From 28f35fb1ff0fa36cb95ae36f85501a76d9d24364 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 00:04:02 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0748.json | 660 ++++++++++++++++----------------- 2006/0xxx/CVE-2006-0967.json | 160 ++++---- 2006/1xxx/CVE-2006-1116.json | 180 ++++----- 2006/1xxx/CVE-2006-1267.json | 130 +++---- 2006/1xxx/CVE-2006-1574.json | 170 ++++----- 2006/1xxx/CVE-2006-1797.json | 170 ++++----- 2006/5xxx/CVE-2006-5230.json | 180 ++++----- 2006/5xxx/CVE-2006-5310.json | 180 ++++----- 2006/5xxx/CVE-2006-5353.json | 200 +++++----- 2007/2xxx/CVE-2007-2291.json | 170 ++++----- 2007/2xxx/CVE-2007-2363.json | 170 ++++----- 2010/0xxx/CVE-2010-0521.json | 130 +++---- 2010/0xxx/CVE-2010-0579.json | 150 ++++---- 2010/0xxx/CVE-2010-0709.json | 170 ++++----- 2010/0xxx/CVE-2010-0728.json | 170 ++++----- 2010/1xxx/CVE-2010-1054.json | 170 ++++----- 2010/1xxx/CVE-2010-1163.json | 390 +++++++++---------- 2010/1xxx/CVE-2010-1237.json | 140 +++---- 2010/3xxx/CVE-2010-3198.json | 170 ++++----- 2010/3xxx/CVE-2010-3752.json | 180 ++++----- 2010/4xxx/CVE-2010-4278.json | 180 ++++----- 2010/4xxx/CVE-2010-4563.json | 130 +++---- 2010/4xxx/CVE-2010-4765.json | 130 +++---- 2010/4xxx/CVE-2010-4977.json | 190 +++++----- 2014/0xxx/CVE-2014-0317.json | 120 +++--- 2014/0xxx/CVE-2014-0393.json | 270 +++++++------- 2014/0xxx/CVE-2014-0662.json | 180 ++++----- 2014/10xxx/CVE-2014-10004.json | 140 +++---- 2014/4xxx/CVE-2014-4017.json | 120 +++--- 2014/4xxx/CVE-2014-4360.json | 34 +- 2014/4xxx/CVE-2014-4645.json | 130 +++---- 2014/4xxx/CVE-2014-4977.json | 190 +++++----- 2014/8xxx/CVE-2014-8572.json | 120 +++--- 2014/8xxx/CVE-2014-8785.json | 34 +- 2014/8xxx/CVE-2014-8828.json | 150 ++++---- 2014/8xxx/CVE-2014-8889.json | 160 ++++---- 2014/9xxx/CVE-2014-9130.json | 420 ++++++++++----------- 2014/9xxx/CVE-2014-9289.json | 34 +- 2014/9xxx/CVE-2014-9445.json | 140 +++---- 2014/9xxx/CVE-2014-9617.json | 34 +- 2014/9xxx/CVE-2014-9930.json | 130 +++---- 2014/9xxx/CVE-2014-9946.json | 130 +++---- 2016/2xxx/CVE-2016-2219.json | 130 +++---- 2016/3xxx/CVE-2016-3122.json | 34 +- 2016/3xxx/CVE-2016-3156.json | 370 +++++++++--------- 2016/3xxx/CVE-2016-3216.json | 140 +++---- 2016/3xxx/CVE-2016-3371.json | 150 ++++---- 2016/3xxx/CVE-2016-3997.json | 130 +++---- 2016/6xxx/CVE-2016-6114.json | 178 ++++----- 2016/6xxx/CVE-2016-6225.json | 190 +++++----- 2016/6xxx/CVE-2016-6432.json | 140 +++---- 2016/7xxx/CVE-2016-7015.json | 140 +++---- 2016/7xxx/CVE-2016-7129.json | 210 +++++------ 2016/7xxx/CVE-2016-7570.json | 140 +++---- 2016/8xxx/CVE-2016-8391.json | 136 +++---- 2016/8xxx/CVE-2016-8499.json | 34 +- 2016/8xxx/CVE-2016-8695.json | 160 ++++---- 57 files changed, 4744 insertions(+), 4744 deletions(-) diff --git a/2006/0xxx/CVE-2006-0748.json b/2006/0xxx/CVE-2006-0748.json index 06fa6f3a2d1..3a55ccd6dd2 100644 --- a/2006/0xxx/CVE-2006-0748.json +++ b/2006/0xxx/CVE-2006-0748.json @@ -1,332 +1,332 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0748", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via \"an invalid and non-sensical ordering of table-related tags\" that results in a negative array index." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-0748", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060426 ZDI-06-011: Mozilla Firefox Table Rebuilding Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/432103/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-06-011/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-06-011/" - }, - { - "name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-27.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-27.html" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm" - }, - { - "name" : "DSA-1044", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1044" - }, - { - "name" : "DSA-1046", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1046" - }, - { - "name" : "DSA-1051", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1051" - }, - { - "name" : "FLSA:189137-1", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/436296/100/0/threaded" - }, - { - "name" : "FLSA:189137-2", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/436338/100/0/threaded" - }, - { - "name" : "GLSA-200604-12", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml" - }, - { - "name" : "GLSA-200604-18", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml" - }, - { - "name" : "GLSA-200605-09", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml" - }, - { - "name" : "HPSBUX02122", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/438730/100/0/threaded" - }, - { - "name" : "SSRT061158", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/438730/100/0/threaded" - }, - { - "name" : "HPSBUX02153", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" - }, - { - "name" : "SSRT061181", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" - }, - { - "name" : "HPSBUX02156", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" - }, - { - "name" : "SSRT061236", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" - }, - { - "name" : "MDKSA-2006:075", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:075" - }, - { - "name" : "MDKSA-2006:076", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:076" - }, - { - "name" : "MDKSA-2006:078", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:078" - }, - { - "name" : "RHSA-2006:0329", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0329.html" - }, - { - "name" : "RHSA-2006:0330", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0330.html" - }, - { - "name" : "SCOSA-2006.26", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt" - }, - { - "name" : "20060404-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc" - }, - { - "name" : "102550", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1" - }, - { - "name" : "228526", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1" - }, - { - "name" : "SUSE-SA:2006:022", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_04_25.html" - }, - { - "name" : "USN-275-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/275-1/" - }, - { - "name" : "USN-276-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/276-1/" - }, - { - "name" : "17516", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17516" - }, - { - "name" : "oval:org.mitre.oval:def:11164", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11164" - }, - { - "name" : "ADV-2006-1356", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1356" - }, - { - "name" : "ADV-2006-3391", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3391" - }, - { - "name" : "ADV-2006-3748", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3748" - }, - { - "name" : "ADV-2006-3749", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3749" - }, - { - "name" : "ADV-2008-0083", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0083" - }, - { - "name" : "oval:org.mitre.oval:def:1189", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1189" - }, - { - "name" : "19759", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19759" - }, - { - "name" : "19794", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19794" - }, - { - "name" : "19821", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19821" - }, - { - "name" : "19811", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19811" - }, - { - "name" : "19823", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19823" - }, - { - "name" : "19852", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19852" - }, - { - "name" : "19862", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19862" - }, - { - "name" : "19863", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19863" - }, - { - "name" : "19902", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19902" - }, - { - "name" : "19950", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19950" - }, - { - "name" : "19941", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19941" - }, - { - "name" : "21033", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21033" - }, - { - "name" : "21622", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21622" - }, - { - "name" : "20051", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20051" - }, - { - "name" : "22065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22065" - }, - { - "name" : "22066", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22066" - }, - { - "name" : "mozilla-table-rebuilding-code-execution(25985)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25985" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via \"an invalid and non-sensical ordering of table-related tags\" that results in a negative array index." