From 155cc35d94a49765c5d9ebc91b3e70082c9a3c35 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 05:40:08 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/1xxx/CVE-2006-1341.json | 180 ++++---- 2006/1xxx/CVE-2006-1634.json | 140 +++---- 2006/1xxx/CVE-2006-1768.json | 170 ++++---- 2006/5xxx/CVE-2006-5426.json | 160 ++++---- 2006/5xxx/CVE-2006-5464.json | 730 ++++++++++++++++----------------- 2006/5xxx/CVE-2006-5553.json | 180 ++++---- 2006/5xxx/CVE-2006-5654.json | 170 ++++---- 2006/5xxx/CVE-2006-5853.json | 160 ++++---- 2007/2xxx/CVE-2007-2011.json | 180 ++++---- 2007/2xxx/CVE-2007-2166.json | 180 ++++---- 2007/2xxx/CVE-2007-2316.json | 160 ++++---- 2007/2xxx/CVE-2007-2765.json | 170 ++++---- 2007/2xxx/CVE-2007-2966.json | 220 +++++----- 2007/6xxx/CVE-2007-6061.json | 210 +++++----- 2010/0xxx/CVE-2010-0430.json | 140 +++---- 2010/0xxx/CVE-2010-0879.json | 140 +++---- 2010/1xxx/CVE-2010-1016.json | 140 +++---- 2010/1xxx/CVE-2010-1746.json | 150 +++---- 2010/4xxx/CVE-2010-4526.json | 230 +++++------ 2010/4xxx/CVE-2010-4777.json | 180 ++++---- 2010/4xxx/CVE-2010-4957.json | 170 ++++---- 2010/4xxx/CVE-2010-4979.json | 150 +++---- 2010/5xxx/CVE-2010-5150.json | 200 ++++----- 2014/0xxx/CVE-2014-0005.json | 170 ++++---- 2014/0xxx/CVE-2014-0197.json | 34 +- 2014/0xxx/CVE-2014-0240.json | 180 ++++---- 2014/0xxx/CVE-2014-0358.json | 120 +++--- 2014/0xxx/CVE-2014-0373.json | 410 +++++++++--------- 2014/0xxx/CVE-2014-0931.json | 130 +++--- 2014/1xxx/CVE-2014-1413.json | 34 +- 2014/1xxx/CVE-2014-1785.json | 170 ++++---- 2014/1xxx/CVE-2014-1932.json | 180 ++++---- 2014/4xxx/CVE-2014-4111.json | 140 +++---- 2014/4xxx/CVE-2014-4156.json | 34 +- 2014/4xxx/CVE-2014-4268.json | 420 +++++++++---------- 2014/4xxx/CVE-2014-4509.json | 130 +++--- 2014/4xxx/CVE-2014-4841.json | 34 +- 2014/72xxx/CVE-2014-72038.json | 34 +- 2014/9xxx/CVE-2014-9456.json | 120 +++--- 2014/9xxx/CVE-2014-9654.json | 190 ++++----- 2014/9xxx/CVE-2014-9898.json | 140 +++---- 2016/6xxx/CVE-2016-6345.json | 130 +++--- 2016/7xxx/CVE-2016-7529.json | 190 ++++----- 2016/7xxx/CVE-2016-7578.json | 180 ++++---- 2016/7xxx/CVE-2016-7799.json | 180 ++++---- 2016/7xxx/CVE-2016-7922.json | 170 ++++---- 2016/8xxx/CVE-2016-8027.json | 140 +++---- 2016/8xxx/CVE-2016-8079.json | 34 +- 2016/8xxx/CVE-2016-8193.json | 34 +- 2016/9xxx/CVE-2016-9220.json | 130 +++--- 2016/9xxx/CVE-2016-9436.json | 170 ++++---- 2016/9xxx/CVE-2016-9952.json | 130 +++--- 2019/2xxx/CVE-2019-2823.json | 34 +- 53 files changed, 4351 insertions(+), 4351 deletions(-) diff --git a/2006/1xxx/CVE-2006-1341.json b/2006/1xxx/CVE-2006-1341.json index a53a8eb442a..08275e01c6f 100644 --- a/2006/1xxx/CVE-2006-1341.json +++ b/2006/1xxx/CVE-2006-1341.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1341", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in events.php in Maian Events 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1341", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060328 [eVuln] Maian Events SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/429093/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/102/description.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/102/description.html" - }, - { - "name" : "ADV-2006-0993", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0993" - }, - { - "name" : "23947", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23947" - }, - { - "name" : "19274", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19274" - }, - { - "name" : "646", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/646" - }, - { - "name" : "maianevents-events-sql-injection(25298)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25298" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in events.php in Maian Events 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "646", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/646" + }, + { + "name": "http://evuln.com/vulns/102/description.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/102/description.html" + }, + { + "name": "19274", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19274" + }, + { + "name": "ADV-2006-0993", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0993" + }, + { + "name": "maianevents-events-sql-injection(25298)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25298" + }, + { + "name": "23947", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23947" + }, + { + "name": "20060328 [eVuln] Maian Events SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/429093/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1634.json b/2006/1xxx/CVE-2006-1634.json index 81ba54c282c..e34c3778a54 100644 --- a/2006/1xxx/CVE-2006-1634.json +++ b/2006/1xxx/CVE-2006-1634.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1634", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in LucidCMS 2.0.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the command parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1634", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060402 Multiple Vulnerabilities in LucidCMS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/429744" - }, - { - "name" : "17360", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17360" - }, - { - "name" : "lucidcms-index-login-panel-xss(25632)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25632" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in LucidCMS 2.0.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the command parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17360", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17360" + }, + { + "name": "20060402 Multiple Vulnerabilities in LucidCMS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/429744" + }, + { + "name": "lucidcms-index-login-panel-xss(25632)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25632" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1768.json b/2006/1xxx/CVE-2006-1768.json index 9e13c09affa..cbaa22da48d 100644 --- a/2006/1xxx/CVE-2006-1768.json +++ b/2006/1xxx/CVE-2006-1768.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1768", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in register.php in Tritanium Bulletin Board (TBB) 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) newuser_name, (2) newuser_email, and (3) newuser_hp parameters in the faction=register mode in index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1768", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060411 Tritanium Bulletin Board 1.2.3 - XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/430669/100/0/threaded" - }, - { - "name" : "17473", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17473" - }, - { - "name" : "ADV-2006-1329", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1329" - }, - { - "name" : "24556", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24556" - }, - { - "name" : "19635", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19635" - }, - { - "name" : "tritaniumbb-register-xss(25751)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25751" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in register.php in Tritanium Bulletin Board (TBB) 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) newuser_name, (2) newuser_email, and (3) newuser_hp parameters in the faction=register mode in index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17473", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17473" + }, + { + "name": "19635", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19635" + }, + { + "name": "ADV-2006-1329", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1329" + }, + { + "name": "24556", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24556" + }, + { + "name": "tritaniumbb-register-xss(25751)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25751" + }, + { + "name": "20060411 Tritanium Bulletin Board 1.2.3 - XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/430669/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5426.json b/2006/5xxx/CVE-2006-5426.json index 345aee302fb..49f01b45034 100644 --- a/2006/5xxx/CVE-2006-5426.json +++ b/2006/5xxx/CVE-2006-5426.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5426", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in lib/lcUser.php in LoCal Calendar System 1.1 remote attackers to execute arbitrary PHP code via a URL in the LIBDIR parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5426", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2595", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2595" - }, - { - "name" : "20619", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20619" - }, - { - "name" : "ADV-2006-4100", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4100" - }, - { - "name" : "22484", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22484" - }, - { - "name" : "local-calendar-lcuser-file-include(29665)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29665" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in lib/lcUser.php in LoCal Calendar System 1.1 remote attackers to execute arbitrary PHP code via a URL in the LIBDIR parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20619", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20619" + }, + { + "name": "ADV-2006-4100", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4100" + }, + { + "name": "22484", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22484" + }, + { + "name": "local-calendar-lcuser-file-include(29665)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29665" + }, + { + "name": "2595", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2595" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5464.json b/2006/5xxx/CVE-2006-5464.json index 54fd53d16c8..5e615a601c2 100644 --- a/2006/5xxx/CVE-2006-5464.json +++ b/2006/5xxx/CVE-2006-5464.json @@ -1,367 +1,367 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5464", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-5464", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061109 rPSA-2006-0206-1 firefox thunderbird", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451099/100/0/threaded" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=307809", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=307809" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=310267", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=310267" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=350370", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=350370" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=351328", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=351328" - }, - { - "name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-65.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-65.html" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-765", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-765" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-246.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-246.htm" - }, - { - "name" : "DSA-1224", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1224" - }, - { - "name" : "DSA-1225", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1225" - }, - { - "name" : "DSA-1227", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1227" - }, - { - "name" : "GLSA-200612-06", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200612-06.xml" - }, - { - "name" : "GLSA-200612-07", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200612-07.xml" - }, - { - "name" : "GLSA-200612-08", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200612-08.xml" - }, - { - "name" : "HPSBUX02153", - "refsource" : "HP", - "url" : "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742" - }, - { - "name" : "SSRT061181", - "refsource" : "HP", - "url" : "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742" - }, - { - "name" : "MDKSA-2006:205", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:205" - }, - { - "name" : "MDKSA-2006:206", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:206" - }, - { - "name" : "RHSA-2006:0733", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2006-0733.html" - }, - { - "name" : "RHSA-2006:0734", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2006-0734.html" - }, - { - "name" : "RHSA-2006:0735", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2006-0735.html" - }, - { - "name" : "20061101-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P" - }, - { - "name" : "103121", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103121-1" - }, - { - "name" : "200587", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200587-1" - }, - { - "name" : "SUSE-SA:2006:068", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_68_mozilla.html" - }, - { - "name" : "USN-381-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-381-1" - }, - { - "name" : "USN-382-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-382-1" - }, - { - "name" : "VU#495288", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/495288" - }, - { - "name" : "TA06-312A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-312A.html" - }, - { - "name" : "20957", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20957" - }, - { - "name" : "oval:org.mitre.oval:def:9304", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9304" - }, - { - "name" : "ADV-2006-4387", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4387" - }, - { - "name" : "ADV-2007-1198", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1198" - }, - { - "name" : "ADV-2006-3748", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3748" - }, - { - "name" : "ADV-2007-3588", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3588" - }, - { - "name" : "ADV-2008-0083", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0083" - }, - { - "name" : "1017177", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017177" - }, - { - "name" : "1017178", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017178" - }, - { - "name" : "1017179", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017179" - }, - { - "name" : "22722", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22722" - }, - { - "name" : "22770", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22770" - }, - { - "name" : "22727", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22727" - }, - { - "name" : "22737", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22737" - }, - { - "name" : "22763", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22763" - }, - { - "name" : "22774", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22774" - }, - { - "name" : "22817", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22817" - }, - { - "name" : "22929", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22929" - }, - { - "name" : "22965", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22965" - }, - { - "name" : "22980", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22980" - }, - { - "name" : "23009", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23009" - }, - { - "name" : "23013", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23013" - }, - { - "name" : "23197", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23197" - }, - { - "name" : "23202", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23202" - }, - { - "name" : "23235", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23235" - }, - { - "name" : "23263", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23263" - }, - { - "name" : "23287", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23287" - }, - { - "name" : "23297", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23297" - }, - { - "name" : "22815", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22815" - }, - { - "name" : "24711", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24711" - }, - { - "name" : "22066", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22066" - }, - { - "name" : "27328", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27328" - }, - { - "name" : "mozilla-layout-dos(30092)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30092" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3748", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3748" + }, + { + "name": "1017178", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017178" + }, + { + "name": "1017179", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017179" + }, + { + "name": "23235", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23235" + }, + { + "name": "GLSA-200612-08", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200612-08.xml" + }, + { + "name": "23013", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23013" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=310267", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=310267" + }, + { + "name": "oval:org.mitre.oval:def:9304", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9304" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-246.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-246.htm" + }, + { + "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-65.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-65.html" + }, + { + "name": "20061109 rPSA-2006-0206-1 firefox thunderbird", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451099/100/0/threaded" + }, + { + "name": "22770", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22770" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=351328", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=351328" + }, + { + "name": "ADV-2006-4387", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4387" + }, + { + "name": "DSA-1225", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1225" + }, + { + "name": "https://issues.rpath.com/browse/RPL-765", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-765" + }, + { + "name": "23009", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23009" + }, + { + "name": "mozilla-layout-dos(30092)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30092" + }, + { + "name": "TA06-312A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-312A.html" + }, + { + "name": "DSA-1227", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1227" + }, + { + "name": "22980", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22980" + }, + { + "name": "RHSA-2006:0733", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2006-0733.html" + }, + { + "name": "24711", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24711" + }, + { + "name": "23263", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23263" + }, + { + "name": "22763", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22763" + }, + { + "name": "27328", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27328" + }, + { + "name": "22965", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22965" + }, + { + "name": "USN-382-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-382-1" + }, + { + "name": "200587", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200587-1" + }, + { + "name": "1017177", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017177" + }, + { + "name": "ADV-2008-0083", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0083" + }, + { + "name": "RHSA-2006:0735", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2006-0735.html" + }, + { + "name": "20061101-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P" + }, + { + "name": "SUSE-SA:2006:068", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_68_mozilla.html" + }, + { + "name": "GLSA-200612-07", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200612-07.xml" + }, + { + "name": "ADV-2007-1198", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1198" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=307809", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=307809" + }, + { + "name": "23297", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23297" + }, + { + "name": "22727", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22727" + }, + { + "name": "22815", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22815" + }, + { + "name": "RHSA-2006:0734", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2006-0734.html" + }, + { + "name": "SSRT061181", + "refsource": "HP", + "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742" + }, + { + "name": "22737", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22737" + }, + { + "name": "VU#495288", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/495288" + }, + { + "name": "ADV-2007-3588", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3588" + }, + { + "name": "22929", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22929" + }, + { + "name": "23202", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23202" + }, + { + "name": "GLSA-200612-06", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200612-06.xml" + }, + { + "name": "HPSBUX02153", + "refsource": "HP", + "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742" + }, + { + "name": "MDKSA-2006:206", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:206" + }, + { + "name": "20957", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20957" + }, + { + "name": "23197", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23197" + }, + { + "name": "DSA-1224", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1224" + }, + { + "name": "22066", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22066" + }, + { + "name": "103121", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103121-1" + }, + { + "name": "22774", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22774" + }, + { + "name": "22817", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22817" + }, + { + "name": "22722", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22722" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=350370", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=350370" + }, + { + "name": "MDKSA-2006:205", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:205" + }, + { + "name": "23287", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23287" + }, + { + "name": "USN-381-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-381-1" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5553.json b/2006/5xxx/CVE-2006-5553.json index 75a611685ff..c86e75cff1e 100644 --- a/2006/5xxx/CVE-2006-5553.json +++ b/2006/5xxx/CVE-2006-5553.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5553", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Security Agent (CSA) for Linux 4.5 before 4.5.1.657 and 5.0 before 5.0.0.193, as used by Unified CallManager (CUCM) and Unified Presence Server (CUPS), allows remote attackers to cause a denial of service (resource consumption) via a port scan with certain options." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5553", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061025 Cisco Security Agent for Linux Port Scan Denial of Service", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a00807693c7.shtml" - }, - { - "name" : "20737", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20737" - }, - { - "name" : "ADV-2006-4198", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4198" - }, - { - "name" : "30055", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30055" - }, - { - "name" : "1017118", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017118" - }, - { - "name" : "22574", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22574" - }, - { - "name" : "csa-port-scan-dos(29829)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29829" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Security Agent (CSA) for Linux 4.5 before 4.5.1.657 and 5.0 before 5.0.0.193, as used by Unified CallManager (CUCM) and Unified Presence Server (CUPS), allows remote attackers to cause a denial of service (resource consumption) via a port scan with certain options." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1017118", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017118" + }, + { + "name": "20737", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20737" + }, + { + "name": "csa-port-scan-dos(29829)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29829" + }, + { + "name": "30055", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30055" + }, + { + "name": "20061025 Cisco Security Agent for Linux Port Scan Denial of Service", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807693c7.shtml" + }, + { + "name": "ADV-2006-4198", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4198" + }, + { + "name": "22574", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22574" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5654.json b/2006/5xxx/CVE-2006-5654.json index 88d50e2c3ed..4229f95d992 100644 --- a/2006/5xxx/CVE-2006-5654.json +++ b/2006/5xxx/CVE-2006-5654.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5654", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Network Security Services (NSS) in Sun Java System Web Server 6.0 before SP 10 and ONE Application Server 7 before Update 3, when SSLv2 is enabled, allows remote authenticated users to cause a denial of service (application crash) via unspecified vectors. NOTE: due to lack of details from the vendor, it is unclear whether this is related to vector 1 in CVE-2006-5201 or CVE-2006-3127." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5654", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "102670", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102670-1" - }, - { - "name" : "20846", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20846" - }, - { - "name" : "ADV-2006-4299", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4299" - }, - { - "name" : "1017143", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017143" - }, - { - "name" : "22646", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22646" - }, - { - "name" : "sun-java-nss-dos(29946)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29946" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Network Security Services (NSS) in Sun Java System Web Server 6.0 before SP 10 and ONE Application Server 7 before Update 3, when SSLv2 is enabled, allows remote authenticated users to cause a denial of service (application crash) via unspecified vectors. NOTE: due to lack of details from the vendor, it is unclear whether this is related to vector 1 in CVE-2006-5201 or CVE-2006-3127." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sun-java-nss-dos(29946)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29946" + }, + { + "name": "22646", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22646" + }, + { + "name": "102670", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102670-1" + }, + { + "name": "1017143", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017143" + }, + { + "name": "ADV-2006-4299", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4299" + }, + { + "name": "20846", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20846" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5853.json b/2006/5xxx/CVE-2006-5853.json index 13342b37f31..e37b08753b2 100644 --- a/2006/5xxx/CVE-2006-5853.json +++ b/2006/5xxx/CVE-2006-5853.