diff --git a/2006/1xxx/CVE-2006-1169.json b/2006/1xxx/CVE-2006-1169.json index a06deae7913..b451a6f1b78 100644 --- a/2006/1xxx/CVE-2006-1169.json +++ b/2006/1xxx/CVE-2006-1169.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1169", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-1169", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1439.json b/2006/1xxx/CVE-2006-1439.json index 01f46b3574c..4ca38f3b963 100644 --- a/2006/1xxx/CVE-2006-1439.json +++ b/2006/1xxx/CVE-2006-1439.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1439", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NSSecureTextField in AppKit in Apple Mac OS X 10.4.6 does not re-enable secure event input under certain circumstances, which could allow other applications in the window session to monitor input characters and keyboard events." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1439", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2006-05-11", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html" - }, - { - "name" : "TA06-132A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-132A.html" - }, - { - "name" : "17951", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17951" - }, - { - "name" : "ADV-2006-1779", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1779" - }, - { - "name" : "25583", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25583" - }, - { - "name" : "20077", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20077" - }, - { - "name" : "macos-appkit-nssecuretext-weak-security(26404)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26404" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NSSecureTextField in AppKit in Apple Mac OS X 10.4.6 does not re-enable secure event input under certain circumstances, which could allow other applications in the window session to monitor input characters and keyboard events." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17951", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17951" + }, + { + "name": "ADV-2006-1779", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1779" + }, + { + "name": "TA06-132A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html" + }, + { + "name": "macos-appkit-nssecuretext-weak-security(26404)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26404" + }, + { + "name": "APPLE-SA-2006-05-11", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html" + }, + { + "name": "20077", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20077" + }, + { + "name": "25583", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25583" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1477.json b/2006/1xxx/CVE-2006-1477.json index 1f67b44189f..6b2eedff45c 100644 --- a/2006/1xxx/CVE-2006-1477.json +++ b/2006/1xxx/CVE-2006-1477.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1477", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools PHP Live Helper 1.8 allow remote attackers to include and execute arbitrary PHP code via the abs_path parameter in (1) initiate.php, (2) waiting.php, (3) welcome.php, (4) admin/index.php, (5) javascript.php, (6) checkchat.php, and (7) blank.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1477", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060327 PHPLiveHelper 1.8 remote command execution (include) Xploit (perl)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/428976/100/0/threaded" - }, - { - "name" : "20060619 PHP Live Helper <=([abs_path]) Remote File Include Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437648/100/0/threaded" - }, - { - "name" : "20060619 Re: PHP Live Helper <=([abs_path]) Remote File Include Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437741/100/0/threaded" - }, - { - "name" : "http://www.turnkeywebtools.com/forum/showthread.php?p=10415", - "refsource" : "MISC", - "url" : "http://www.turnkeywebtools.com/forum/showthread.php?p=10415" - }, - { - "name" : "http://www.worlddefacers.de/Public/WD-TMPLH.txt", - "refsource" : "MISC", - "url" : "http://www.worlddefacers.de/Public/WD-TMPLH.txt" - }, - { - "name" : "18509", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18509" - }, - { - "name" : "ADV-2006-1137", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1137" - }, - { - "name" : "24193", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24193" - }, - { - "name" : "24194", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24194" - }, - { - "name" : "24195", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24195" - }, - { - "name" : "24196", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24196" - }, - { - "name" : "24197", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24197" - }, - { - "name" : "24198", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24198" - }, - { - "name" : "24199", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24199" - }, - { - "name" : "19428", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19428" - }, - { - "name" : "phplivehelper-abspath-file-include(25489)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25489" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools PHP Live Helper 1.8 allow remote attackers to include and execute arbitrary PHP code via the abs_path parameter in (1) initiate.php, (2) waiting.php, (3) welcome.php, (4) admin/index.php, (5) javascript.php, (6) checkchat.php, and (7) blank.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24199", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24199" + }, + { + "name": "20060619 Re: PHP Live Helper <=([abs_path]) Remote File Include Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437741/100/0/threaded" + }, + { + "name": "24194", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24194" + }, + { + "name": "24193", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24193" + }, + { + "name": "20060327 PHPLiveHelper 1.8 remote command execution (include) Xploit (perl)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/428976/100/0/threaded" + }, + { + "name": "24195", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24195" + }, + { + "name": "19428", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19428" + }, + { + "name": "ADV-2006-1137", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1137" + }, + { + "name": "20060619 PHP Live Helper <=([abs_path]) Remote File Include Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437648/100/0/threaded" + }, + { + "name": "24198", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24198" + }, + { + "name": "24197", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24197" + }, + { + "name": "http://www.turnkeywebtools.com/forum/showthread.php?p=10415", + "refsource": "MISC", + "url": "http://www.turnkeywebtools.com/forum/showthread.php?p=10415" + }, + { + "name": "phplivehelper-abspath-file-include(25489)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25489" + }, + { + "name": "http://www.worlddefacers.de/Public/WD-TMPLH.txt", + "refsource": "MISC", + "url": "http://www.worlddefacers.de/Public/WD-TMPLH.txt" + }, + { + "name": "24196", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24196" + }, + { + "name": "18509", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18509" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1513.json b/2006/1xxx/CVE-2006-1513.json index 8e3a6d66bfb..ccab3328c56 100644 --- a/2006/1xxx/CVE-2006-1513.json +++ b/2006/1xxx/CVE-2006-1513.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1513", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in abc2ps before 1.3.3 allow user-assisted attackers to execute arbitrary code via crafted ABC music files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2006-1513", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-1041", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1041" - }, - { - "name" : "17689", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17689" - }, - { - "name" : "ADV-2006-1511", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1511" - }, - { - "name" : "19787", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19787" - }, - { - "name" : "19807", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19807" - }, - { - "name" : "abc2ps-abc-bo(26043)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26043" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in abc2ps before 1.3.3 allow user-assisted attackers to execute arbitrary code via crafted ABC music files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "abc2ps-abc-bo(26043)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26043" + }, + { + "name": "ADV-2006-1511", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1511" + }, + { + "name": "19787", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19787" + }, + { + "name": "17689", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17689" + }, + { + "name": "19807", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19807" + }, + { + "name": "DSA-1041", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1041" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5548.json b/2006/5xxx/CVE-2006-5548.json index 71c56afdebf..49a665118a7 100644 --- a/2006/5xxx/CVE-2006-5548.json +++ b/2006/5xxx/CVE-2006-5548.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5548", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open Tibia Server Content Management System (OTSCMS) 2.0.0 through 2.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][directories][classes] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5548", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2622", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2622" - }, - { - "name" : "20694", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20694" - }, - { - "name" : "ADV-2006-4180", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4180" - }, - { - "name" : "22548", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22548" - }, - { - "name" : "otscms-otscms-file-include(29719)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29719" - }, - { - "name" : "20061025 CONFIRM: OTSCMS file inclusions - PHP5 __autoload", - "refsource" : "VIM", - "url" : "http://attrition.org/pipermail/vim/2006-October/001096.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open Tibia Server Content Management System (OTSCMS) 2.0.0 through 2.