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-27.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-27.html" + }, + { + "name": "USN-275-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/275-1/" + }, + { + "name": "ADV-2006-3748", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3748" + }, + { + "name": "RHSA-2006:0330", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0330.html" + }, + { + "name": "19902", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19902" + }, + { + "name": "20060426 ZDI-06-011: Mozilla Firefox Table Rebuilding Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/432103/100/0/threaded" + }, + { + "name": "20060404-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc" + }, + { + "name": "USN-276-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/276-1/" + }, + { + "name": "HPSBUX02122", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded" + }, + { + "name": "19941", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19941" + }, + { + "name": "19821", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19821" + }, + { + "name": "GLSA-200604-12", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml" + }, + { + "name": "oval:org.mitre.oval:def:11164", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11164" + }, + { + "name": "21622", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21622" + }, + { + "name": "19862", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19862" + }, + { + "name": "MDKSA-2006:075", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:075" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm" + }, + { + "name": "19823", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19823" + }, + { + "name": "DSA-1051", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1051" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-06-011/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-011/" + }, + { + "name": "ADV-2006-3749", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3749" + }, + { + "name": "RHSA-2006:0329", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0329.html" + }, + { + "name": "GLSA-200604-18", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml" + }, + { + "name": "19811", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19811" + }, + { + "name": "19794", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19794" + }, + { + "name": "21033", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21033" + }, + { + "name": "ADV-2008-0083", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0083" + }, + { + "name": "102550", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1" + }, + { + "name": "19759", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19759" + }, + { + "name": "FLSA:189137-2", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/436338/100/0/threaded" + }, + { + "name": "mozilla-table-rebuilding-code-execution(25985)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25985" + }, + { + "name": "SSRT061181", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" + }, + { + "name": "ADV-2006-1356", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1356" + }, + { + "name": "SSRT061236", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded" + }, + { + "name": "SSRT061158", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded" + }, + { + "name": "MDKSA-2006:078", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:078" + }, + { + "name": "HPSBUX02153", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" + }, + { + "name": "oval:org.mitre.oval:def:1189", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1189" + }, + { + "name": "20051", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20051" + }, + { + "name": "19863", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19863" + }, + { + "name": "HPSBUX02156", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded" + }, + { + "name": "SCOSA-2006.26", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt" + }, + { + "name": "FLSA:189137-1", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/436296/100/0/threaded" + }, + { + "name": "17516", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17516" + }, + { + "name": "228526", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1" + }, + { + "name": "19852", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19852" + }, + { + "name": "22066", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22066" + }, + { + "name": "SUSE-SA:2006:022", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_04_25.html" + }, + { + "name": "GLSA-200605-09", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml" + }, + { + "name": "ADV-2006-3391", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3391" + }, + { + "name": "22065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22065" + }, + { + "name": "19950", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19950" + }, + { + "name": "MDKSA-2006:076", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:076" + }, + { + "name": "DSA-1046", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1046" + }, + { + "name": "DSA-1044", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1044" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0967.json b/2006/0xxx/CVE-2006-0967.json index bcb8978b0dd..b53f16ad9d8 100644 --- a/2006/0xxx/CVE-2006-0967.json +++ b/2006/0xxx/CVE-2006-0967.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0967", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to cause a denial of service (memory usage and cpu utilization) via a flood of arbitrary UDP datagrams to ports 0 to 65000. NOTE: this issue was reported as a buffer overflow, but that term usually does not apply in flooding attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0967", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060301 NCP VPN/PKI Client - various Bugs", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426480/100/0/threaded" - }, - { - "name" : "20060301 NCP VPN/PKI Client - various Bugs", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/042640.html" - }, - { - "name" : "16906", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16906" - }, - { - "name" : "19082", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19082" - }, - { - "name" : "ncp-udp-dos(25249)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25249" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to cause a denial of service (memory usage and cpu utilization) via a flood of arbitrary UDP datagrams to ports 0 to 65000. NOTE: this issue was reported as a buffer overflow, but that term usually does not apply in flooding attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16906", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16906" + }, + { + "name": "20060301 NCP VPN/PKI Client - various Bugs", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426480/100/0/threaded" + }, + { + "name": "ncp-udp-dos(25249)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25249" + }, + { + "name": "19082", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19082" + }, + { + "name": "20060301 NCP VPN/PKI Client - various Bugs", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/042640.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1116.json b/2006/1xxx/CVE-2006-1116.json index 0c1c9830d83..2802e363bed 100644 --- a/2006/1xxx/CVE-2006-1116.json +++ b/2006/1xxx/CVE-2006-1116.