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5853", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in logon.aspx in Immediacy CMS (Immediacy .NET CMS) 5.2 allows remote attackers to inject arbitrary web script or HTML via the lang parameter, which is returned to the client in a lang cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5853", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061108 Immediacy .NET CMS possibly vulnerable to Cross Site Scripting through a malformed cookie", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/450960" - }, - { - "name" : "http://www.procheckup.com/Vulner_PR0506.php", - "refsource" : "MISC", - "url" : "http://www.procheckup.com/Vulner_PR0506.php" - }, - { - "name" : "20965", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20965" - }, - { - "name" : "1845", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1845" - }, - { - "name" : "immediacy-logon-xss(30136)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30136" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in logon.aspx in Immediacy CMS (Immediacy .NET CMS) 5.2 allows remote attackers to inject arbitrary web script or HTML via the lang parameter, which is returned to the client in a lang cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20965", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20965" + }, + { + "name": "immediacy-logon-xss(30136)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30136" + }, + { + "name": "1845", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1845" + }, + { + "name": "20061108 Immediacy .NET CMS possibly vulnerable to Cross Site Scripting through a malformed cookie", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/450960" + }, + { + "name": "http://www.procheckup.com/Vulner_PR0506.php", + "refsource": "MISC", + "url": "http://www.procheckup.com/Vulner_PR0506.php" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2011.json b/2007/2xxx/CVE-2007-2011.json index 3218f9b59a3..51ed89c8f99 100644 --- a/2007/2xxx/CVE-2007-2011.json +++ b/2007/2xxx/CVE-2007-2011.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2011", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in login.php in DeskPro 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2011", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070408 DeskPRO v2.0.1 - Cross-Site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/465089/100/0/threaded" - }, - { - "name" : "http://john-martinelli.com/work/deskpro.txt", - "refsource" : "MISC", - "url" : "http://john-martinelli.com/work/deskpro.txt" - }, - { - "name" : "23381", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23381" - }, - { - "name" : "ADV-2007-1320", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1320" - }, - { - "name" : "34721", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34721" - }, - { - "name" : "24844", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24844" - }, - { - "name" : "2556", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2556" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in login.php in DeskPro 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23381", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23381" + }, + { + "name": "http://john-martinelli.com/work/deskpro.txt", + "refsource": "MISC", + "url": "http://john-martinelli.com/work/deskpro.txt" + }, + { + "name": "2556", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2556" + }, + { + "name": "24844", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24844" + }, + { + "name": "20070408 DeskPRO v2.0.1 - Cross-Site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/465089/100/0/threaded" + }, + { + "name": "34721", + "refsource": "OSVDB", + "url": "http://osvdb.org/34721" + }, + { + "name": "ADV-2007-1320", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1320" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2166.json b/2007/2xxx/CVE-2007-2166.json index f42145bbdbf..0facc453221 100644 --- a/2007/2xxx/CVE-2007-2166.json +++ b/2007/2xxx/CVE-2007-2166.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2166", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in administration/user/lib/group.inc.php in OpenSurveyPilot (osp) 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfgPathToProjectAdmin parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2166", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3765", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3765" - }, - { - "name" : "http://osp.cvs.sourceforge.net/osp/osp12/administration/user/lib/group.inc.php?revision=1.1.1.1&view=markup", - "refsource" : "MISC", - "url" : "http://osp.cvs.sourceforge.net/osp/osp12/administration/user/lib/group.inc.php?revision=1.1.1.1&view=markup" - }, - { - "name" : "23563", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23563" - }, - { - "name" : "ADV-2007-1460", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1460" - }, - { - "name" : "35022", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35022" - }, - { - "name" : "24915", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24915" - }, - { - "name" : "osp-groupinc-file-include(33749)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33749" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in administration/user/lib/group.inc.php in OpenSurveyPilot (osp) 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfgPathToProjectAdmin parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://osp.cvs.sourceforge.net/osp/osp12/administration/user/lib/group.inc.php?revision=1.1.1.1&view=markup", + "refsource": "MISC", + "url": "http://osp.cvs.sourceforge.net/osp/osp12/administration/user/lib/group.inc.php?revision=1.1.1.1&view=markup" + }, + { + "name": "ADV-2007-1460", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1460" + }, + { + "name": "24915", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24915" + }, + { + "name": "23563", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23563" + }, + { + "name": "osp-groupinc-file-include(33749)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33749" + }, + { + "name": "35022", + "refsource": "OSVDB", + "url": "http://osvdb.org/35022" + }, + { + "name": "3765", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3765" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2316.json b/2007/2xxx/CVE-2007-2316.json index da302b5e0f6..f75911baa9b 100644 --- a/2007/2xxx/CVE-2007-2316.json +++ b/2007/2xxx/CVE-2007-2316.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2316", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the admin script in Open Business Management (OBM) before 2.0.0 allows remote attackers to have an unknown impact by calling the script \"in txt mode from a browser.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2316", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://obm.aliasource.org/changelogs/changelog-2.0.html", - "refsource" : "CONFIRM", - "url" : "http://obm.aliasource.org/changelogs/changelog-2.0.html" - }, - { - "name" : "23472", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23472" - }, - { - "name" : "ADV-2007-1376", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1376" - }, - { - "name" : "34899", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34899" - }, - { - "name" : "24775", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24775" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the admin script in Open Business Management (OBM) before 2.0.0 allows remote attackers to have an unknown impact by calling the script \"in txt mode from a browser.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34899", + "refsource": "OSVDB", + "url": "http://osvdb.org/34899" + }, + { + "name": "ADV-2007-1376", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1376" + }, + { + "name": "24775", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24775" + }, + { + "name": "23472", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23472" + }, + { + "name": "http://obm.aliasource.org/changelogs/changelog-2.0.html", + "refsource": "CONFIRM", + "url": "http://obm.aliasource.org/changelogs/changelog-2.0.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2765.json b/2007/2xxx/CVE-2007-2765.json index 3c96c1ec20f..b5c4bfc3d41 100644 --- a/2007/2xxx/CVE-2007-2765.json +++ b/2007/2xxx/CVE-2007-2765.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2765", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "blockhosts.py in BlockHosts before 2.0.3 does not properly parse daemon log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by logging in through ssh using a login name containing certain strings with an IP address, which is not properly handled by a regular expression, a related issue to CVE-2006-6301." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2765", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.aczoom.com/tools/blockhosts/CHANGES", - "refsource" : "CONFIRM", - "url" : "http://www.aczoom.com/tools/blockhosts/CHANGES" - }, - { - "name" : "24090", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24090" - }, - { - "name" : "ADV-2007-1906", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1906" - }, - { - "name" : "36516", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36516" - }, - { - "name" : "25352", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25352" - }, - { - "name" : "blockhosts-daemonlog-dos(34426)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34426" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "blockhosts.py in BlockHosts before 2.0.3 does not properly parse daemon log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by logging in through ssh using a login name containing certain strings with an IP address, which is not properly handled by a regular expression, a related issue to CVE-2006-6301." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24090", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24090" + }, + { + "name": "ADV-2007-1906", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1906" + }, + { + "name": "36516", + "refsource": "OSVDB", + "url": "http://osvdb.org/36516" + }, + { + "name": "blockhosts-daemonlog-dos(34426)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34426" + }, + { + "name": "http://www.aczoom.com/tools/blockhosts/CHANGES", + "refsource": "CONFIRM", + "url": "http://www.aczoom.com/tools/blockhosts/CHANGES" + }, + { + "name": "25352", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25352" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2966.json b/2007/2xxx/CVE-2007-2966.json index 43520830791..2b68661827c 100644 --- a/2007/2xxx/CVE-2007-2966.json +++ b/2007/2xxx/CVE-2007-2966.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2966", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the LHA decompression component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2966", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070601 n.runs-SA-2007.013 - F-Secure Antivirus LZH parsing BufferOverflow Advisory", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/470256/100/0/threaded" - }, - { - "name" : "http://www.nruns.com/security_advisory_fsecure_lzh.php", - "refsource" : "MISC", - "url" : "http://www.nruns.com/security_advisory_fsecure_lzh.php" - }, - { - "name" : "http://www.f-secure.com/security/fsc-2007-1.shtml", - "refsource" : "CONFIRM", - "url" : "http://www.f-secure.com/security/fsc-2007-1.shtml" - }, - { - "name" : "24235", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24235" - }, - { - "name" : "36724", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36724" - }, - { - "name" : "ADV-2007-1985", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1985" - }, - { - "name" : "1018146", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018146" - }, - { - "name" : "1018147", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018147" - }, - { - "name" : "1018148", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018148" - }, - { - "name" : "25426", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25426" - }, - { - "name" : "fsecure-lzh-bo(34575)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34575" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the LHA decompression component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25426", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25426" + }, + { + "name": "1018148", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018148" + }, + { + "name": "1018147", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018147" + }, + { + "name": "1018146", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018146" + }, + { + "name": "ADV-2007-1985", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1985" + }, + { + "name": "20070601 n.runs-SA-2007.013 - F-Secure Antivirus LZH parsing BufferOverflow Advisory", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/470256/100/0/threaded" + }, + { + "name": "http://www.f-secure.com/security/fsc-2007-1.shtml", + "refsource": "CONFIRM", + "url": "http://www.f-secure.com/security/fsc-2007-1.shtml" + }, + { + "name": "36724", + "refsource": "OSVDB", + "url": "http://osvdb.org/36724" + }, + { + "name": "24235", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24235" + }, + { + "name": "fsecure-lzh-bo(34575)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34575" + }, + { + "name": "http://www.nruns.com/security_advisory_fsecure_lzh.php", + "refsource": "MISC", + "url": "http://www.nruns.com/security_advisory_fsecure_lzh.php" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6061.json b/2007/6xxx/CVE-2007-6061.json index 40cfe9fd5af..376301b4416 100644 --- a/2007/6xxx/CVE-2007-6061.json +++ b/2007/6xxx/CVE-2007-6061.