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][directories][classes] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "otscms-otscms-file-include(29719)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29719" + }, + { + "name": "20694", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20694" + }, + { + "name": "20061025 CONFIRM: OTSCMS file inclusions - PHP5 __autoload", + "refsource": "VIM", + "url": "http://attrition.org/pipermail/vim/2006-October/001096.html" + }, + { + "name": "2622", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2622" + }, + { + "name": "22548", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22548" + }, + { + "name": "ADV-2006-4180", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4180" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5561.json b/2006/5xxx/CVE-2006-5561.json index e8154a05b27..7fb6ad75b30 100644 --- a/2006/5xxx/CVE-2006-5561.json +++ b/2006/5xxx/CVE-2006-5561.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5561", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in admincp.php in Discuz! GBK 5.0.0 allows remote attackers to execute arbitrary SQL commands via the cdb_auth cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5561", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2644", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2644" - }, - { - "name" : "20734", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20734" - }, - { - "name" : "ADV-2006-4210", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4210" - }, - { - "name" : "22534", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22534" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in admincp.php in Discuz! GBK 5.0.0 allows remote attackers to execute arbitrary SQL commands via the cdb_auth cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22534", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22534" + }, + { + "name": "2644", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2644" + }, + { + "name": "ADV-2006-4210", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4210" + }, + { + "name": "20734", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20734" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5639.json b/2006/5xxx/CVE-2006-5639.json index 39013fc0735..9ad085da318 100644 --- a/2006/5xxx/CVE-2006-5639.json +++ b/2006/5xxx/CVE-2006-5639.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5639", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the random number generator in OpenWBEM (Web Based Enterprise Management) 3.2.0 allows attackers to gain privileges via vectors related to \"local or HTTP Digest authentication.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5639", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/forum/forum.php?forum_id=625294", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/forum/forum.php?forum_id=625294" - }, - { - "name" : "20807", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20807" - }, - { - "name" : "ADV-2006-4238", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4238" - }, - { - "name" : "22709", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22709" - }, - { - "name" : "openwbem-number-privilege-escalation(29914)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29914" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the random number generator in OpenWBEM (Web Based Enterprise Management) 3.2.0 allows attackers to gain privileges via vectors related to \"local or HTTP Digest authentication.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20807", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20807" + }, + { + "name": "http://sourceforge.net/forum/forum.php?forum_id=625294", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/forum/forum.php?forum_id=625294" + }, + { + "name": "22709", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22709" + }, + { + "name": "openwbem-number-privilege-escalation(29914)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29914" + }, + { + "name": "ADV-2006-4238", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4238" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5851.json b/2006/5xxx/CVE-2006-5851.json index a0d00c57b4f..3bf76f6a891 100644 --- a/2006/5xxx/CVE-2006-5851.json +++ b/2006/5xxx/CVE-2006-5851.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5851", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "openexec in OpenBase SQL before 10.0.1 allows local users to create arbitrary files via a symlink attack on the /tmp/output file, a different vulnerability than CVE-2006-5328." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5851", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081108 OpenBase SQL multiple vulnerabilities Part Deux", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=116296717330758&w=2" - }, - { - "name" : "http://www.digitalmunition.com/DMA%5B2006-1107a%5D.txt", - "refsource" : "MISC", - "url" : "http://www.digitalmunition.com/DMA%5B2006-1107a%5D.txt" - }, - { - "name" : "2737", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2737" - }, - { - "name" : "ADV-2006-4404", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4404" - }, - { - "name" : "22742", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22742" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "openexec in OpenBase SQL before 10.0.1 allows local users to create arbitrary files via a symlink attack on the /tmp/output file, a different vulnerability than CVE-2006-5328." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22742", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22742" + }, + { + "name": "20081108 OpenBase SQL multiple vulnerabilities Part Deux", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=116296717330758&w=2" + }, + { + "name": "ADV-2006-4404", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4404" + }, + { + "name": "2737", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2737" + }, + { + "name": "http://www.digitalmunition.com/DMA%5B2006-1107a%5D.txt", + "refsource": "MISC", + "url": "http://www.digitalmunition.com/DMA%5B2006-1107a%5D.txt" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2090.json b/2007/2xxx/CVE-2007-2090.json index ec3df51c638..71b20360bde 100644 --- a/2007/2xxx/CVE-2007-2090.json +++ b/2007/2xxx/CVE-2007-2090.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2090", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in TuMusika Evolution 1.6 allows remote attackers to inject arbitrary web script or HTML via the msg parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2090", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070412 TuMusika Evolution 1.6 Cross Site Scripting Vulnerabilitiy", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/465515/100/0/threaded" - }, - { - "name" : "ADV-2007-1374", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1374" - }, - { - "name" : "24874", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24874" - }, - { - "name" : "2585", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2585" - }, - { - "name" : "tumusika-index-xss(33593)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33593" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in TuMusika Evolution 1.6 allows remote attackers to inject arbitrary web script or HTML via the msg parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-1374", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1374" + }, + { + "name": "2585", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2585" + }, + { + "name": "tumusika-index-xss(33593)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33593" + }, + { + "name": "20070412 TuMusika Evolution 1.6 Cross Site Scripting Vulnerabilitiy", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/465515/100/0/threaded" + }, + { + "name": "24874", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24874" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2186.json b/2007/2xxx/CVE-2007-2186.json index 3d367811ff0..9afc4163b7e 100644 --- a/2007/2xxx/CVE-2007-2186.json +++ b/2007/2xxx/CVE-2007-2186.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2186", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Foxit Reader 2.0 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2186", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3770", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3770" - }, - { - "name" : "23576", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23576" - }, - { - "name" : "39054", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39054" - }, - { - "name" : "foxitreader-pdf-dos(33784)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33784" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Foxit Reader 2.0 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39054", + "refsource": "OSVDB", + "url": "http://osvdb.org/39054" + }, + { + "name": "23576", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23576" + }, + { + "name": "3770", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3770" + }, + { + "name": "foxitreader-pdf-dos(33784)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33784" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6363.json b/2007/6xxx/CVE-2007-6363.json index 4e1d09766f6..6d728b0de1a 100644 --- a/2007/6xxx/CVE-2007-6363.json +++ b/2007/6xxx/CVE-2007-6363.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6363", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Tivoli Netcool Security Manager 1.3.0 before Interim Fix 1, when using Active Directory (AD) LDAP authentication, allows remote attackers to obtain login access via unspecified vectors without entering a password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6363", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg24017385", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg24017385" - }, - { - "name" : "IZ04768", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ04768" - }, - { - "name" : "43718", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/43718" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Tivoli Netcool Security Manager 1.3.0 before Interim Fix 1, when using Active Directory (AD) LDAP authentication, allows remote attackers to obtain login access via unspecified vectors without entering a password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IZ04768", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ04768" + }, + { + "name": "43718", + "refsource": "OSVDB", + "url": "http://osvdb.org/43718" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=swg24017385", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24017385" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6758.json b/2007/6xxx/CVE-2007-6758.json index a9cc44321f5..9db6272db84 100644 --- a/2007/6xxx/CVE-2007-6758.json +++ b/2007/6xxx/CVE-2007-6758.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6758", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6758", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0077.json b/2010/0xxx/CVE-2010-0077.json index f23c0dac6be..b5c0ad861b1 100644 --- a/2010/0xxx/CVE-2010-0077.json +++ b/2010/0xxx/CVE-2010-0077.