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1116", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CBC-MAC integrity functions in the nCipher nCore API before 2.18 transmit the initialization vector IV as part of a message when the implementation uses a non-zero IV, which allows remote attackers to bypass integrity checks and modify messages without being detected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1116", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060308 nCipher Advisory #13: CBC-MAC IV misleading programming interface", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/427150/100/0/threaded" - }, - { - "name" : "http://www.ncipher.com/resources/96/sa13_cbcmac_iv_misleading_programming_interface", - "refsource" : "CONFIRM", - "url" : "http://www.ncipher.com/resources/96/sa13_cbcmac_iv_misleading_programming_interface" - }, - { - "name" : "17011", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17011" - }, - { - "name" : "ADV-2006-0862", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0862" - }, - { - "name" : "1015718", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015718" - }, - { - "name" : "19137", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19137" - }, - { - "name" : "ncipher-ncore-bypass-security(25062)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25062" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CBC-MAC integrity functions in the nCipher nCore API before 2.18 transmit the initialization vector IV as part of a message when the implementation uses a non-zero IV, which allows remote attackers to bypass integrity checks and modify messages without being detected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060308 nCipher Advisory #13: CBC-MAC IV misleading programming interface", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/427150/100/0/threaded" + }, + { + "name": "ADV-2006-0862", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0862" + }, + { + "name": "ncipher-ncore-bypass-security(25062)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25062" + }, + { + "name": "17011", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17011" + }, + { + "name": "http://www.ncipher.com/resources/96/sa13_cbcmac_iv_misleading_programming_interface", + "refsource": "CONFIRM", + "url": "http://www.ncipher.com/resources/96/sa13_cbcmac_iv_misleading_programming_interface" + }, + { + "name": "1015718", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015718" + }, + { + "name": "19137", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19137" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1267.json b/2006/1xxx/CVE-2006-1267.json index 573a375fc46..39f94400608 100644 --- a/2006/1xxx/CVE-2006-1267.json +++ b/2006/1xxx/CVE-2006-1267.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1267", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Invision Power Board 2.1.4 allows remote attackers to hijack sessions and possibly gain administrative privileges by obtaining the session ID from the s parameter, then replaying it in another request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1267", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060314 Invision Power Board v2.1.4 - session hijacking", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/427751/100/0/threaded" - }, - { - "name" : "20060316 Re: Invision Power Board v2.1.4 - session hijacking", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/427847/100/0/threaded" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Invision Power Board 2.1.4 allows remote attackers to hijack sessions and possibly gain administrative privileges by obtaining the session ID from the s parameter, then replaying it in another request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060316 Re: Invision Power Board v2.1.4 - session hijacking", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/427847/100/0/threaded" + }, + { + "name": "20060314 Invision Power Board v2.1.4 - session hijacking", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/427751/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1574.json b/2006/1xxx/CVE-2006-1574.json index 2bfde089f2d..0fd98649c67 100644 --- a/2006/1xxx/CVE-2006-1574.json +++ b/2006/1xxx/CVE-2006-1574.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1574", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web, World Wide Web Desktop, World Wide Web for Scheduler, and Desktop for Scheduler, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1574", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hitachi-support.com/security_e/vuls_e/HS06-005_e/index-e.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi-support.com/security_e/vuls_e/HS06-005_e/index-e.html" - }, - { - "name" : "17337", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17337" - }, - { - "name" : "ADV-2006-1180", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1180" - }, - { - "name" : "24295", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24295" - }, - { - "name" : "19483", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19483" - }, - { - "name" : "groupmax-www-xss(25574)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25574" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web, World Wide Web Desktop, World Wide Web for Scheduler, and Desktop for Scheduler, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-1180", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1180" + }, + { + "name": "17337", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17337" + }, + { + "name": "24295", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24295" + }, + { + "name": "http://www.hitachi-support.com/security_e/vuls_e/HS06-005_e/index-e.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi-support.com/security_e/vuls_e/HS06-005_e/index-e.html" + }, + { + "name": "19483", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19483" + }, + { + "name": "groupmax-www-xss(25574)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25574" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1797.json b/2006/1xxx/CVE-2006-1797.json index 0b1bc3fe02a..22cc7d1aad2 100644 --- a/2006/1xxx/CVE-2006-1797.json +++ b/2006/1xxx/CVE-2006-1797.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1797", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel in NetBSD-current before September 28, 2005 allows local users to cause a denial of service (system crash) by using the SIOCGIFALIAS ioctl to gather information on a non-existent alias of a network interface, which causes a NULL pointer dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1797", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "NetBSD-SA2006-012", - "refsource" : "NETBSD", - "url" : "http://archives.neohapsis.com/archives/netbsd/2006-q2/0014.html" - }, - { - "name" : "17497", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17497" - }, - { - "name" : "24578", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24578" - }, - { - "name" : "1015908", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015908" - }, - { - "name" : "19615", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19615" - }, - { - "name" : "bsd-siocgifalias-ioctl-dos(25766)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25766" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel in NetBSD-current before September 28, 2005 allows local users to cause a denial of service (system crash) by using the SIOCGIFALIAS ioctl to gather information on a non-existent alias of a network interface, which causes a NULL pointer dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17497", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17497" + }, + { + "name": "NetBSD-SA2006-012", + "refsource": "NETBSD", + "url": "http://archives.neohapsis.com/archives/netbsd/2006-q2/0014.html" + }, + { + "name": "24578", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24578" + }, + { + "name": "1015908", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015908" + }, + { + "name": "bsd-siocgifalias-ioctl-dos(25766)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25766" + }, + { + "name": "19615", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19615" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5230.json b/2006/5xxx/CVE-2006-5230.json index b348a1fcf21..0fb927cb478 100644 --- a/2006/5xxx/CVE-2006-5230.json +++ b/2006/5xxx/CVE-2006-5230.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5230", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in forum.php in FreeForum 0.9.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5230", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061007 FreeForum 0.9.7 (fpath) Remote File Include Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447931/100/0/threaded" - }, - { - "name" : "2484", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2484" - }, - { - "name" : "20388", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20388" - }, - { - "name" : "ADV-2006-3955", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3955" - }, - { - "name" : "22320", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22320" - }, - { - "name" : "1710", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1710" - }, - { - "name" : "freeforum-forum-file-include(29391)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29391" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in forum.php in FreeForum 0.9.