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6061", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Audacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlock) by creating the directory before Audacity is run. NOTE: this issue can be leveraged to delete arbitrary files or directories via a symlink attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6061", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=199751", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=199751" - }, - { - "name" : "FEDORA-2008-3456", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00075.html" - }, - { - "name" : "FEDORA-2008-3511", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00087.html" - }, - { - "name" : "GLSA-200803-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200803-03.xml" - }, - { - "name" : "MDVSA-2008:074", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:074" - }, - { - "name" : "26608", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26608" - }, - { - "name" : "ADV-2007-4025", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4025" - }, - { - "name" : "27841", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27841" - }, - { - "name" : "29206", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29206" - }, - { - "name" : "30191", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30191" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Audacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlock) by creating the directory before Audacity is run. NOTE: this issue can be leveraged to delete arbitrary files or directories via a symlink attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29206", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29206" + }, + { + "name": "26608", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26608" + }, + { + "name": "ADV-2007-4025", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4025" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=199751", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=199751" + }, + { + "name": "FEDORA-2008-3511", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00087.html" + }, + { + "name": "GLSA-200803-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200803-03.xml" + }, + { + "name": "27841", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27841" + }, + { + "name": "FEDORA-2008-3456", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00075.html" + }, + { + "name": "MDVSA-2008:074", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:074" + }, + { + "name": "30191", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30191" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0430.json b/2010/0xxx/CVE-2010-0430.json index b5e7ad002df..a78888242c5 100644 --- a/2010/0xxx/CVE-2010-0430.json +++ b/2010/0xxx/CVE-2010-0430.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0430", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libspice, as used in QEMU-KVM in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 and possibly other products, allows guest OS users to read from or write to arbitrary QEMU memory by modifying the address that is used by Cairo for memory mappings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-0430", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=568702", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=568702" - }, - { - "name" : "RHSA-2010:0271", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2010-0271.html" - }, - { - "name" : "RHSA-2010:0476", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2010-0476.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libspice, as used in QEMU-KVM in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 and possibly other products, allows guest OS users to read from or write to arbitrary QEMU memory by modifying the address that is used by Cairo for memory mappings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2010:0476", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2010-0476.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=568702", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=568702" + }, + { + "name": "RHSA-2010:0271", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2010-0271.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0879.json b/2010/0xxx/CVE-2010-0879.json index 0fb4829f8d0..8032cffd243 100644 --- a/2010/0xxx/CVE-2010-0879.json +++ b/2010/0xxx/CVE-2010-0879.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0879", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.26 and 8.50.07 allows remote authenticated users to affect confidentiality via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-0879", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html" - }, - { - "name" : "TA10-103B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-103B.html" - }, - { - "name" : "opejee-peopletools-unspecified-var3(57738)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57738" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.26 and 8.50.07 allows remote authenticated users to affect confidentiality via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-103B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-103B.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html" + }, + { + "name": "opejee-peopletools-unspecified-var3(57738)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57738" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1016.json b/2010/1xxx/CVE-2010-1016.json index 6a8b4fe80cb..3e5cd2b29e5 100644 --- a/2010/1xxx/CVE-2010-1016.json +++ b/2010/1xxx/CVE-2010-1016.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1016", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the SAV Filter Selectors (sav_filter_selectors) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1016", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/extensions/repository/view/sav_filter_selectors/1.0.5/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/extensions/repository/view/sav_filter_selectors/1.0.5/" - }, - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/" - }, - { - "name" : "38804", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38804" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the SAV Filter Selectors (sav_filter_selectors) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38804", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38804" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/" + }, + { + "name": "http://typo3.org/extensions/repository/view/sav_filter_selectors/1.0.5/", + "refsource": "CONFIRM", + "url": "http://typo3.org/extensions/repository/view/sav_filter_selectors/1.0.5/" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1746.json b/2010/1xxx/CVE-2010-1746.json index eee8e4215fd..d91de354028 100644 --- a/2010/1xxx/CVE-2010-1746.json +++ b/2010/1xxx/CVE-2010-1746.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1746", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Table JX (com_grid) component for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) data_search and (2) rpp parameters to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1746", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "12473", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12473" - }, - { - "name" : "39854", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39854" - }, - { - "name" : "ADV-2010-1053", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1053" - }, - { - "name" : "tablejx-index-xss(58270)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58270" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Table JX (com_grid) component for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) data_search and (2) rpp parameters to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-1053", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1053" + }, + { + "name": "tablejx-index-xss(58270)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58270" + }, + { + "name": "39854", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39854" + }, + { + "name": "12473", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12473" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4526.json b/2010/4xxx/CVE-2010-4526.json index d8764553d40..edb209ac3f3 100644 --- a/2010/4xxx/CVE-2010-4526.json +++ b/2010/4xxx/CVE-2010-4526.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4526", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-4526", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/520102/100/0/threaded" - }, - { - "name" : "[oss-security] 20110104 CVE-2010-4526 kernel: sctp: a race between ICMP protocol unreachable and connect()", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/01/04/3" - }, - { - "name" : "[oss-security] 20110104 Re: CVE-2010-4526 kernel: sctp: a race between ICMP protocol unreachable and connect()", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/01/04/13" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=50b5d6ad63821cea324a5a7a19854d4de1a0a819", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=50b5d6ad63821cea324a5a7a19854d4de1a0a819" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4526", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4526" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" - }, - { - "name" : "RHSA-2011:0163", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0163.html" - }, - { - "name" : "45661", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45661" - }, - { - "name" : "42964", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42964" - }, - { - "name" : "46397", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46397" - }, - { - "name" : "ADV-2011-0169", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0169" - }, - { - "name" : "kernel-icmp-message-dos(64616)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64616" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2011:0163", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0163.html" + }, + { + "name": "[oss-security] 20110104 Re: CVE-2010-4526 kernel: sctp: a race between ICMP protocol unreachable and connect()", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/01/04/13" + }, + { + "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded" + }, + { + "name": "46397", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46397" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4526", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4526" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" + }, + { + "name": "[oss-security] 20110104 CVE-2010-4526 kernel: sctp: a race between ICMP protocol unreachable and connect()", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/01/04/3" + }, + { + "name": "45661", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45661" + }, + { + "name": "ADV-2011-0169", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0169" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=50b5d6ad63821cea324a5a7a19854d4de1a0a819", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=50b5d6ad63821cea324a5a7a19854d4de1a0a819" + }, + { + "name": "kernel-icmp-message-dos(64616)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64616" + }, + { + "name": "42964", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42964" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4777.json b/2010/4xxx/CVE-2010-4777.json index 6b00f153781..5b892420a00 100644 --- a/2010/4xxx/CVE-2010-4777.json +++ b/2010/4xxx/CVE-2010-4777.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4777", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4777", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Postfixbuch-users] 20110222 proxy-reject: END-OF-MESSAGE: 451 4.3.0\tError: queue file write error", - "refsource" : "MLIST", - "url" : "https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836" - }, - { - "name" : "http://forums.ocsinventory-ng.org/viewtopic.php?id=7215", - "refsource" : "MISC", - "url" : "http://forums.ocsinventory-ng.org/viewtopic.php?id=7215" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=694166", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=694166" - }, - { - "name" : "https://rt.perl.org/Public/Bug/Display.html?id=76538", - "refsource" : "CONFIRM", - "url" : "https://rt.perl.org/Public/Bug/Display.html?id=76538" - }, - { - "name" : "openSUSE-SU-2011:0479", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html" - }, - { - "name" : "SUSE-SR:2011:009", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SR:2011:009", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html" + }, + { + "name": "[Postfixbuch-users] 20110222 proxy-reject: END-OF-MESSAGE: 451 4.3.0\tError: queue file write error", + "refsource": "MLIST", + "url": "https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=694166", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694166" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836" + }, + { + "name": "http://forums.ocsinventory-ng.org/viewtopic.php?id=7215", + "refsource": "MISC", + "url": "http://forums.ocsinventory-ng.org/viewtopic.php?id=7215" + }, + { + "name": "https://rt.perl.org/Public/Bug/Display.html?id=76538", + "refsource": "CONFIRM", + "url": "https://rt.perl.org/Public/Bug/Display.html?id=76538" + }, + { + "name": "openSUSE-SU-2011:0479", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4957.json b/2010/4xxx/CVE-2010-4957.json index 5b59d951469..ab67cdc0718 100644 --- a/2010/4xxx/CVE-2010-4957.json +++ b/2010/4xxx/CVE-2010-4957.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4957", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4957", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/extensions/repository/view/ke_questionnaire/2.2.3", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/extensions/repository/view/ke_questionnaire/2.2.3" - }, - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/" - }, - { - "name" : "42369", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42369" - }, - { - "name" : "67031", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/67031" - }, - { - "name" : "40950", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40950" - }, - { - "name" : "questionnaire-unspecified-sql-injection(61042)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61042" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/" + }, + { + "name": "questionnaire-unspecified-sql-injection(61042)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61042" + }, + { + "name": "42369", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42369" + }, + { + "name": "67031", + "refsource": "OSVDB", + "url": "http://osvdb.org/67031" + }, + { + "name": "http://typo3.org/extensions/repository/view/ke_questionnaire/2.2.3", + "refsource": "CONFIRM", + "url": "http://typo3.org/extensions/repository/view/ke_questionnaire/2.2.3" + }, + { + "name": "40950", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40950" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4979.json b/2010/4xxx/CVE-2010-4979.json index 76a4d061791..09305f4a6c3 100644 --- a/2010/4xxx/CVE-2010-4979.json +++ b/2010/4xxx/CVE-2010-4979.