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0077", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the CRM Technical Foundation (mobile) component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect confidentiality and integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-0077", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html" - }, - { - "name" : "TA10-012A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-012A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the CRM Technical Foundation (mobile) component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect confidentiality and integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html" + }, + { + "name": "TA10-012A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-012A.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0228.json b/2010/0xxx/CVE-2010-0228.json index 1371f4b4fb4..23b4ef0ede1 100644 --- a/2010/0xxx/CVE-2010-0228.json +++ b/2010/0xxx/CVE-2010-0228.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0228", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0228", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.zdnet.com/hardware/?p=6655", - "refsource" : "MISC", - "url" : "http://blogs.zdnet.com/hardware/?p=6655" - }, - { - "name" : "http://it.slashdot.org/story/10/01/05/1734242/", - "refsource" : "MISC", - "url" : "http://it.slashdot.org/story/10/01/05/1734242/" - }, - { - "name" : "http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html", - "refsource" : "MISC", - "url" : "http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html" - }, - { - "name" : "http://www.verbatim.com/security/security-update.cfm", - "refsource" : "MISC", - "url" : "http://www.verbatim.com/security/security-update.cfm" - }, - { - "name" : "https://www.ironkey.com/usb-flash-drive-flaw-exposed", - "refsource" : "MISC", - "url" : "https://www.ironkey.com/usb-flash-drive-flaw-exposed" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://it.slashdot.org/story/10/01/05/1734242/", + "refsource": "MISC", + "url": "http://it.slashdot.org/story/10/01/05/1734242/" + }, + { + "name": "http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html", + "refsource": "MISC", + "url": "http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html" + }, + { + "name": "http://www.verbatim.com/security/security-update.cfm", + "refsource": "MISC", + "url": "http://www.verbatim.com/security/security-update.cfm" + }, + { + "name": "http://blogs.zdnet.com/hardware/?p=6655", + "refsource": "MISC", + "url": "http://blogs.zdnet.com/hardware/?p=6655" + }, + { + "name": "https://www.ironkey.com/usb-flash-drive-flaw-exposed", + "refsource": "MISC", + "url": "https://www.ironkey.com/usb-flash-drive-flaw-exposed" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0474.json b/2010/0xxx/CVE-2010-0474.json index 804244ec8a0..92d0e578033 100644 --- a/2010/0xxx/CVE-2010-0474.json +++ b/2010/0xxx/CVE-2010-0474.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0474", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0474", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0529.json b/2010/0xxx/CVE-2010-0529.json index c8f8701642c..84faa1e883a 100644 --- a/2010/0xxx/CVE-2010-0529.json +++ b/2010/0xxx/CVE-2010-0529.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0529", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in QuickTime.qts in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a BkPixPat opcode (0x12) containing crafted values that are used in a calculation for memory allocation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-0529", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100406 ZDI-10-067: Apple QuickTime Pict BkPixPat Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/510569/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-067", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-067" - }, - { - "name" : "APPLE-SA-2010-03-30-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html" - }, - { - "name" : "oval:org.mitre.oval:def:6780", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6780" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in QuickTime.qts in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a BkPixPat opcode (0x12) containing crafted values that are used in a calculation for memory allocation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:6780", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6780" + }, + { + "name": "20100406 ZDI-10-067: Apple QuickTime Pict BkPixPat Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/510569/100/0/threaded" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-067", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-067" + }, + { + "name": "APPLE-SA-2010-03-30-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0949.json b/2010/0xxx/CVE-2010-0949.json index ee8d9692801..37260c85145 100644 --- a/2010/0xxx/CVE-2010-0949.json +++ b/2010/0xxx/CVE-2010-0949.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0949", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Natychmiast CMS allow remote attackers to inject arbitrary web script or HTML via the id_str parameter to (1) index.php and (2) a_index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0949", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100305 SQL injection vulnerability in Natychmiast CMS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/509890/100/0/threaded" - }, - { - "name" : "http://www.packetstormsecurity.com/1003-exploits/natychmiast-sqlxss.txt", - "refsource" : "MISC", - "url" : "http://www.packetstormsecurity.com/1003-exploits/natychmiast-sqlxss.txt" - }, - { - "name" : "38561", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38561" - }, - { - "name" : "natychmiast-index-xss(56724)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56724" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Natychmiast CMS allow remote attackers to inject arbitrary web script or HTML via the id_str parameter to (1) index.php and (2) a_index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100305 SQL injection vulnerability in Natychmiast CMS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/509890/100/0/threaded" + }, + { + "name": "http://www.packetstormsecurity.com/1003-exploits/natychmiast-sqlxss.txt", + "refsource": "MISC", + "url": "http://www.packetstormsecurity.com/1003-exploits/natychmiast-sqlxss.txt" + }, + { + "name": "38561", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38561" + }, + { + "name": "natychmiast-index-xss(56724)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56724" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0995.json b/2010/0xxx/CVE-2010-0995.json index e1b1ff67e0d..113b96f651f 100644 --- a/2010/0xxx/CVE-2010-0995.json +++ b/2010/0xxx/CVE-2010-0995.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0995", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Internet Download Manager (IDM) before 5.19 allows remote attackers to execute arbitrary code via a crafted FTP URI that causes unspecified \"test sequences\" to be sent from client to server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2010-0995", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100430 Secunia Research: Internet Download Manager FTP Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/511060/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2010-62/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2010-62/" - }, - { - "name" : "http://www.internetdownloadmanager.com/news.html", - "refsource" : "MISC", - "url" : "http://www.internetdownloadmanager.com/news.html" - }, - { - "name" : "39822", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39822" - }, - { - "name" : "39446", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39446" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Internet Download Manager (IDM) before 5.19 allows remote attackers to execute arbitrary code via a crafted FTP URI that causes unspecified \"test sequences\" to be sent from client to server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39822", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39822" + }, + { + "name": "http://www.internetdownloadmanager.com/news.html", + "refsource": "MISC", + "url": "http://www.internetdownloadmanager.com/news.html" + }, + { + "name": "39446", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39446" + }, + { + "name": "http://secunia.com/secunia_research/2010-62/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2010-62/" + }, + { + "name": "20100430 Secunia Research: Internet Download Manager FTP Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/511060/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1047.json b/2010/1xxx/CVE-2010-1047.json index dced5dceabe..03d09d78e21 100644 --- a/2010/1xxx/CVE-2010-1047.json +++ b/2010/1xxx/CVE-2010-1047.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1047", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in MASA2EL Music City 1.0 and 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a singer action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1047", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1002-exploits/masa2elmc-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1002-exploits/masa2elmc-sql.txt" - }, - { - "name" : "11329", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11329" - }, - { - "name" : "62133", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/62133" - }, - { - "name" : "38469", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38469" - }, - { - "name" : "musiccity-index-sql-injection(56110)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56110" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in MASA2EL Music City 1.0 and 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a singer action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "musiccity-index-sql-injection(56110)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56110" + }, + { + "name": "11329", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11329" + }, + { + "name": "38469", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38469" + }, + { + "name": "http://packetstormsecurity.org/1002-exploits/masa2elmc-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1002-exploits/masa2elmc-sql.txt" + }, + { + "name": "62133", + "refsource": "OSVDB", + "url": "http://osvdb.org/62133" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1105.json b/2010/1xxx/CVE-2010-1105.json index d05f1f63111..05ce6b01125 100644 --- a/2010/1xxx/CVE-2010-1105.json +++ b/2010/1xxx/CVE-2010-1105.