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3955", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3955" + }, + { + "name": "freeforum-forum-file-include(29391)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29391" + }, + { + "name": "20388", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20388" + }, + { + "name": "2484", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2484" + }, + { + "name": "22320", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22320" + }, + { + "name": "1710", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1710" + }, + { + "name": "20061007 FreeForum 0.9.7 (fpath) Remote File Include Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447931/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5310.json b/2006/5xxx/CVE-2006-5310.json index 8fb51eb75e8..d23c77852a1 100644 --- a/2006/5xxx/CVE-2006-5310.json +++ b/2006/5xxx/CVE-2006-5310.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5310", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in common/visiteurs/include/menus.inc.php in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5310", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061013 phpMyConferences <= 8.0.2 Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/448547/100/0/threaded" - }, - { - "name" : "2535", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2535" - }, - { - "name" : "20505", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20505" - }, - { - "name" : "ADV-2006-4045", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4045" - }, - { - "name" : "22411", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22411" - }, - { - "name" : "1733", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1733" - }, - { - "name" : "phpmyconferences-menus-file-include(29514)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29514" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in common/visiteurs/include/menus.inc.php in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22411", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22411" + }, + { + "name": "2535", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2535" + }, + { + "name": "20505", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20505" + }, + { + "name": "ADV-2006-4045", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4045" + }, + { + "name": "1733", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1733" + }, + { + "name": "phpmyconferences-menus-file-include(29514)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29514" + }, + { + "name": "20061013 phpMyConferences <= 8.0.2 Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/448547/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5353.json b/2006/5xxx/CVE-2006-5353.json index 95cae1227f9..d209b163664 100644 --- a/2006/5xxx/CVE-2006-5353.json +++ b/2006/5xxx/CVE-2006-5353.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5353", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle HTTP Server component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, and Oracle Collaboration Suite 9.0.4.2 and 10.1.2, has unknown impact and remote attack vectors related to the Mod_rewrite Module, aka Vuln# OHS01." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5353", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded" - }, - { - "name" : "TA06-291A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-291A.html" - }, - { - "name" : "20588", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20588" - }, - { - "name" : "ADV-2006-4065", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4065" - }, - { - "name" : "1017077", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017077" - }, - { - "name" : "22396", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22396" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle HTTP Server component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, and Oracle Collaboration Suite 9.0.4.2 and 10.1.2, has unknown impact and remote attack vectors related to the Mod_rewrite Module, aka Vuln# OHS01." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html" + }, + { + "name": "20588", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20588" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded" + }, + { + "name": "ADV-2006-4065", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4065" + }, + { + "name": "22396", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22396" + }, + { + "name": "1017077", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017077" + }, + { + "name": "TA06-291A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-291A.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2291.json b/2007/2xxx/CVE-2007-2291.json index 50b28ebe0e4..9c9bb7034a4 100644 --- a/2007/2xxx/CVE-2007-2291.json +++ b/2007/2xxx/CVE-2007-2291.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2291", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in the Digest Authentication support for Microsoft Internet Explorer 7.0.5730.11 allows remote attackers to conduct HTTP response splitting attacks via a LF (%0a) in the username attribute." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2291", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070425 IE 7 and Firefox Browsers Digest Authentication Request Splitting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/466906/100/0/threaded" - }, - { - "name" : "http://www.wisec.it/vulns.php?id=11", - "refsource" : "MISC", - "url" : "http://www.wisec.it/vulns.php?id=11" - }, - { - "name" : "23668", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23668" - }, - { - "name" : "1017969", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017969" - }, - { - "name" : "2654", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2654" - }, - { - "name" : "ie-lf-response-splitting(33978)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33978" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in the Digest Authentication support for Microsoft Internet Explorer 7.0.5730.11 allows remote attackers to conduct HTTP response splitting attacks via a LF (%0a) in the username attribute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.wisec.it/vulns.php?id=11", + "refsource": "MISC", + "url": "http://www.wisec.it/vulns.php?id=11" + }, + { + "name": "1017969", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017969" + }, + { + "name": "ie-lf-response-splitting(33978)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33978" + }, + { + "name": "23668", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23668" + }, + { + "name": "20070425 IE 7 and Firefox Browsers Digest Authentication Request Splitting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/466906/100/0/threaded" + }, + { + "name": "2654", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2654" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2363.json b/2007/2xxx/CVE-2007-2363.json index 69517932bb7..ccafd2913a7 100644 --- a/2007/2xxx/CVE-2007-2363.json +++ b/2007/2xxx/CVE-2007-2363.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2363", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in IrfanView 4.00 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted .IFF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2363", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3811", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3811" - }, - { - "name" : "23692", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23692" - }, - { - "name" : "ADV-2007-1575", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1575" - }, - { - "name" : "35463", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35463" - }, - { - "name" : "25052", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25052" - }, - { - "name" : "irfanview-iff-bo(33946)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33946" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in IrfanView 4.00 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted .IFF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35463", + "refsource": "OSVDB", + "url": "http://osvdb.org/35463" + }, + { + "name": "23692", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23692" + }, + { + "name": "3811", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3811" + }, + { + "name": "25052", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25052" + }, + { + "name": "irfanview-iff-bo(33946)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33946" + }, + { + "name": "ADV-2007-1575", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1575" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0521.json b/2010/0xxx/CVE-2010-0521.json index cff70c469c7..d8c61cc65fe 100644 --- a/2010/0xxx/CVE-2010-0521.json +++ b/2010/0xxx/CVE-2010-0521.