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4979", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in image/view.php in CANDID allows remote attackers to execute arbitrary SQL commands via the image_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4979", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.packetstormsecurity.com/1006-exploits/candid-sql.txt", - "refsource" : "MISC", - "url" : "http://www.packetstormsecurity.com/1006-exploits/candid-sql.txt" - }, - { - "name" : "41216", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41216" - }, - { - "name" : "8493", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8493" - }, - { - "name" : "candid-view-sql-injection(59944)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59944" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in image/view.php in CANDID allows remote attackers to execute arbitrary SQL commands via the image_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41216", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41216" + }, + { + "name": "8493", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8493" + }, + { + "name": "http://www.packetstormsecurity.com/1006-exploits/candid-sql.txt", + "refsource": "MISC", + "url": "http://www.packetstormsecurity.com/1006-exploits/candid-sql.txt" + }, + { + "name": "candid-view-sql-injection(59944)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59944" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5150.json b/2010/5xxx/CVE-2010-5150.json index f0058c35ca5..e0062017310 100644 --- a/2010/5xxx/CVE-2010-5150.json +++ b/2010/5xxx/CVE-2010-5150.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5150", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Race condition in 3D EQSecure Professional Edition 4.2 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5150", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html" - }, - { - "name" : "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html" - }, - { - "name" : "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/", - "refsource" : "MISC", - "url" : "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/" - }, - { - "name" : "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php", - "refsource" : "MISC", - "url" : "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php" - }, - { - "name" : "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php", - "refsource" : "MISC", - "url" : "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php" - }, - { - "name" : "http://www.f-secure.com/weblog/archives/00001949.html", - "refsource" : "MISC", - "url" : "http://www.f-secure.com/weblog/archives/00001949.html" - }, - { - "name" : "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/", - "refsource" : "MISC", - "url" : "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/" - }, - { - "name" : "39924", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39924" - }, - { - "name" : "67660", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/67660" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Race condition in 3D EQSecure Professional Edition 4.2 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html" + }, + { + "name": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/", + "refsource": "MISC", + "url": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/" + }, + { + "name": "39924", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39924" + }, + { + "name": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php", + "refsource": "MISC", + "url": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php" + }, + { + "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html" + }, + { + "name": "67660", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/67660" + }, + { + "name": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/", + "refsource": "MISC", + "url": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/" + }, + { + "name": "http://www.f-secure.com/weblog/archives/00001949.html", + "refsource": "MISC", + "url": "http://www.f-secure.com/weblog/archives/00001949.html" + }, + { + "name": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php", + "refsource": "MISC", + "url": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0005.json b/2014/0xxx/CVE-2014-0005.json index edb5ca1802e..0343cb7b72a 100644 --- a/2014/0xxx/CVE-2014-0005.json +++ b/2014/0xxx/CVE-2014-0005.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0005", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2, allows remote authenticated users to read and modify the application sever configuration and state by deploying a crafted application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2014:0343", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0343.html" - }, - { - "name" : "RHSA-2014:0344", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0344.html" - }, - { - "name" : "RHSA-2014:0345", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0345.html" - }, - { - "name" : "RHSA-2015:0234", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0234.html" - }, - { - "name" : "RHSA-2015:0235", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0235.html" - }, - { - "name" : "RHSA-2015:0720", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0720.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2, allows remote authenticated users to read and modify the application sever configuration and state by deploying a crafted application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:0345", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0345.html" + }, + { + "name": "RHSA-2015:0234", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0234.html" + }, + { + "name": "RHSA-2015:0720", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html" + }, + { + "name": "RHSA-2015:0235", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0235.html" + }, + { + "name": "RHSA-2014:0344", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0344.html" + }, + { + "name": "RHSA-2014:0343", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0343.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0197.json b/2014/0xxx/CVE-2014-0197.json index 7346c096020..417e577ddef 100644 --- a/2014/0xxx/CVE-2014-0197.json +++ b/2014/0xxx/CVE-2014-0197.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0197", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-0197", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0240.json b/2014/0xxx/CVE-2014-0240.json index f4bff841ba5..97c037e3985 100644 --- a/2014/0xxx/CVE-2014-0240.json +++ b/2014/0xxx/CVE-2014-0240.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0240", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0240", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140521 Security release for mod_wsgi (version 3.5)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/05/21/1" - }, - { - "name" : "http://blog.dscpl.com.au/2014/05/security-release-for-modwsgi-version-35.html", - "refsource" : "CONFIRM", - "url" : "http://blog.dscpl.com.au/2014/05/security-release-for-modwsgi-version-35.html" - }, - { - "name" : "http://modwsgi.readthedocs.org/en/latest/release-notes/version-3.5.html", - "refsource" : "CONFIRM", - "url" : "http://modwsgi.readthedocs.org/en/latest/release-notes/version-3.5.html" - }, - { - "name" : "RHSA-2014:0789", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0789.html" - }, - { - "name" : "67532", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67532" - }, - { - "name" : "60094", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60094" - }, - { - "name" : "59551", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59551" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "59551", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59551" + }, + { + "name": "67532", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67532" + }, + { + "name": "http://modwsgi.readthedocs.org/en/latest/release-notes/version-3.5.html", + "refsource": "CONFIRM", + "url": "http://modwsgi.readthedocs.org/en/latest/release-notes/version-3.5.html" + }, + { + "name": "[oss-security] 20140521 Security release for mod_wsgi (version 3.5)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/05/21/1" + }, + { + "name": "RHSA-2014:0789", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0789.html" + }, + { + "name": "http://blog.dscpl.com.au/2014/05/security-release-for-modwsgi-version-35.html", + "refsource": "CONFIRM", + "url": "http://blog.dscpl.com.au/2014/05/security-release-for-modwsgi-version-35.html" + }, + { + "name": "60094", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60094" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0358.json b/2014/0xxx/CVE-2014-0358.json index de6adede649..cc1b86d2261 100644 --- a/2014/0xxx/CVE-2014-0358.json +++ b/2014/0xxx/CVE-2014-0358.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0358", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in Xangati XSR before 11 and XNR before 7 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the file parameter in a getUpgradeStatus action to servlet/MGConfigData, (2) the download parameter in a download action to servlet/MGConfigData, (3) the download parameter in a port_svc action to servlet/MGConfigData, (4) the file parameter in a getfile action to servlet/Installer, or (5) the binfile parameter to servlet/MGConfigData." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-0358", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#657622", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/657622" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in Xangati XSR before 11 and XNR before 7 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the file parameter in a getUpgradeStatus action to servlet/MGConfigData, (2) the download parameter in a download action to servlet/MGConfigData, (3) the download parameter in a port_svc action to servlet/MGConfigData, (4) the file parameter in a getfile action to servlet/Installer, or (5) the binfile parameter to servlet/MGConfigData." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#657622", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/657622" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0373.json b/2014/0xxx/CVE-2014-0373.json index ab64d7039f4..9e96b2be827 100644 --- a/2014/0xxx/CVE-2014-0373.json +++ b/2014/0xxx/CVE-2014-0373.json @@ -1,207 +1,207 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0373", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to throwing of an incorrect exception when SnmpStatusException should have been used in the SNMP implementation, which allows attackers to escape the sandbox." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-0373", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/496c51673dec", - "refsource" : "MISC", - "url" : "http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/496c51673dec" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1051699", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1051699" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777" - }, - { - "name" : "HPSBUX02972", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402697611681&w=2" - }, - { - "name" : "HPSBUX02973", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402749111889&w=2" - }, - { - "name" : "SSRT101454", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402697611681&w=2" - }, - { - "name" : "SSRT101455", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402749111889&w=2" - }, - { - "name" : "RHSA-2014:0026", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0026.html" - }, - { - "name" : "RHSA-2014:0027", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0027.html" - }, - { - "name" : "RHSA-2014:0097", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0097.html" - }, - { - "name" : "RHSA-2014:0136", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0136.html" - }, - { - "name" : "RHSA-2014:0030", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0030.html" - }, - { - "name" : "RHSA-2014:0134", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0134.html" - }, - { - "name" : "RHSA-2014:0135", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0135.html" - }, - { - "name" : "RHSA-2014:0414", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0414" - }, - { - "name" : "openSUSE-SU-2014:0174", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html" - }, - { - "name" : "SUSE-SU-2014:0246", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" - }, - { - "name" : "SUSE-SU-2014:0266", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" - }, - { - "name" : "openSUSE-SU-2014:0177", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html" - }, - { - "name" : "openSUSE-SU-2014:0180", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html" - }, - { - "name" : "SUSE-SU-2014:0451", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" - }, - { - "name" : "USN-2089-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2089-1" - }, - { - "name" : "USN-2124-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2124-1" - }, - { - "name" : "64758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64758" - }, - { - "name" : "64922", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64922" - }, - { - "name" : "1029608", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029608" - }, - { - "name" : "56432", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56432" - }, - { - "name" : "56485", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56485" - }, - { - "name" : "56535", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56535" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to throwing of an incorrect exception when SnmpStatusException should have been used in the SNMP implementation, which allows attackers to escape the sandbox." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/496c51673dec", + "refsource": "MISC", + "url": "http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/496c51673dec" + }, + { + "name": "56432", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56432" + }, + { + "name": "RHSA-2014:0414", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0414" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1051699", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1051699" + }, + { + "name": "RHSA-2014:0136", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0136.html" + }, + { + "name": "openSUSE-SU-2014:0174", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html" + }, + { + "name": "SSRT101455", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402749111889&w=2" + }, + { + "name": "RHSA-2014:0135", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0135.html" + }, + { + "name": "64922", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64922" + }, + { + "name": "56535", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56535" + }, + { + "name": "USN-2089-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2089-1" + }, + { + "name": "RHSA-2014:0030", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0030.html" + }, + { + "name": "RHSA-2014:0097", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0097.html" + }, + { + "name": "56485", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56485" + }, + { + "name": "SSRT101454", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402697611681&w=2" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777" + }, + { + "name": "HPSBUX02972", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402697611681&w=2" + }, + { + "name": "RHSA-2014:0027", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0027.html" + }, + { + "name": "SUSE-SU-2014:0451", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" + }, + { + "name": "HPSBUX02973", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402749111889&w=2" + }, + { + "name": "1029608", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029608" + }, + { + "name": "USN-2124-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2124-1" + }, + { + "name": "SUSE-SU-2014:0266", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" + }, + { + "name": "RHSA-2014:0026", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0026.html" + }, + { + "name": "64758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64758" + }, + { + "name": "SUSE-SU-2014:0246", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" + }, + { + "name": "RHSA-2014:0134", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0134.html" + }, + { + "name": "openSUSE-SU-2014:0180", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html" + }, + { + "name": "openSUSE-SU-2014:0177", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0931.json b/2014/0xxx/CVE-2014-0931.json index 562ae7c219e..7428bcfef8a 100644 --- a/2014/0xxx/CVE-2014-0931.json +++ b/2014/0xxx/CVE-2014-0931.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0931", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scripts, (3) CMAPI Java interface, (4) ClearCase remote client, and (5) CMI and OSLC-based ClearQuest integrations components in IBM Rational ClearCase 7.1.0.x, 7.1.1.x, 7.1.2 through 7.1.2.13, 8.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92263." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0931", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21668868", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21668868" - }, - { - "name" : "ibm-clearcase-cve20140931-xxe(92263)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92263" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scripts, (3) CMAPI Java interface, (4) ClearCase remote client, and (5) CMI and OSLC-based ClearQuest integrations components in IBM Rational ClearCase 7.1.0.x, 7.1.1.x, 7.1.2 through 7.1.2.13, 8.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92263." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-clearcase-cve20140931-xxe(92263)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92263" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21668868", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21668868" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1413.json b/2014/1xxx/CVE-2014-1413.json index 132fe8abc8b..5128e214386 100644 --- a/2014/1xxx/CVE-2014-1413.json +++ b/2014/1xxx/CVE-2014-1413.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1413", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1413", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1785.json b/2014/1xxx/CVE-2014-1785.json index abd1b1cab69..7c150803bb1 100644 --- a/2014/1xxx/CVE-2014-1785.json +++ b/2014/1xxx/CVE-2014-1785.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1785", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-1769, CVE-2014-1782, CVE-2014-2753, CVE-2014-2755, CVE-2014-2760, CVE-2014-2761, CVE-2014-2772, and CVE-2014-2776." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-1785", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40946", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40946/" - }, - { - "name" : "http://blog.skylined.nl/20161220001.html", - "refsource" : "MISC", - "url" : "http://blog.skylined.nl/20161220001.html" - }, - { - "name" : "http://packetstormsecurity.com/files/140233/Microsoft-Internet-Explorer-11-MSHTML-CSpliceTreeEngine-RemoveSplice-Use-After-Free.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/140233/Microsoft-Internet-Explorer-11-MSHTML-CSpliceTreeEngine-RemoveSplice-Use-After-Free.html" - }, - { - "name" : "MS14-035", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035" - }, - { - "name" : "67878", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67878" - }, - { - "name" : "1030370", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030370" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-1769, CVE-2014-1782, CVE-2014-2753, CVE-2014-2755, CVE-2014-2760, CVE-2014-2761, CVE-2014-2772, and CVE-2014-2776." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030370", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030370" + }, + { + "name": "http://packetstormsecurity.com/files/140233/Microsoft-Internet-Explorer-11-MSHTML-CSpliceTreeEngine-RemoveSplice-Use-After-Free.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/140233/Microsoft-Internet-Explorer-11-MSHTML-CSpliceTreeEngine-RemoveSplice-Use-After-Free.html" + }, + { + "name": "http://blog.skylined.nl/20161220001.html", + "refsource": "MISC", + "url": "http://blog.skylined.nl/20161220001.html" + }, + { + "name": "40946", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40946/" + }, + { + "name": "MS14-035", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035" + }, + { + "name": "67878", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67878" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1932.json b/2014/1xxx/CVE-2014-1932.json index 89f5b42e8b1..cdbaa0d651c 100644 --- a/2014/1xxx/CVE-2014-1932.json +++ b/2014/1xxx/CVE-2014-1932.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1932", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1932", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140210 Re: CVE requests: Pacemaker, Python Imaging Library, eyeD3, 9base, rc, Gamera, RPLY - insecure use of /tmp", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/02/11/1" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059" - }, - { - "name" : "https://github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7", - "refsource" : "CONFIRM", - "url" : "https://github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7" - }, - { - "name" : "GLSA-201612-52", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-52" - }, - { - "name" : "openSUSE-SU-2014:0591", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-05/msg00002.html" - }, - { - "name" : "USN-2168-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2168-1" - }, - { - "name" : "65511", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65511" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059" + }, + { + "name": "GLSA-201612-52", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-52" + }, + { + "name": "https://github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7", + "refsource": "CONFIRM", + "url": "https://github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7" + }, + { + "name": "[oss-security] 20140210 Re: CVE requests: Pacemaker, Python Imaging Library, eyeD3, 9base, rc, Gamera, RPLY - insecure use of /tmp", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/02/11/1" + }, + { + "name": "USN-2168-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2168-1" + }, + { + "name": "65511", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65511" + }, + { + "name": "openSUSE-SU-2014:0591", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4111.json b/2014/4xxx/CVE-2014-4111.json index bd0aad6d8af..52043a95154 100644 --- a/2014/4xxx/CVE-2014-4111.json +++ b/2014/4xxx/CVE-2014-4111.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4111", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, and CVE-2014-4110." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-4111", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-052", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052" - }, - { - "name" : "69615", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69615" - }, - { - "name" : "1030818", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030818" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, and CVE-2014-4110." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69615", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69615" + }, + { + "name": "1030818", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030818" + }, + { + "name": "MS14-052", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4156.json b/2014/4xxx/CVE-2014-4156.json index 9485aa6056e..c476a88f364 100644 --- a/2014/4xxx/CVE-2014-4156.json +++ b/2014/4xxx/CVE-2014-4156.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4156", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4156", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4268.json b/2014/4xxx/CVE-2014-4268.json index 69548083c15..c9f36fd4cd4 100644 --- a/2014/4xxx/CVE-2014-4268.json +++ b/2014/4xxx/CVE-2014-4268.json @@ -1,212 +1,212 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4268", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Swing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-4268", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded" - }, - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/23" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686383", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686383" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686824", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686824" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680334", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680334" - }, - { - "name" : "DSA-2980", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2980" - }, - { - "name" : "DSA-2987", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2987" - }, - { - "name" : "GLSA-201502-12", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-12.xml" - }, - { - "name" : "HPSBUX03091", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2" - }, - { - "name" : "HPSBUX03092", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140852974709252&w=2" - }, - { - "name" : "SSRT101667", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2" - }, - { - "name" : "SSRT101668", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140852974709252&w=2" - }, - { - "name" : "SUSE-SU-2015:0344", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html" - }, - { - "name" : "SUSE-SU-2015:0376", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html" - }, - { - "name" : "SUSE-SU-2015:0392", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html" - }, - { - "name" : "68615", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68615" - }, - { - "name" : "1030577", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030577" - }, - { - "name" : "60081", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60081" - }, - { - "name" : "60317", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60317" - }, - { - "name" : "61577", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61577" - }, - { - "name" : "61640", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61640" - }, - { - "name" : "59404", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59404" - }, - { - "name" : "60817", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60817" - }, - { - "name" : "60485", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60485" - }, - { - "name" : "59680", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59680" - }, - { - "name" : "60622", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60622" - }, - { - "name" : "60129", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60129" - }, - { - "name" : "60812", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60812" - }, - { - "name" : "oracle-cpujul2014-cve20144268(94602)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94602" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Swing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2987", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2987" + }, + { + "name": "68615", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68615" + }, + { + "name": "60129", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60129" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" + }, + { + "name": "HPSBUX03091", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2" + }, + { + "name": "DSA-2980", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2980" + }, + { + "name": "1030577", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030577" + }, + { + "name": "SSRT101667", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2" + }, + { + "name": "HPSBUX03092", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140852974709252&w=2" + }, + { + "name": "60812", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60812" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" + }, + { + "name": "SUSE-SU-2015:0376", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html" + }, + { + "name": "60817", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60817" + }, + { + "name": "oracle-cpujul2014-cve20144268(94602)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94602" + }, + { + "name": "61577", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61577" + }, + { + "name": "SUSE-SU-2015:0392", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html" + }, + { + "name": "SSRT101668", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140852974709252&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" + }, + { + "name": "60485", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60485" + }, + { + "name": "59680", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59680" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686383", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686383" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/23" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680334", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680334" + }, + { + "name": "60622", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60622" + }, + { + "name": "60081", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60081" + }, + { + "name": "61640", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61640" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686824", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686824" + }, + { + "name": "GLSA-201502-12", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-12.xml" + }, + { + "name": "60317", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60317" + }, + { + "name": "SUSE-SU-2015:0344", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html" + }, + { + "name": "59404", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59404" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4509.json b/2014/4xxx/CVE-2014-4509.json index 941f86d4312..22744b86fe4 100644 --- a/2014/4xxx/CVE-2014-4509.json +++ b/2014/4xxx/CVE-2014-4509.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4509", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MKDQUOTESAFE function in the Fan-out driver scripts in Fan-Out Platform Services in Novell Identity Manager (aka IDM) 4.0.2 allows local users to execute arbitrary commands by leveraging eDirectory POSIX attribute changes to insert shell metacharacters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4509", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://download.novell.com/Download?buildid=5XLmBl54_Rg~", - "refsource" : "CONFIRM", - "url" : "http://download.novell.com/Download?buildid=5XLmBl54_Rg~" - }, - { - "name" : "68139", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68139" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MKDQUOTESAFE function in the Fan-out driver scripts in Fan-Out Platform Services in Novell Identity Manager (aka IDM) 4.0.2 allows local users to execute arbitrary commands by leveraging eDirectory POSIX attribute changes to insert shell metacharacters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "68139", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68139" + }, + { + "name": "http://download.novell.com/Download?buildid=5XLmBl54_Rg~", + "refsource": "CONFIRM", + "url": "http://download.novell.com/Download?buildid=5XLmBl54_Rg~" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4841.json b/2014/4xxx/CVE-2014-4841.json index 5febc5a2b06..2ea60608997 100644 --- a/2014/4xxx/CVE-2014-4841.json +++ b/2014/4xxx/CVE-2014-4841.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4841", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4841", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/72xxx/CVE-2014-72038.json b/2014/72xxx/CVE-2014-72038.json index c0e50fc7ba8..c43f5e64953 100644 --- a/2014/72xxx/CVE-2014-72038.json +++ b/2014/72xxx/CVE-2014-72038.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-72038", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2353. Reason: This candidate is a duplicate of CVE-2014-2353. The wrong ID was used. Notes: All CVE users should reference CVE-2014-2353 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-72038", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2353. Reason: This candidate is a duplicate of CVE-2014-2353. The wrong ID was used. Notes: All CVE users should reference CVE-2014-2353 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9456.json b/2014/9xxx/CVE-2014-9456.json index 41f183e8898..36272a33c67 100644 --- a/2014/9xxx/CVE-2014-9456.json +++ b/2014/9xxx/CVE-2014-9456.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9456", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in NotePad++ 6.6.9 allows remote attackers to have unspecified impact via a long Time attribute in an Event element in an XML file. NOTE: this issue was originally incorrectly mapped to CVE-2014-1004; see CVE-2014-1004 for more information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9456", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35589", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35589" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in NotePad++ 6.6.9 allows remote attackers to have unspecified impact via a long Time attribute in an Event element in an XML file. NOTE: this issue was originally incorrectly mapped to CVE-2014-1004; see CVE-2014-1004 for more information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35589", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35589" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9654.json b/2014/9xxx/CVE-2014-9654.json index 0f4ecfef092..f0764742d20 100644 --- a/2014/9xxx/CVE-2014-9654.json +++ b/2014/9xxx/CVE-2014-9654.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9654", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring that they can be represented in a 24-bit field, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted string, a related issue to CVE-2014-7923." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-9654", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150205 Re: CVE request - ICU", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2015/02/05/15" - }, - { - "name" : "http://bugs.icu-project.org/trac/changeset/36801", - "refsource" : "CONFIRM", - "url" : "http://bugs.icu-project.org/trac/changeset/36801" - }, - { - "name" : "http://bugs.icu-project.org/trac/ticket/11371", - "refsource" : "CONFIRM", - "url" : "http://bugs.icu-project.org/trac/ticket/11371" - }, - { - "name" : "https://chromium.googlesource.com/chromium/deps/icu/+/dd727641e190d60e4593bcb3a35c7f51eb4925c5", - "refsource" : "CONFIRM", - "url" : "https://chromium.googlesource.com/chromium/deps/icu/+/dd727641e190d60e4593bcb3a35c7f51eb4925c5" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=432209", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=432209" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" - }, - { - "name" : "GLSA-201503-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201503-06" - }, - { - "name" : "1035410", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035410" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring that they can be represented in a 24-bit field, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted string, a related issue to CVE-2014-7923." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.icu-project.org/trac/ticket/11371", + "refsource": "CONFIRM", + "url": "http://bugs.icu-project.org/trac/ticket/11371" + }, + { + "name": "https://chromium.googlesource.com/chromium/deps/icu/+/dd727641e190d60e4593bcb3a35c7f51eb4925c5", + "refsource": "CONFIRM", + "url": "https://chromium.googlesource.com/chromium/deps/icu/+/dd727641e190d60e4593bcb3a35c7f51eb4925c5" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=432209", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=432209" + }, + { + "name": "1035410", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035410" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" + }, + { + "name": "GLSA-201503-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201503-06" + }, + { + "name": "http://bugs.icu-project.org/trac/changeset/36801", + "refsource": "CONFIRM", + "url": "http://bugs.icu-project.org/trac/changeset/36801" + }, + { + "name": "[oss-security] 20150205 Re: CVE request - ICU", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2015/02/05/15" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9898.json b/2014/9xxx/CVE-2014-9898.json index 1a96e8701e6..14e29b14772 100644 --- a/2014/9xxx/CVE-2014-9898.json +++ b/2014/9xxx/CVE-2014-9898.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9898", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28814690 and Qualcomm internal bug CR554575." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2014-9898", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-08-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-08-01.html" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=80be0e249c906704085d13d4ae446f73913fc225", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=80be0e249c906704085d13d4ae446f73913fc225" - }, - { - "name" : "92222", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92222" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28814690 and Qualcomm internal bug CR554575." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-08-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-08-01.html" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=80be0e249c906704085d13d4ae446f73913fc225", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=80be0e249c906704085d13d4ae446f73913fc225" + }, + { + "name": "92222", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92222" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6345.json b/2016/6xxx/CVE-2016-6345.json index 3b0f2ffd783..2d9d2eec27b 100644 --- a/2016/6xxx/CVE-2016-6345.json +++ b/2016/6xxx/CVE-2016-6345.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-6345", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RESTEasy allows remote authenticated users to obtain sensitive information by leveraging \"insufficient use of random values\" in async jobs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-6345", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1372117", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1372117" - }, - { - "name" : "92746", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92746" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RESTEasy allows remote authenticated users to obtain sensitive information by leveraging \"insufficient use of random values\" in async jobs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1372117", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372117" + }, + { + "name": "92746", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92746" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7529.json b/2016/7xxx/CVE-2016-7529.json index a3b9910a08f..40e385d966b 100644 --- a/2016/7xxx/CVE-2016-7529.json +++ b/2016/7xxx/CVE-2016-7529.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7529", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "coders/xcf.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted XCF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2016-7529", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160922 Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/22/2" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539051", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539051" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539052", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539052" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1378761", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1378761" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/a2e1064f288a353bc5fef7f79ccb7683759e775c", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/a2e1064f288a353bc5fef7f79ccb7683759e775c" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/103", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/103" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/104", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/104" - }, - { - "name" : "93131", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93131" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "coders/xcf.