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1105", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in cgi/index.php in AdvertisementManager 3.1.0 and 3.6 allows remote attackers to inject arbitrary web script or HTML via the usr parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1105", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.packetstormsecurity.com/1001-exploits/advertisemanager-xssrfitraversal.txt", - "refsource" : "MISC", - "url" : "http://www.packetstormsecurity.com/1001-exploits/advertisemanager-xssrfitraversal.txt" - }, - { - "name" : "40151", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40151" - }, - { - "name" : "61846", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/61846" - }, - { - "name" : "38243", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38243" - }, - { - "name" : "advertisementmanager-index-xss(55754)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55754" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in cgi/index.php in AdvertisementManager 3.1.0 and 3.6 allows remote attackers to inject arbitrary web script or HTML via the usr parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "advertisementmanager-index-xss(55754)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55754" + }, + { + "name": "http://www.packetstormsecurity.com/1001-exploits/advertisemanager-xssrfitraversal.txt", + "refsource": "MISC", + "url": "http://www.packetstormsecurity.com/1001-exploits/advertisemanager-xssrfitraversal.txt" + }, + { + "name": "38243", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38243" + }, + { + "name": "40151", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40151" + }, + { + "name": "61846", + "refsource": "OSVDB", + "url": "http://osvdb.org/61846" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1950.json b/2010/1xxx/CVE-2010-1950.json index 2405041f80c..0eae628c279 100644 --- a/2010/1xxx/CVE-2010-1950.json +++ b/2010/1xxx/CVE-2010-1950.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1950", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the date_info parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1950", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "39536", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39536" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the date_info parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39536", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39536" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4310.json b/2010/4xxx/CVE-2010-4310.json index 036bffc620e..18916ea914f 100644 --- a/2010/4xxx/CVE-2010-4310.json +++ b/2010/4xxx/CVE-2010-4310.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4310", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4310", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4328.json b/2010/4xxx/CVE-2010-4328.json index d68e7c48388..162cb987bcf 100644 --- a/2010/4xxx/CVE-2010-4328.json +++ b/2010/4xxx/CVE-2010-4328.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4328", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in opt/novell/iprint/bin/ipsmd in Novell iPrint for Linux Open Enterprise Server 2 SP2 and SP3 allow remote attackers to execute arbitrary code via unspecified LPR opcodes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4328", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110217 ZDI-11-087: Novell iPrint LPD Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516506/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-087", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-087" - }, - { - "name" : "http://download.novell.com/Download?buildid=KloKR_CmrBs~", - "refsource" : "CONFIRM", - "url" : "http://download.novell.com/Download?buildid=KloKR_CmrBs~" - }, - { - "name" : "http://www.novell.com/support/viewContent.do?externalId=7007858&sliceId=1", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/viewContent.do?externalId=7007858&sliceId=1" - }, - { - "name" : "46309", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46309" - }, - { - "name" : "70852", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70852" - }, - { - "name" : "1025074", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025074" - }, - { - "name" : "43281", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43281" - }, - { - "name" : "8096", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8096" - }, - { - "name" : "ADV-2011-0353", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0353" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in opt/novell/iprint/bin/ipsmd in Novell iPrint for Linux Open Enterprise Server 2 SP2 and SP3 allow remote attackers to execute arbitrary code via unspecified LPR opcodes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70852", + "refsource": "OSVDB", + "url": "http://osvdb.org/70852" + }, + { + "name": "43281", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43281" + }, + { + "name": "http://www.novell.com/support/viewContent.do?externalId=7007858&sliceId=1", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/viewContent.do?externalId=7007858&sliceId=1" + }, + { + "name": "http://download.novell.com/Download?buildid=KloKR_CmrBs~", + "refsource": "CONFIRM", + "url": "http://download.novell.com/Download?buildid=KloKR_CmrBs~" + }, + { + "name": "1025074", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025074" + }, + { + "name": "8096", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8096" + }, + { + "name": "20110217 ZDI-11-087: Novell iPrint LPD Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516506/100/0/threaded" + }, + { + "name": "ADV-2011-0353", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0353" + }, + { + "name": "46309", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46309" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-087", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-087" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4532.json b/2010/4xxx/CVE-2010-4532.json index eb493c99eb0..973627e5779 100644 --- a/2010/4xxx/CVE-2010-4532.json +++ b/2010/4xxx/CVE-2010-4532.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4532", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4532", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4995.json b/2010/4xxx/CVE-2010-4995.json index ee91d249f97..fc5130f717b 100644 --- a/2010/4xxx/CVE-2010-4995.json +++ b/2010/4xxx/CVE-2010-4995.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4995", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the NeoRecruit (com_neorecruit) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in an offer_view action to index.php, a different vector than CVE-2007-4506." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4995", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14250", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14250" - }, - { - "name" : "http://packetstormsecurity.org/1007-exploits/joomlaneorecruit-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1007-exploits/joomlaneorecruit-sql.txt" - }, - { - "name" : "41408", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41408" - }, - { - "name" : "8499", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8499" - }, - { - "name" : "ADV-2010-1738", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1738" - }, - { - "name" : "neorecruit-itemid-sql-injection(60125)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60125" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the NeoRecruit (com_neorecruit) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in an offer_view action to index.php, a different vector than CVE-2007-4506." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-1738", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1738" + }, + { + "name": "14250", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14250" + }, + { + "name": "8499", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8499" + }, + { + "name": "41408", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41408" + }, + { + "name": "http://packetstormsecurity.org/1007-exploits/joomlaneorecruit-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1007-exploits/joomlaneorecruit-sql.txt" + }, + { + "name": "neorecruit-itemid-sql-injection(60125)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60125" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5060.json b/2010/5xxx/CVE-2010-5060.json index 4c6ed18758c..8654be90c86 100644 --- a/2010/5xxx/CVE-2010-5060.json +++ b/2010/5xxx/CVE-2010-5060.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5060", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Nus.php in NUs Newssystem 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5060", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1003-exploits/nusnewssystem-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1003-exploits/nusnewssystem-sql.txt" - }, - { - "name" : "http://www.exploit-db.com/exploits/11674", - "refsource" : "MISC", - "url" : "http://www.exploit-db.com/exploits/11674" - }, - { - "name" : "38620", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38620" - }, - { - "name" : "38890", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38890" - }, - { - "name" : "nus-nus-sql-injection(56775)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56775" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Nus.php in NUs Newssystem 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.exploit-db.com/exploits/11674", + "refsource": "MISC", + "url": "http://www.exploit-db.com/exploits/11674" + }, + { + "name": "38620", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38620" + }, + { + "name": "nus-nus-sql-injection(56775)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56775" + }, + { + "name": "http://packetstormsecurity.org/1003-exploits/nusnewssystem-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1003-exploits/nusnewssystem-sql.txt" + }, + { + "name": "38890", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38890" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5073.json b/2010/5xxx/CVE-2010-5073.json index 821c5a5d54d..e9d8a7a3e1e 100644 --- a/2010/5xxx/CVE-2010-5073.json +++ b/2010/5xxx/CVE-2010-5073.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5073", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The JavaScript implementation in Google Chrome 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. NOTE: this may overlap CVE-2010-5070." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5073", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://w2spconf.com/2010/papers/p26.pdf", - "refsource" : "MISC", - "url" : "http://w2spconf.com/2010/papers/p26.pdf" - }, - { - "name" : "oval:org.mitre.oval:def:13767", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13767" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The JavaScript implementation in Google Chrome 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. NOTE: this may overlap CVE-2010-5070." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:13767", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13767" + }, + { + "name": "http://w2spconf.com/2010/papers/p26.pdf", + "refsource": "MISC", + "url": "http://w2spconf.com/2010/papers/p26.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0486.json b/2014/0xxx/CVE-2014-0486.json index ab7d6dd80ed..83a5c0aaa01 100644 --- a/2014/0xxx/CVE-2014-0486.json +++ b/2014/0xxx/CVE-2014-0486.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0486", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Knot DNS before 1.5.2 allows remote attackers to cause a denial of service (application crash) via a crafted DNS message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2014-0486", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gitlab.labs.nic.cz/knot/knot-dns/issues/294", - "refsource" : "CONFIRM", - "url" : "https://gitlab.labs.nic.cz/knot/knot-dns/issues/294" - }, - { - "name" : "70097", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70097" - }, - { - "name" : "knotdns-cve20140486-dos(96185)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96185" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Knot DNS before 1.5.2 allows remote attackers to cause a denial of service (application crash) via a crafted DNS message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.labs.nic.cz/knot/knot-dns/issues/294", + "refsource": "CONFIRM", + "url": "https://gitlab.labs.nic.cz/knot/knot-dns/issues/294" + }, + { + "name": "70097", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70097" + }, + { + "name": "knotdns-cve20140486-dos(96185)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96185" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0738.json b/2014/0xxx/CVE-2014-0738.json index 4b4cc8d021b..7e0147b2304 100644 --- a/2014/0xxx/CVE-2014-0738.json +++ b/2014/0xxx/CVE-2014-0738.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0738", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List (CTL) file, aka Bug ID CSCuj66770." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-0738", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32956", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32956" - }, - { - "name" : "20140220 Cisco Adaptive Security Appliance Phone Proxy CTL Authentication Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0738" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List (CTL) file, aka Bug ID CSCuj66770." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32956", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32956" + }, + { + "name": "20140220 Cisco Adaptive Security Appliance Phone Proxy CTL Authentication Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0738" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0834.json b/2014/0xxx/CVE-2014-0834.json index 8c46c88c629..13cce1868ac 100644 --- a/2014/0xxx/CVE-2014-0834.json +++ b/2014/0xxx/CVE-2014-0834.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0834", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM General Parallel File System (GPFS) 3.4 through 3.4.0.27 and 3.5 through 3.5.0.16 allows attackers to cause a denial of service (daemon crash) via crafted arguments to a setuid program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0834", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1020542", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1020542" - }, - { - "name" : "IV52863", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV52863" - }, - { - "name" : "IV54381", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV54381" - }, - { - "name" : "65297", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65297" - }, - { - "name" : "102765", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102765" - }, - { - "name" : "ibm-gpfs-cve20140834-dos(90647)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90647" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM General Parallel File System (GPFS) 3.4 through 3.4.0.27 and 3.5 through 3.5.0.16 allows attackers to cause a denial of service (daemon crash) via crafted arguments to a setuid program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1020542", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1020542" + }, + { + "name": "65297", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65297" + }, + { + "name": "ibm-gpfs-cve20140834-dos(90647)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90647" + }, + { + "name": "IV52863", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV52863" + }, + { + "name": "102765", + "refsource": "OSVDB", + "url": "http://osvdb.org/102765" + }, + { + "name": "IV54381", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV54381" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1509.json b/2014/1xxx/CVE-2014-1509.json index 874e7577a62..8eb0109f426 100644 --- a/2014/1xxx/CVE-2014-1509.json +++ b/2014/1xxx/CVE-2014-1509.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1509", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that renders fonts in a PDF document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2014-1509", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-27.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-27.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=966021", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=966021" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "GLSA-201504-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-01" - }, - { - "name" : "RHSA-2014:0310", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0310.html" - }, - { - "name" : "RHSA-2014:0316", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0316.html" - }, - { - "name" : "SUSE-SU-2014:0418", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" - }, - { - "name" : "openSUSE-SU-2014:0419", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" - }, - { - "name" : "openSUSE-SU-2014:0448", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" - }, - { - "name" : "openSUSE-SU-2014:0584", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html" - }, - { - "name" : "USN-2151-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2151-1" - }, - { - "name" : "66425", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66425" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that renders fonts in a PDF document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "66425", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66425" + }, + { + "name": "RHSA-2014:0310", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0310.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-27.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-27.html" + }, + { + "name": "GLSA-201504-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-01" + }, + { + "name": "SUSE-SU-2014:0418", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "USN-2151-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2151-1" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=966021", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=966021" + }, + { + "name": "openSUSE-SU-2014:0419", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" + }, + { + "name": "RHSA-2014:0316", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0316.html" + }, + { + "name": "openSUSE-SU-2014:0584", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html" + }, + { + "name": "openSUSE-SU-2014:0448", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1530.json b/2014/1xxx/CVE-2014-1530.json index 12a2f0ae235..5ddeda74739 100644 --- a/2014/1xxx/CVE-2014-1530.json +++ b/2014/1xxx/CVE-2014-1530.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1530", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site that performs history navigation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2014-1530", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-43.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-43.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=895557", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=895557" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "DSA-2918", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2918" - }, - { - "name" : "DSA-2924", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2924" - }, - { - "name" : "FEDORA-2014-5829", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html" - }, - { - "name" : "FEDORA-2014-5833", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html" - }, - { - "name" : "GLSA-201504-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-01" - }, - { - "name" : "RHSA-2014:0448", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0448.html" - }, - { - "name" : "RHSA-2014:0449", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0449.html" - }, - { - "name" : "SUSE-SU-2014:0665", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html" - }, - { - "name" : "openSUSE-SU-2014:0602", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-05/msg00013.html" - }, - { - "name" : "openSUSE-SU-2014:0640", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-05/msg00040.html" - }, - { - "name" : "openSUSE-SU-2014:0599", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html" - }, - { - "name" : "openSUSE-SU-2014:0629", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html" - }, - { - "name" : "SUSE-SU-2014:0727", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html" - }, - { - "name" : "USN-2189-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2189-1" - }, - { - "name" : "USN-2185-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2185-1" - }, - { - "name" : "67137", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67137" - }, - { - "name" : "1030163", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030163" - }, - { - "name" : "1030164", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030164" - }, - { - "name" : "1030165", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030165" - }, - { - "name" : "59866", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59866" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site that performs history navigation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:0448", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0448.html" + }, + { + "name": "FEDORA-2014-5833", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html" + }, + { + "name": "openSUSE-SU-2014:0602", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00013.html" + }, + { + "name": "openSUSE-SU-2014:0599", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-43.