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0521", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Server Admin in Apple Mac OS X Server before 10.6.3 does not properly enforce authentication for directory binding, which allows remote attackers to obtain potentially sensitive information from Open Directory via unspecified LDAP requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-0521", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4077", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4077" - }, - { - "name" : "APPLE-SA-2010-03-29-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Server Admin in Apple Mac OS X Server before 10.6.3 does not properly enforce authentication for directory binding, which allows remote attackers to obtain potentially sensitive information from Open Directory via unspecified LDAP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2010-03-29-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" + }, + { + "name": "http://support.apple.com/kb/HT4077", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4077" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0579.json b/2010/0xxx/CVE-2010-0579.json index b59eeda4aad..76231aab418 100644 --- a/2010/0xxx/CVE-2010-0579.json +++ b/2010/0xxx/CVE-2010-0579.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0579", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device reload) via a malformed SIP message, aka Bug ID CSCtb93416, the \"SIP Message Handling Denial of Service Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2010-0579", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=20063", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=20063" - }, - { - "name" : "20100324 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b20f32.shtml" - }, - { - "name" : "1023744", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023744" - }, - { - "name" : "39068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39068" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device reload) via a malformed SIP message, aka Bug ID CSCtb93416, the \"SIP Message Handling Denial of Service Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1023744", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023744" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=20063", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=20063" + }, + { + "name": "39068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39068" + }, + { + "name": "20100324 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b20f32.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0709.json b/2010/0xxx/CVE-2010-0709.json index baf216a3dd9..d7ec14c158a 100644 --- a/2010/0xxx/CVE-2010-0709.json +++ b/2010/0xxx/CVE-2010-0709.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0709", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Limny 2.0 allow remote attackers to (1) hijack the authentication of users or administrators for requests that change the email address or password via the user action to index.php, and (2) hijack the authentication of the administrator for requests that create a new user via the admin/modules/user/new action to limny/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0709", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "11477", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11477" - }, - { - "name" : "11478", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11478" - }, - { - "name" : "http://www.limny.org/", - "refsource" : "CONFIRM", - "url" : "http://www.limny.org/" - }, - { - "name" : "62389", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/62389" - }, - { - "name" : "38616", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38616" - }, - { - "name" : "limny-admin-csrf(56318)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Limny 2.0 allow remote attackers to (1) hijack the authentication of users or administrators for requests that change the email address or password via the user action to index.php, and (2) hijack the authentication of the administrator for requests that create a new user via the admin/modules/user/new action to limny/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11478", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11478" + }, + { + "name": "limny-admin-csrf(56318)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56318" + }, + { + "name": "http://www.limny.org/", + "refsource": "CONFIRM", + "url": "http://www.limny.org/" + }, + { + "name": "38616", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38616" + }, + { + "name": "11477", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11477" + }, + { + "name": "62389", + "refsource": "OSVDB", + "url": "http://osvdb.org/62389" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0728.json b/2010/0xxx/CVE-2010-0728.json index c013dd4bd66..bdd938e2a5c 100644 --- a/2010/0xxx/CVE-2010-0728.json +++ b/2010/0xxx/CVE-2010-0728.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0728", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAP_DAC_OVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via standard filesystem operations with any client." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-0728", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[samba-announce] 20100308 Security problem with Samba on Linux - affects 3.5.0, 3.4.6 and 3.3.11", - "refsource" : "MLIST", - "url" : "http://lists.samba.org/archive/samba-announce/2010/000211.html" - }, - { - "name" : "http://www.samba.org/samba/history/samba-3.3.12.html", - "refsource" : "CONFIRM", - "url" : "http://www.samba.org/samba/history/samba-3.3.12.html" - }, - { - "name" : "http://www.samba.org/samba/history/samba-3.4.7.html", - "refsource" : "CONFIRM", - "url" : "http://www.samba.org/samba/history/samba-3.4.7.html" - }, - { - "name" : "http://www.samba.org/samba/history/samba-3.5.1.html", - "refsource" : "CONFIRM", - "url" : "http://www.samba.org/samba/history/samba-3.5.1.html" - }, - { - "name" : "http://www.samba.org/samba/security/CVE-2010-0728", - "refsource" : "CONFIRM", - "url" : "http://www.samba.org/samba/security/CVE-2010-0728" - }, - { - "name" : "https://bugzilla.samba.org/show_bug.cgi?id=7222", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.samba.org/show_bug.cgi?id=7222" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAP_DAC_OVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via standard filesystem operations with any client." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[samba-announce] 20100308 Security problem with Samba on Linux - affects 3.5.0, 3.4.6 and 3.3.11", + "refsource": "MLIST", + "url": "http://lists.samba.org/archive/samba-announce/2010/000211.html" + }, + { + "name": "http://www.samba.org/samba/security/CVE-2010-0728", + "refsource": "CONFIRM", + "url": "http://www.samba.org/samba/security/CVE-2010-0728" + }, + { + "name": "http://www.samba.org/samba/history/samba-3.4.7.html", + "refsource": "CONFIRM", + "url": "http://www.samba.org/samba/history/samba-3.4.7.html" + }, + { + "name": "https://bugzilla.samba.org/show_bug.cgi?id=7222", + "refsource": "CONFIRM", + "url": "https://bugzilla.samba.org/show_bug.cgi?id=7222" + }, + { + "name": "http://www.samba.org/samba/history/samba-3.3.12.html", + "refsource": "CONFIRM", + "url": "http://www.samba.org/samba/history/samba-3.3.12.html" + }, + { + "name": "http://www.samba.org/samba/history/samba-3.5.1.html", + "refsource": "CONFIRM", + "url": "http://www.samba.org/samba/history/samba-3.5.1.