on third-party claims that this issue involves multiple open redirect vulnerabilities, which allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3533", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.onapsis.com/blog/oracle-fixes-record-276-vulnerabilities-july-2016", - "refsource" : "MISC", - "url" : "https://www.onapsis.com/blog/oracle-fixes-record-276-vulnerabilities-july-2016" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "91909", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91909" - }, - { - "name" : "1036403", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036403" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Knowledge Management component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Search. NOTE: the previous information is from the July 2016 CPU. Oracle has not commented on third-party claims that this issue involves multiple open redirect vulnerabilities, which allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.onapsis.com/blog/oracle-fixes-record-276-vulnerabilities-july-2016", + "refsource": "MISC", + "url": "https://www.onapsis.com/blog/oracle-fixes-record-276-vulnerabilities-july-2016" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "91909", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91909" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "1036403", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036403" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3729.json b/2016/3xxx/CVE-2016-3729.json index f36d3f4fbd8..46bf3e1e73b 100644 --- a/2016/3xxx/CVE-2016-3729.json +++ b/2016/3xxx/CVE-2016-3729.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3729", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to edit profile fields locked by the administrator." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-3729", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160517 Moodle security release 3.0.4, 2.9.6, 2.8.12, 2.7.14", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/05/17/4" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1335933", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1335933" - }, - { - "name" : "1035902", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035902" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to edit profile fields locked by the administrator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160517 Moodle security release 3.0.4, 2.9.6, 2.8.12, 2.7.14", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/05/17/4" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1335933", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335933" + }, + { + "name": "1035902", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035902" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6135.json b/2016/6xxx/CVE-2016-6135.json index 73ad3957499..fd67bfb9702 100644 --- a/2016/6xxx/CVE-2016-6135.json +++ b/2016/6xxx/CVE-2016-6135.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6135", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6135", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6204.json b/2016/6xxx/CVE-2016-6204.json index 6402d826920..fde5bff19ff 100644 --- a/2016/6xxx/CVE-2016-6204.json +++ b/2016/6xxx/CVE-2016-6204.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6204", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the integrated web server in Siemens SINEMA Remote Connect Server before 1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6204", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-208-03", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-208-03" - }, - { - "name" : "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-119132.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-119132.pdf" - }, - { - "name" : "92114", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92114" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the integrated web server in Siemens SINEMA Remote Connect Server before 1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-208-03", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-208-03" + }, + { + "name": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-119132.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-119132.pdf" + }, + { + "name": "92114", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92114" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6781.json b/2016/6xxx/CVE-2016-6781.json index e4829d5adce..50c5deac623 100644 --- a/2016/6xxx/CVE-2016-6781.json +++ b/2016/6xxx/CVE-2016-6781.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-6781", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31095175. References: MT-ALPS02943455." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-6781", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2016-12-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2016-12-01.html" - }, - { - "name" : "94683", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94683" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31095175. References: MT-ALPS02943455." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2016-12-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2016-12-01.html" + }, + { + "name": "94683", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94683" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7100.json b/2016/7xxx/CVE-2016-7100.json index e9ca2302d52..6d1cdfa2a5a 100644 --- a/2016/7xxx/CVE-2016-7100.json +++ b/2016/7xxx/CVE-2016-7100.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7100", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7100", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7688.json b/2016/7xxx/CVE-2016-7688.json index fba35483706..8d567fed57c 100644 --- a/2016/7xxx/CVE-2016-7688.json +++ b/2016/7xxx/CVE-2016-7688.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7688", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7688", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7926.json b/2016/7xxx/CVE-2016-7926.json index 1d7c368ae95..5c0bfe26001 100644 --- a/2016/7xxx/CVE-2016-7926.json +++ b/2016/7xxx/CVE-2016-7926.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7926", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Ethernet parser in tcpdump before 4.9.0 has a buffer overflow in print-ether.c:ethertype_print()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7926", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html", - "refsource" : "CONFIRM", - "url" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html" - }, - { - "name" : "DSA-3775", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3775" - }, - { - "name" : "GLSA-201702-30", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-30" - }, - { - "name" : "RHSA-2017:1871", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1871" - }, - { - "name" : "95852", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95852" - }, - { - "name" : "1037755", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Ethernet parser in tcpdump before 4.9.0 has a buffer overflow in print-ether.c:ethertype_print()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037755", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037755" + }, + { + "name": "DSA-3775", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3775" + }, + { + "name": "RHSA-2017:1871", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1871" + }, + { + "name": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html", + "refsource": "CONFIRM", + "url": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html" + }, + { + "name": "95852", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95852" + }, + { + "name": "GLSA-201702-30", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-30" + } + ] + } +} \ No newline at end of file