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-43.html" + }, + { + "name": "openSUSE-SU-2014:0629", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html" + }, + { + "name": "SUSE-SU-2014:0727", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html" + }, + { + "name": "GLSA-201504-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-01" + }, + { + "name": "1030165", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030165" + }, + { + "name": "59866", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59866" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "openSUSE-SU-2014:0640", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00040.html" + }, + { + "name": "USN-2189-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2189-1" + }, + { + "name": "RHSA-2014:0449", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0449.html" + }, + { + "name": "SUSE-SU-2014:0665", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html" + }, + { + "name": "DSA-2918", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2918" + }, + { + "name": "DSA-2924", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2924" + }, + { + "name": "USN-2185-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2185-1" + }, + { + "name": "67137", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67137" + }, + { + "name": "1030164", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030164" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=895557", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=895557" + }, + { + "name": "1030163", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030163" + }, + { + "name": "FEDORA-2014-5829", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4241.json b/2014/4xxx/CVE-2014-4241.json index 047d69111f0..4622656d0ba 100644 --- a/2014/4xxx/CVE-2014-4241.json +++ b/2014/4xxx/CVE-2014-4241.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4241", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect integrity via vectors related to WLS - Web Services." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-4241", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded" - }, - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/23" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" - }, - { - "name" : "68649", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68649" - }, - { - "name" : "oracle-cpujul2014-cve20144241(94559)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94559" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect integrity via vectors related to WLS - Web Services." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" + }, + { + "name": "oracle-cpujul2014-cve20144241(94559)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94559" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/23" + }, + { + "name": "68649", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68649" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4763.json b/2014/4xxx/CVE-2014-4763.json index 4441232b121..6495207e806 100644 --- a/2014/4xxx/CVE-2014-4763.json +++ b/2014/4xxx/CVE-2014-4763.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4763", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Content Navigator in Content Engine in IBM FileNet Content Manager 5.2.x before 5.2.0.3-P8CPE-IF003 and Content Foundation 5.2.x before 5.2.0.3-P8CPE-IF003 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-4763", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21679930", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21679930" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685574", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685574" - }, - { - "name" : "69798", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69798" - }, - { - "name" : "61127", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61127" - }, - { - "name" : "ibm-filenet-cve20144763-xss(94660)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94660" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Content Navigator in Content Engine in IBM FileNet Content Manager 5.2.x before 5.2.0.3-P8CPE-IF003 and Content Foundation 5.2.x before 5.2.0.3-P8CPE-IF003 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69798", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69798" + }, + { + "name": "ibm-filenet-cve20144763-xss(94660)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94660" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21679930", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679930" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21685574", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685574" + }, + { + "name": "61127", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61127" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4911.json b/2014/4xxx/CVE-2014-4911.json index 385f7297bd9..110efffa726 100644 --- a/2014/4xxx/CVE-2014-4911.json +++ b/2014/4xxx/CVE-2014-4911.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4911", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersuites, as demonstrated using the Codenomicon Defensics toolkit." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4911", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-02", - "refsource" : "CONFIRM", - "url" : "https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-02" - }, - { - "name" : "DSA-2981", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2981" - }, - { - "name" : "60215", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersuites, as demonstrated using the Codenomicon Defensics toolkit." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-02", + "refsource": "CONFIRM", + "url": "https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-02" + }, + { + "name": "DSA-2981", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2981" + }, + { + "name": "60215", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60215" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4925.json b/2014/4xxx/CVE-2014-4925.json index ca35e4022b9..8de8c91df54 100644 --- a/2014/4xxx/CVE-2014-4925.json +++ b/2014/4xxx/CVE-2014-4925.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4925", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Good for Enterprise for Android 2.8.0.398 and 1.9.0.40." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4925", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150108 Good for Enterprise Android HTML Injection (CVE-2014-4925)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jan/17" - }, - { - "name" : "http://packetstormsecurity.com/files/129864/Good-For-Enterprise-Android-HTML-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129864/Good-For-Enterprise-Android-HTML-Injection.html" - }, - { - "name" : "goodforenterp-cve20144925-open-redirect(99893)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99893" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Good for Enterprise for Android 2.8.0.398 and 1.9.0.40." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "goodforenterp-cve20144925-open-redirect(99893)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99893" + }, + { + "name": "http://packetstormsecurity.com/files/129864/Good-For-Enterprise-Android-HTML-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129864/Good-For-Enterprise-Android-HTML-Injection.html" + }, + { + "name": "20150108 Good for Enterprise Android HTML Injection (CVE-2014-4925)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jan/17" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9257.json b/2014/9xxx/CVE-2014-9257.json index c7aa01f534f..d42a311f041 100644 --- a/2014/9xxx/CVE-2014-9257.json +++ b/2014/9xxx/CVE-2014-9257.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9257", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9257", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9771.json b/2014/9xxx/CVE-2014-9771.json index c77d83f4498..54ec09fd570 100644 --- a/2014/9xxx/CVE-2014-9771.json +++ b/2014/9xxx/CVE-2014-9771.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9771", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in imlib2 before 1.4.7 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted image, which triggers an invalid read operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9771", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820206", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820206" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1324774", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1324774" - }, - { - "name" : "https://git.enlightenment.org/legacy/imlib2.git/commit/?id=143f299", - "refsource" : "CONFIRM", - "url" : "https://git.enlightenment.org/legacy/imlib2.git/commit/?id=143f299" - }, - { - "name" : "https://git.enlightenment.org/legacy/imlib2.git/tree/ChangeLog", - "refsource" : "CONFIRM", - "url" : "https://git.enlightenment.org/legacy/imlib2.git/tree/ChangeLog" - }, - { - "name" : "DSA-3555", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3555" - }, - { - "name" : "openSUSE-SU-2016:1330", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-05/msg00076.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in imlib2 before 1.4.7 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted image, which triggers an invalid read operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://git.enlightenment.org/legacy/imlib2.git/tree/ChangeLog", + "refsource": "CONFIRM", + "url": "https://git.enlightenment.org/legacy/imlib2.git/tree/ChangeLog" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1324774", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1324774" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820206", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820206" + }, + { + "name": "DSA-3555", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3555" + }, + { + "name": "https://git.enlightenment.org/legacy/imlib2.git/commit/?id=143f299", + "refsource": "CONFIRM", + "url": "https://git.enlightenment.org/legacy/imlib2.git/commit/?id=143f299" + }, + { + "name": "openSUSE-SU-2016:1330", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00076.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9889.json b/2014/9xxx/CVE-2014-9889.json index e92959b48fe..054af5f5f00 100644 --- a/2014/9xxx/CVE-2014-9889.json +++ b/2014/9xxx/CVE-2014-9889.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9889", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate CPP frame messages, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803645 and Qualcomm internal bug CR674712." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2014-9889", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-08-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-08-01.html" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm/commit?id=f4e2f2d4ef58c88340774099dff3324ec8baa24a", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm/commit?id=f4e2f2d4ef58c88340774099dff3324ec8baa24a" - }, - { - "name" : "92219", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92219" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate CPP frame messages, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803645 and Qualcomm internal bug CR674712." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-08-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-08-01.html" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm/commit?id=f4e2f2d4ef58c88340774099dff3324ec8baa24a", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm/commit?id=f4e2f2d4ef58c88340774099dff3324ec8baa24a" + }, + { + "name": "92219", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92219" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9912.json b/2014/9xxx/CVE-2014-9912.json index c5964fba5d5..2956584b279 100644 --- a/2014/9xxx/CVE-2014-9912.json +++ b/2014/9xxx/CVE-2014-9912.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9912", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp component, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a locale_get_display_name call with a long first argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9912", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161124 Re: CVE request: icu: stack-based buffer overflow in uloc_getDisplayName", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/11/25/1" - }, - { - "name" : "http://www.php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php" - }, - { - "name" : "https://bugs.php.net/bug.php?id=67397", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=67397" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1383569", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1383569" - }, - { - "name" : "68549", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68549" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp component, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a locale_get_display_name call with a long first argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "68549", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68549" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1383569", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1383569" + }, + { + "name": "[oss-security] 20161124 Re: CVE request: icu: stack-based buffer overflow in uloc_getDisplayName", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/11/25/1" + }, + { + "name": "http://www.php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php" + }, + { + "name": "https://bugs.php.net/bug.php?id=67397", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=67397" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3039.json b/2016/3xxx/CVE-2016-3039.json index d0a343a9ed0..df60a56026a 100644 --- a/2016/3xxx/CVE-2016-3039.json +++ b/2016/3xxx/CVE-2016-3039.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3039", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Traveler 8.x and 9.x before 9.0.1.12 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-3039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21985858", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21985858" - }, - { - "name" : "LO89357", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1LO89357" - }, - { - "name" : "91796", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91796" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Traveler 8.x and 9.x before 9.0.1.12 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21985858", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985858" + }, + { + "name": "LO89357", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LO89357" + }, + { + "name": "91796", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91796" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3825.json b/2016/3xxx/CVE-2016-3825.json index 84a156f4711..769eab02c52 100644 --- a/2016/3xxx/CVE-2016-3825.json +++ b/2016/3xxx/CVE-2016-3825.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3825", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mm-video-v4l2/vidc/venc/src/omx_video_base.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allocates an incorrect amount of memory, which allows attackers to gain privileges via a crafted application, aka internal bug 28816964." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3825", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-08-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-08-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/hardware/qcom/media/+/d575ecf607056d8e3328ef2eb56c52e98f81e87d", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/hardware/qcom/media/+/d575ecf607056d8e3328ef2eb56c52e98f81e87d" - }, - { - "name" : "92218", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92218" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mm-video-v4l2/vidc/venc/src/omx_video_base.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allocates an incorrect amount of memory, which allows attackers to gain privileges via a crafted application, aka internal bug 28816964." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-08-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-08-01.html" + }, + { + "name": "https://android.googlesource.com/platform/hardware/qcom/media/+/d575ecf607056d8e3328ef2eb56c52e98f81e87d", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/hardware/qcom/media/+/d575ecf607056d8e3328ef2eb56c52e98f81e87d" + }, + { + "name": "92218", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92218" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6959.json b/2016/6xxx/CVE-2016-6959.json index 7a013f317d9..67fd18e87e4 100644 --- a/2016/6xxx/CVE-2016-6959.json +++ b/2016/6xxx/CVE-2016-6959.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6959", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-6959", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" - }, - { - "name" : "93496", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93496" - }, - { - "name" : "1036986", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036986", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036986" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" + }, + { + "name": "93496", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93496" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7242.json b/2016/7xxx/CVE-2016-7242.json index 32598add978..6beb26e9ffc 100644 --- a/2016/7xxx/CVE-2016-7242.json +++ b/2016/7xxx/CVE-2016-7242.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2016-7242", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, and CVE-2016-7243." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-7242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-129", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129" - }, - { - "name" : "94041", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94041" - }, - { - "name" : "1037245", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037245" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, and CVE-2016-7243." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-129", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129" + }, + { + "name": "1037245", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037245" + }, + { + "name": "94041", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94041" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7584.json b/2016/7xxx/CVE-2016-7584.json index 40480e105a9..e616434edb1 100644 --- a/2016/7xxx/CVE-2016-7584.json +++ b/2016/7xxx/CVE-2016-7584.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-7584", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the \"AppleMobileFileIntegrity\" component, which allows remote attackers to spoof signed code by using a matching team ID." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-7584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207269", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207269" - }, - { - "name" : "https://support.apple.com/HT207270", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207270" - }, - { - "name" : "https://support.apple.com/HT207271", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207271" - }, - { - "name" : "https://support.apple.com/HT207275", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207275" - }, - { - "name" : "94571", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94571" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the \"AppleMobileFileIntegrity\" component, which allows remote attackers to spoof signed code by using a matching team ID." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT207271", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207271" + }, + { + "name": "94571", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94571" + }, + { + "name": "https://support.apple.com/HT207269", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207269" + }, + { + "name": "https://support.apple.com/HT207270", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207270" + }, + { + "name": "https://support.apple.com/HT207275", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207275" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7788.json b/2016/7xxx/CVE-2016-7788.json index dc064442c7b..7b002f2f830 100644 --- a/2016/7xxx/CVE-2016-7788.json +++ b/2016/7xxx/CVE-2016-7788.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7788", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in framework/modules/users/models/user.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7788", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20161102 Disclose [10 * cve] in Exponent CMS", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Nov/12" - }, - { - "name" : "http://packetstormsecurity.com/files/139484/Exponent-CMS-2.3.9-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/139484/Exponent-CMS-2.3.9-SQL-Injection.html" - }, - { - "name" : "https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db", - "refsource" : "CONFIRM", - "url" : "https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db" - }, - { - "name" : "97233", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97233" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in framework/modules/users/models/user.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/139484/Exponent-CMS-2.3.9-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/139484/Exponent-CMS-2.3.9-SQL-Injection.html" + }, + { + "name": "https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db", + "refsource": "CONFIRM", + "url": "https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db" + }, + { + "name": "20161102 Disclose [10 * cve] in Exponent CMS", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Nov/12" + }, + { + "name": "97233", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97233" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7796.json b/2016/7xxx/CVE-2016-7796.json index 57fa4642e5a..eb78e0fc8ed 100644 --- a/2016/7xxx/CVE-2016-7796.json +++ b/2016/7xxx/CVE-2016-7796.