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1054.json b/2010/1xxx/CVE-2010-1054.json index 9031c17e771..2065766c1be 100644 --- a/2010/1xxx/CVE-2010-1054.json +++ b/2010/1xxx/CVE-2010-1054.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1054", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in ParsCMS allow remote attackers to execute arbitrary SQL commands via the RP parameter to (1) fa_default.asp and (2) en_default.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1054", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100315 Pars CMS SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/510066/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.org/1003-exploits/parscms-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1003-exploits/parscms-sql.txt" - }, - { - "name" : "38734", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38734" - }, - { - "name" : "62999", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/62999" - }, - { - "name" : "63000", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/63000" - }, - { - "name" : "39007", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39007" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in ParsCMS allow remote attackers to execute arbitrary SQL commands via the RP parameter to (1) fa_default.asp and (2) en_default.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/1003-exploits/parscms-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1003-exploits/parscms-sql.txt" + }, + { + "name": "38734", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38734" + }, + { + "name": "62999", + "refsource": "OSVDB", + "url": "http://osvdb.org/62999" + }, + { + "name": "63000", + "refsource": "OSVDB", + "url": "http://osvdb.org/63000" + }, + { + "name": "20100315 Pars CMS SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/510066/100/0/threaded" + }, + { + "name": "39007", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39007" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1163.json b/2010/1xxx/CVE-2010-1163.json index 7245b6e109f..660868328cd 100644 --- a/2010/1xxx/CVE-2010-1163.json +++ b/2010/1xxx/CVE-2010-1163.json @@ -1,197 +1,197 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1163", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for \".\", which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-1163", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100420 Re: sudoedit local privilege escalation through PATH manipulation", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/510846/100/0/threaded" - }, - { - "name" : "20100422 Re: sudoedit local privilege escalation through PATH manipulation", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/510880/100/0/threaded" - }, - { - "name" : "20100419 sudoedit local privilege escalation through PATH manipulation", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/510827/100/0/threaded" - }, - { - "name" : "20101027 rPSA-2010-0075-1 sudo", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514489/100/0/threaded" - }, - { - "name" : "http://www.sudo.ws/sudo/alerts/sudoedit_escalate2.html", - "refsource" : "CONFIRM", - "url" : "http://www.sudo.ws/sudo/alerts/sudoedit_escalate2.html" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2010-0075", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2010-0075" - }, - { - "name" : "FEDORA-2010-6756", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039986.html" - }, - { - "name" : "MDVSA-2010:078", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:078" - }, - { - "name" : "RHSA-2010:0361", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0361.html" - }, - { - "name" : "SSA:2010-110-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.577019" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "USN-928-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-928-1" - }, - { - "name" : "39468", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39468" - }, - { - "name" : "63878", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/63878" - }, - { - "name" : "oval:org.mitre.oval:def:9382", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9382" - }, - { - "name" : "39384", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39384" - }, - { - "name" : "39474", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39474" - }, - { - "name" : "39543", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39543" - }, - { - "name" : "39399", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39399" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2010-0881", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0881" - }, - { - "name" : "ADV-2010-0895", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0895" - }, - { - "name" : "ADV-2010-0949", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0949" - }, - { - "name" : "ADV-2010-0956", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0956" - }, - { - "name" : "ADV-2010-1019", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1019" - }, - { - "name" : "ADV-2010-0904", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0904" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - }, - { - "name" : "sudo-sudoefit-privilege-escalation(57836)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57836" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for \".\", which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-928-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-928-1" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "RHSA-2010:0361", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0361.html" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "39384", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39384" + }, + { + "name": "oval:org.mitre.oval:def:9382", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9382" + }, + { + "name": "39543", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39543" + }, + { + "name": "39399", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39399" + }, + { + "name": "ADV-2010-1019", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1019" + }, + { + "name": "63878", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/63878" + }, + { + "name": "ADV-2010-0956", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0956" + }, + { + "name": "20100422 Re: sudoedit local privilege escalation through PATH manipulation", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/510880/100/0/threaded" + }, + { + "name": "20101027 rPSA-2010-0075-1 sudo", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514489/100/0/threaded" + }, + { + "name": "MDVSA-2010:078", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:078" + }, + { + "name": "FEDORA-2010-6756", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039986.html" + }, + { + "name": "ADV-2010-0895", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0895" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "ADV-2010-0949", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0949" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2010-0075", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0075" + }, + { + "name": "20100419 sudoedit local privilege escalation through PATH manipulation", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/510827/100/0/threaded" + }, + { + "name": "39468", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39468" + }, + { + "name": "ADV-2010-0881", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0881" + }, + { + "name": "39474", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39474" + }, + { + "name": "20100420 Re: sudoedit local privilege escalation through PATH manipulation", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/510846/100/0/threaded" + }, + { + "name": "http://www.sudo.ws/sudo/alerts/sudoedit_escalate2.html", + "refsource": "CONFIRM", + "url": "http://www.sudo.ws/sudo/alerts/sudoedit_escalate2.html" + }, + { + "name": "sudo-sudoefit-privilege-escalation(57836)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57836" + }, + { + "name": "ADV-2010-0904", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0904" + }, + { + "name": "SSA:2010-110-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.577019" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1237.json b/2010/1xxx/CVE-2010-1237.json index b44c71404ce..3e498f24d9c 100644 --- a/2010/1xxx/CVE-2010-1237.json +++ b/2010/1xxx/CVE-2010-1237.