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted XCF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/104", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/104" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539051", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539051" + }, + { + "name": "[oss-security] 20160922 Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/22/2" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539052", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539052" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/a2e1064f288a353bc5fef7f79ccb7683759e775c", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/commit/a2e1064f288a353bc5fef7f79ccb7683759e775c" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/103", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/103" + }, + { + "name": "93131", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93131" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1378761", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1378761" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7578.json b/2016/7xxx/CVE-2016-7578.json index 34d794b27c1..680ef3d4bce 100644 --- a/2016/7xxx/CVE-2016-7578.json +++ b/2016/7xxx/CVE-2016-7578.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-7578", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-7578", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207270", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207270" - }, - { - "name" : "https://support.apple.com/HT207271", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207271" - }, - { - "name" : "https://support.apple.com/HT207272", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207272" - }, - { - "name" : "https://support.apple.com/HT207273", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207273" - }, - { - "name" : "https://support.apple.com/HT207274", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207274" - }, - { - "name" : "93949", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93949" - }, - { - "name" : "1037139", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037139" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT207271", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207271" + }, + { + "name": "93949", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93949" + }, + { + "name": "https://support.apple.com/HT207273", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207273" + }, + { + "name": "https://support.apple.com/HT207270", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207270" + }, + { + "name": "https://support.apple.com/HT207274", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207274" + }, + { + "name": "1037139", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037139" + }, + { + "name": "https://support.apple.com/HT207272", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207272" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7799.json b/2016/7xxx/CVE-2016-7799.json index 1fc0d44835a..e7118006f9d 100644 --- a/2016/7xxx/CVE-2016-7799.json +++ b/2016/7xxx/CVE-2016-7799.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7799", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7799", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161001 Re: imagemagick mogrify global buffer overflow", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/01/6" - }, - { - "name" : "[oss-security] 20161001 imagemagick mogrify global buffer overflow", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/01/4" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/a7bb158b7bedd1449a34432feb3a67c8f1873bfa", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/a7bb158b7bedd1449a34432feb3a67c8f1873bfa" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/280", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/280" - }, - { - "name" : "DSA-3726", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3726" - }, - { - "name" : "GLSA-201611-21", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201611-21" - }, - { - "name" : "93264", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93264" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201611-21", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201611-21" + }, + { + "name": "93264", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93264" + }, + { + "name": "[oss-security] 20161001 imagemagick mogrify global buffer overflow", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/01/4" + }, + { + "name": "[oss-security] 20161001 Re: imagemagick mogrify global buffer overflow", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/01/6" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/280", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/280" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/a7bb158b7bedd1449a34432feb3a67c8f1873bfa", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/commit/a7bb158b7bedd1449a34432feb3a67c8f1873bfa" + }, + { + "name": "DSA-3726", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3726" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7922.json b/2016/7xxx/CVE-2016-7922.json index dc702db796a..04777e28614 100644 --- a/2016/7xxx/CVE-2016-7922.json +++ b/2016/7xxx/CVE-2016-7922.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7922", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AH parser in tcpdump before 4.9.0 has a buffer overflow in print-ah.c:ah_print()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7922", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html", - "refsource" : "CONFIRM", - "url" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html" - }, - { - "name" : "DSA-3775", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3775" - }, - { - "name" : "GLSA-201702-30", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-30" - }, - { - "name" : "RHSA-2017:1871", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1871" - }, - { - "name" : "95852", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95852" - }, - { - "name" : "1037755", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AH parser in tcpdump before 4.9.0 has a buffer overflow in print-ah.c:ah_print()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037755", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037755" + }, + { + "name": "DSA-3775", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3775" + }, + { + "name": "RHSA-2017:1871", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1871" + }, + { + "name": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html", + "refsource": "CONFIRM", + "url": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html" + }, + { + "name": "95852", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95852" + }, + { + "name": "GLSA-201702-30", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-30" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8027.json b/2016/8xxx/CVE-2016-8027.json index 8cd5b2135b0..7a6f113891b 100644 --- a/2016/8xxx/CVE-2016-8027.json +++ b/2016/8xxx/CVE-2016-8027.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "ID" : "CVE-2016-8027", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier", - "version" : { - "version_data" : [ - { - "version_value" : "McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without authentication via a specially crafted HTTP post." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "ID": "CVE-2016-8027", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier", + "version": { + "version_data": [ + { + "version_value": "McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10187", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10187" - }, - { - "name" : "95981", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95981" - }, - { - "name" : "1037777", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037777" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without authentication via a specially crafted HTTP post." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL injection vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037777", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037777" + }, + { + "name": "95981", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95981" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10187", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10187" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8079.json b/2016/8xxx/CVE-2016-8079.json index 7bd83be27c7..0af9be101ea 100644 --- a/2016/8xxx/CVE-2016-8079.json +++ b/2016/8xxx/CVE-2016-8079.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8079", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8079", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8193.json b/2016/8xxx/CVE-2016-8193.json index 0eb612ad58a..fc5eb17511f 100644 --- a/2016/8xxx/CVE-2016-8193.json +++ b/2016/8xxx/CVE-2016-8193.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8193", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8193", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9220.json b/2016/9xxx/CVE-2016-9220.json index 9b7aab20bd7..8e462d496c7 100644 --- a/2016/9xxx/CVE-2016-9220.json +++ b/2016/9xxx/CVE-2016-9220.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2016-9220", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Mobility Express 2800 and 3800", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Mobility Express 2800 and 3800" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Denial of Service Vulnerability in 802.11 ingress packet processing of the Cisco Mobility Express 2800 and 3800 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause the connection table to be full of invalid connections and be unable to process new incoming requests. More Information: CSCvb66659. Known Affected Releases: 8.2(130.0). Known Fixed Releases: 8.2(131.10) 8.2(131.6) 8.2(141.0) 8.3(104.56) 8.4(1.88) 8.4(1.91)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unspecified" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-9220", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Mobility Express 2800 and 3800", + "version": { + "version_data": [ + { + "version_value": "Cisco Mobility Express 2800 and 3800" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cme1", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cme1" - }, - { - "name" : "95633", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95633" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Denial of Service Vulnerability in 802.11 ingress packet processing of the Cisco Mobility Express 2800 and 3800 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause the connection table to be full of invalid connections and be unable to process new incoming requests. More Information: CSCvb66659. Known Affected Releases: 8.2(130.0). Known Fixed Releases: 8.2(131.10) 8.2(131.6) 8.2(141.0) 8.3(104.56) 8.4(1.88) 8.4(1.91)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cme1", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cme1" + }, + { + "name": "95633", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95633" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9436.json b/2016/9xxx/CVE-2016-9436.json index 9dd017c16c1..2a769b4cd3c 100644 --- a/2016/9xxx/CVE-2016-9436.json +++ b/2016/9xxx/CVE-2016-9436.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9436", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9436", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161118 Re: CVE request: w3m - multiple vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/11/18/3" - }, - { - "name" : "https://github.com/tats/w3m/issues/16", - "refsource" : "MISC", - "url" : "https://github.com/tats/w3m/issues/16" - }, - { - "name" : "https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd", - "refsource" : "CONFIRM", - "url" : "https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd" - }, - { - "name" : "GLSA-201701-08", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-08" - }, - { - "name" : "openSUSE-SU-2016:3121", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00084.html" - }, - { - "name" : "94407", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94407" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201701-08", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-08" + }, + { + "name": "https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd", + "refsource": "CONFIRM", + "url": "https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd" + }, + { + "name": "openSUSE-SU-2016:3121", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00084.html" + }, + { + "name": "https://github.com/tats/w3m/issues/16", + "refsource": "MISC", + "url": "https://github.com/tats/w3m/issues/16" + }, + { + "name": "94407", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94407" + }, + { + "name": "[oss-security] 20161118 Re: CVE request: w3m - multiple vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/11/18/3" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9952.json b/2016/9xxx/CVE-2016-9952.json index 41b7e7f5f69..2118232aa3e 100644 --- a/2016/9xxx/CVE-2016-9952.json +++ b/2016/9xxx/CVE-2016-9952.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9952", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as demonstrated by \"*.com.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9952", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://curl.haxx.se/CVE-2016-9952.patch", - "refsource" : "CONFIRM", - "url" : "https://curl.haxx.se/CVE-2016-9952.patch" - }, - { - "name" : "https://curl.haxx.se/docs/adv_20161221B.html", - "refsource" : "CONFIRM", - "url" : "https://curl.haxx.se/docs/adv_20161221B.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as demonstrated by \"*.com.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://curl.haxx.se/docs/adv_20161221B.html", + "refsource": "CONFIRM", + "url": "https://curl.haxx.se/docs/adv_20161221B.html" + }, + { + "name": "https://curl.haxx.se/CVE-2016-9952.patch", + "refsource": "CONFIRM", + "url": "https://curl.haxx.se/CVE-2016-9952.patch" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2823.json b/2019/2xxx/CVE-2019-2823.json index f701273684f..e90d80687fc 100644 --- a/2019/2xxx/CVE-2019-2823.json +++ b/2019/2xxx/CVE-2019-2823.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2823", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2823", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file