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7796", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7796", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160930 Re: CVE Request: systemd v209+: local denial-of-service attack", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/30/1" - }, - { - "name" : "https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet", - "refsource" : "MISC", - "url" : "https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1381911", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1381911" - }, - { - "name" : "https://github.com/systemd/systemd/issues/4234#issuecomment-250441246", - "refsource" : "CONFIRM", - "url" : "https://github.com/systemd/systemd/issues/4234#issuecomment-250441246" - }, - { - "name" : "RHBA-2015:2092", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHBA-2015-2092.html" - }, - { - "name" : "RHSA-2017:0003", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0003.html" - }, - { - "name" : "SUSE-SU-2016:2475", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00015.html" - }, - { - "name" : "SUSE-SU-2016:2476", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00016.html" - }, - { - "name" : "93250", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93250" - }, - { - "name" : "1037320", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037320" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160930 Re: CVE Request: systemd v209+: local denial-of-service attack", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/30/1" + }, + { + "name": "https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet", + "refsource": "MISC", + "url": "https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet" + }, + { + "name": "https://github.com/systemd/systemd/issues/4234#issuecomment-250441246", + "refsource": "CONFIRM", + "url": "https://github.com/systemd/systemd/issues/4234#issuecomment-250441246" + }, + { + "name": "SUSE-SU-2016:2475", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00015.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1381911", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381911" + }, + { + "name": "RHSA-2017:0003", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0003.html" + }, + { + "name": "SUSE-SU-2016:2476", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00016.html" + }, + { + "name": "1037320", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037320" + }, + { + "name": "93250", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93250" + }, + { + "name": "RHBA-2015:2092", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHBA-2015-2092.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7886.json b/2016/7xxx/CVE-2016-7886.json index 531702bea2f..4fe01130289 100644 --- a/2016/7xxx/CVE-2016-7886.json +++ b/2016/7xxx/CVE-2016-7886.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2016-7886", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe InDesign 11.4.1 and earlier, InDesign Server 11.0.0 and earlier", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe InDesign 11.4.1 and earlier, InDesign Server 11.0.0 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe InDesign version 11.4.1 and earlier, Adobe InDesign Server 11.0.0 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory Corruption" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-7886", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe InDesign 11.4.1 and earlier, InDesign Server 11.0.0 and earlier", + "version": { + "version_data": [ + { + "version_value": "Adobe InDesign 11.4.1 and earlier, InDesign Server 11.0.0 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/indesign/apsb16-43.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/indesign/apsb16-43.html" - }, - { - "name" : "94868", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94868" - }, - { - "name" : "1037467", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037467" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe InDesign version 11.4.1 and earlier, Adobe InDesign Server 11.0.0 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/indesign/apsb16-43.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/indesign/apsb16-43.html" + }, + { + "name": "94868", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94868" + }, + { + "name": "1037467", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037467" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8014.json b/2016/8xxx/CVE-2016-8014.json index 9cbdafef6d9..6c608c4fa64 100644 --- a/2016/8xxx/CVE-2016-8014.json +++ b/2016/8xxx/CVE-2016-8014.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8014", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8014", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8408.json b/2016/8xxx/CVE-2016-8408.json index f1ab9facb14..e503f355e8b 100644 --- a/2016/8xxx/CVE-2016-8408.json +++ b/2016/8xxx/CVE-2016-8408.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-8408", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31496571. References: N-CVE-2016-8408." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-8408", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2016-12-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2016-12-01.html" - }, - { - "name" : "94691", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94691" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31496571. References: N-CVE-2016-8408." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94691", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94691" + }, + { + "name": "https://source.android.com/security/bulletin/2016-12-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2016-12-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8616.json b/2016/8xxx/CVE-2016-8616.json index ec9cb0cfcd4..894d32b74e8 100644 --- a/2016/8xxx/CVE-2016-8616.json +++ b/2016/8xxx/CVE-2016-8616.json @@ -1,123 +1,123 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psampaio@redhat.com", - "ID" : "CVE-2016-8616", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "curl", - "version" : { - "version_data" : [ - { - "version_value" : "7.51.0" - } - ] - } - } - ] - }, - "vendor_name" : "The Curl Project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "3.7/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "version" : "3.0" - } - ], - [ - { - "vectorString" : "2.6/AV:N/AC:H/Au:N/C:N/I:P/A:N", - "version" : "2.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-592" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-8616", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "curl", + "version": { + "version_data": [ + { + "version_value": "7.51.0" + } + ] + } + } + ] + }, + "vendor_name": "The Curl Project" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://curl.haxx.se/docs/adv_20161102B.html", - "refsource" : "CONFIRM", - "url" : "https://curl.haxx.se/docs/adv_20161102B.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8616", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8616" - }, - { - "name" : "https://curl.haxx.se/CVE-2016-8616.patch", - "refsource" : "CONFIRM", - "url" : "https://curl.haxx.se/CVE-2016-8616.patch" - }, - { - "name" : "https://www.tenable.com/security/tns-2016-21", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2016-21" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "GLSA-201701-47", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-47" - }, - { - "name" : "RHSA-2018:2486", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2486" - }, - { - "name" : "RHSA-2018:3558", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3558" - }, - { - "name" : "94094", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94094" - }, - { - "name" : "1037192", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037192" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "3.7/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.0" + } + ], + [ + { + "vectorString": "2.6/AV:N/AC:H/Au:N/C:N/I:P/A:N", + "version": "2.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-592" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94094", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94094" + }, + { + "name": "RHSA-2018:3558", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3558" + }, + { + "name": "https://curl.haxx.se/docs/adv_20161102B.html", + "refsource": "CONFIRM", + "url": "https://curl.haxx.se/docs/adv_20161102B.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8616", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8616" + }, + { + "name": "https://curl.haxx.se/CVE-2016-8616.patch", + "refsource": "CONFIRM", + "url": "https://curl.haxx.se/CVE-2016-8616.patch" + }, + { + "name": "https://www.tenable.com/security/tns-2016-21", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-21" + }, + { + "name": "1037192", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037192" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "RHSA-2018:2486", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2486" + }, + { + "name": "GLSA-201701-47", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-47" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8770.json b/2016/8xxx/CVE-2016-8770.json index 17c08929ec6..80b22edf787 100644 --- a/2016/8xxx/CVE-2016-8770.json +++ b/2016/8xxx/CVE-2016-8770.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8770", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8770", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2478.json b/2019/2xxx/CVE-2019-2478.json index fcc2a16883a..244d86bbbe7 100644 --- a/2019/2xxx/CVE-2019-2478.json +++ b/2019/2xxx/CVE-2019-2478.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2478", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Outside In Technology", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.5.3" - }, - { - "version_affected" : "=", - "version_value" : "8.5.4" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2478", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.5.3" + }, + { + "version_affected": "=", + "version_value": "8.5.4" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "106579", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106579" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106579", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106579" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + } + ] + } +} \ No newline at end of file