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1237", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome 4.1 BETA before 4.1.249.1036 allows remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via an empty SVG element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=37061", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=37061" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html" - }, - { - "name" : "oval:org.mitre.oval:def:14374", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14374" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome 4.1 BETA before 4.1.249.1036 allows remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via an empty SVG element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:14374", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14374" + }, + { + "name": "http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=37061", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=37061" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3198.json b/2010/3xxx/CVE-2010-3198.json index 0f2b0187533..9a636586d18 100644 --- a/2010/3xxx/CVE-2010-3198.json +++ b/2010/3xxx/CVE-2010-3198.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3198", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows remote attackers to cause a denial of service (crash of worker threads) via vectors that trigger uncaught exceptions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3198", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[zope-announce] 20100901 Annoucement: Zope 2.10.12 and 2.11.7 Released", - "refsource" : "MLIST", - "url" : "https://mail.zope.org/pipermail/zope-announce/2010-September/002247.html" - }, - { - "name" : "http://www.zope.org/Products/Zope/2.10.12/CHANGES.txt", - "refsource" : "CONFIRM", - "url" : "http://www.zope.org/Products/Zope/2.10.12/CHANGES.txt" - }, - { - "name" : "http://www.zope.org/Products/Zope/2.11.7/CHANGES.txt", - "refsource" : "CONFIRM", - "url" : "http://www.zope.org/Products/Zope/2.11.7/CHANGES.txt" - }, - { - "name" : "https://bugs.launchpad.net/zope2/+bug/627988", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/zope2/+bug/627988" - }, - { - "name" : "42939", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42939" - }, - { - "name" : "ADV-2010-2275", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2275" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows remote attackers to cause a denial of service (crash of worker threads) via vectors that trigger uncaught exceptions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zope.org/Products/Zope/2.10.12/CHANGES.txt", + "refsource": "CONFIRM", + "url": "http://www.zope.org/Products/Zope/2.10.12/CHANGES.txt" + }, + { + "name": "ADV-2010-2275", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2275" + }, + { + "name": "[zope-announce] 20100901 Annoucement: Zope 2.10.12 and 2.11.7 Released", + "refsource": "MLIST", + "url": "https://mail.zope.org/pipermail/zope-announce/2010-September/002247.html" + }, + { + "name": "http://www.zope.org/Products/Zope/2.11.7/CHANGES.txt", + "refsource": "CONFIRM", + "url": "http://www.zope.org/Products/Zope/2.11.7/CHANGES.txt" + }, + { + "name": "42939", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42939" + }, + { + "name": "https://bugs.launchpad.net/zope2/+bug/627988", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/zope2/+bug/627988" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3752.json b/2010/3xxx/CVE-2010-3752.json index 62c92a3636f..ed87f9d4bae 100644 --- a/2010/3xxx/CVE-2010-3752.json +++ b/2010/3xxx/CVE-2010-3752.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3752", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in (1) cisco_dns_info or (2) cisco_domain_info data in a packet, a different vulnerability than CVE-2010-3302." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3752", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.openswan.org/download/CVE-2010-3302/CVE-2010-3302.txt", - "refsource" : "CONFIRM", - "url" : "http://www.openswan.org/download/CVE-2010-3302/CVE-2010-3302.txt" - }, - { - "name" : "http://www.openswan.org/download/CVE-2010-3302/openswan-2.6.25-CVE-2010-3302.patch", - "refsource" : "CONFIRM", - "url" : "http://www.openswan.org/download/CVE-2010-3302/openswan-2.6.25-CVE-2010-3302.patch" - }, - { - "name" : "http://www.openswan.org/download/CVE-2010-3308/openswan-2.6.26-2.6.28-CVE-2010-330x.patch", - "refsource" : "CONFIRM", - "url" : "http://www.openswan.org/download/CVE-2010-3308/openswan-2.6.26-2.6.28-CVE-2010-330x.patch" - }, - { - "name" : "RHSA-2010:0892", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0892.html" - }, - { - "name" : "43588", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43588" - }, - { - "name" : "1024749", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024749" - }, - { - "name" : "ADV-2010-2526", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2526" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in (1) cisco_dns_info or (2) cisco_domain_info data in a packet, a different vulnerability than CVE-2010-3302." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-2526", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2526" + }, + { + "name": "http://www.openswan.org/download/CVE-2010-3302/CVE-2010-3302.txt", + "refsource": "CONFIRM", + "url": "http://www.openswan.org/download/CVE-2010-3302/CVE-2010-3302.txt" + }, + { + "name": "43588", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43588" + }, + { + "name": "RHSA-2010:0892", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0892.html" + }, + { + "name": "1024749", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024749" + }, + { + "name": "http://www.openswan.org/download/CVE-2010-3308/openswan-2.6.26-2.6.28-CVE-2010-330x.patch", + "refsource": "CONFIRM", + "url": "http://www.openswan.org/download/CVE-2010-3308/openswan-2.6.26-2.6.28-CVE-2010-330x.patch" + }, + { + "name": "http://www.openswan.org/download/CVE-2010-3302/openswan-2.6.25-CVE-2010-3302.patch", + "refsource": "CONFIRM", + "url": "http://www.openswan.org/download/CVE-2010-3302/openswan-2.6.25-CVE-2010-3302.patch" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4278.json b/2010/4xxx/CVE-2010-4278.json index 8713af78150..dced1f23503 100644 --- a/2010/4xxx/CVE-2010-4278.json +++ b/2010/4xxx/CVE-2010-4278.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4278", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "operation/agentes/networkmap.php in Pandora FMS before 3.1.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the layout parameter in an operation/agentes/networkmap action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4278", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101130 Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514939/100/0/threaded" - }, - { - "name" : "15640", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15640" - }, - { - "name" : "20101130 Pandora FMS Authentication Bypass and Multiple\tInput Validation Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2010/Nov/326" - }, - { - "name" : "http://sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download" - }, - { - "name" : "45112", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45112" - }, - { - "name" : "69550", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/69550" - }, - { - "name" : "42347", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42347" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "operation/agentes/networkmap.php in Pandora FMS before 3.1.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the layout parameter in an operation/agentes/networkmap action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42347", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42347" + }, + { + "name": "20101130 Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514939/100/0/threaded" + }, + { + "name": "69550", + "refsource": "OSVDB", + "url": "http://osvdb.org/69550" + }, + { + "name": "15640", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15640" + }, + { + "name": "http://sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download" + }, + { + "name": "45112", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45112" + }, + { + "name": "20101130 Pandora FMS Authentication Bypass and Multiple\tInput Validation Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2010/Nov/326" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4563.json b/2010/4xxx/CVE-2010-4563.json index 7b8b8c9dd9e..7a82aa92d78 100644 --- a/2010/4xxx/CVE-2010-4563.json +++ b/2010/4xxx/CVE-2010-4563.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4563", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4563", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110415 Another Microsoft (and other) IPv6 security issue: sniffer detection", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2011/Apr/254" - }, - { - "name" : "[dailydave] 20110415 Another Microsoft (and other) IPv6 security issue: sniffer detection", - "refsource" : "MLIST", - "url" : "http://seclists.org/dailydave/2011/q2/25" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20110415 Another Microsoft (and other) IPv6 security issue: sniffer detection", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2011/Apr/254" + }, + { + "name": "[dailydave] 20110415 Another Microsoft (and other) IPv6 security issue: sniffer detection", + "refsource": "MLIST", + "url": "http://seclists.org/dailydave/2011/q2/25" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4765.json b/2010/4xxx/CVE-2010-4765.json index c04e2b1631b..7c51591bc6d 100644 --- a/2010/4xxx/CVE-2010-4765.json +++ b/2010/4xxx/CVE-2010-4765.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4765", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the Kernel::System::Main::FileWrite method in Open Ticket Request System (OTRS) before 2.4.8 allows remote authenticated users to corrupt the TicketCounter.log data in opportunistic circumstances by creating tickets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4765", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.otrs.org/show_bug.cgi?id=4936", - "refsource" : "CONFIRM", - "url" : "http://bugs.otrs.org/show_bug.cgi?id=4936" - }, - { - "name" : "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807", - "refsource" : "CONFIRM", - "url" : "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the Kernel::System::Main::FileWrite method in Open Ticket Request System (OTRS) before 2.4.8 allows remote authenticated users to corrupt the TicketCounter.log data in opportunistic circumstances by creating tickets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.otrs.org/show_bug.cgi?id=4936", + "refsource": "CONFIRM", + "url": "http://bugs.otrs.org/show_bug.cgi?id=4936" + }, + { + "name": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807", + "refsource": "CONFIRM", + "url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4977.json b/2010/4xxx/CVE-2010-4977.json index c6f675e89a5..361b9c76596 100644 --- a/2010/4xxx/CVE-2010-4977.json +++ b/2010/4xxx/CVE-2010-4977.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4977", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in menu.php in the Canteen (com_canteen) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the mealid parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4977", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100704 Canteen Joomla Component 1.0 Multiple Remote Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/512170/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.org/1007-exploits/joomlacanteen-lfisql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1007-exploits/joomlacanteen-lfisql.txt" - }, - { - "name" : "http://www.salvatorefresta.net/files/adv/Canteen%20Joomla%20Component%201.0%20Multiple%20Remote%20Vulnerabilities-04072010.txt", - "refsource" : "MISC", - "url" : "http://www.salvatorefresta.net/files/adv/Canteen%20Joomla%20Component%201.0%20Multiple%20Remote%20Vulnerabilities-04072010.txt" - }, - { - "name" : "41358", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41358" - }, - { - "name" : "66031", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/66031" - }, - { - "name" : "40503", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40503" - }, - { - "name" : "8495", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8495" - }, - { - "name" : "canteencom-index-sql-injection(60103)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60103" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in menu.php in the Canteen (com_canteen) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the mealid parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8495", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8495" + }, + { + "name": "http://www.salvatorefresta.net/files/adv/Canteen%20Joomla%20Component%201.0%20Multiple%20Remote%20Vulnerabilities-04072010.txt", + "refsource": "MISC", + "url": "http://www.salvatorefresta.net/files/adv/Canteen%20Joomla%20Component%201.0%20Multiple%20Remote%20Vulnerabilities-04072010.txt" + }, + { + "name": "66031", + "refsource": "OSVDB", + "url": "http://osvdb.org/66031" + }, + { + "name": "20100704 Canteen Joomla Component 1.0 Multiple Remote Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/512170/100/0/threaded" + }, + { + "name": "canteencom-index-sql-injection(60103)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60103" + }, + { + "name": "40503", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40503" + }, + { + "name": "http://packetstormsecurity.org/1007-exploits/joomlacanteen-lfisql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1007-exploits/joomlacanteen-lfisql.txt" + }, + { + "name": "41358", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41358" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0317.json b/2014/0xxx/CVE-2014-0317.json index 618888e38d2..556b6a81858 100644 --- a/2014/0xxx/CVE-2014-0317.json +++ b/2014/0xxx/CVE-2014-0317.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0317", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Security Account Manager Remote (SAMR) protocol implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly determine the user-lockout state, which makes it easier for remote attackers to bypass the account lockout policy and obtain access via a brute-force attack, aka \"SAMR Security Feature Bypass Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-0317", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-016", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-016" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Security Account Manager Remote (SAMR) protocol implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly determine the user-lockout state, which makes it easier for remote attackers to bypass the account lockout policy and obtain access via a brute-force attack, aka \"SAMR Security Feature Bypass Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS14-016", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-016" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0393.json b/2014/0xxx/CVE-2014-0393.json index d488d672073..75671c8c20d 100644 --- a/2014/0xxx/CVE-2014-0393.json +++ b/2014/0xxx/CVE-2014-0393.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0393", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-0393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" - }, - { - "name" : "DSA-2845", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2845" - }, - { - "name" : "DSA-2848", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2848" - }, - { - "name" : "GLSA-201409-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201409-04.xml" - }, - { - "name" : "RHSA-2014:0164", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0164.html" - }, - { - "name" : "RHSA-2014:0173", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0173.html" - }, - { - "name" : "RHSA-2014:0186", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0186.html" - }, - { - "name" : "RHSA-2014:0189", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0189.html" - }, - { - "name" : "USN-2086-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-2086-1" - }, - { - "name" : "64758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64758" - }, - { - "name" : "64877", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64877" - }, - { - "name" : "102075", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102075" - }, - { - "name" : "56491", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56491" - }, - { - "name" : "56541", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56541" - }, - { - "name" : "56580", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56580" - }, - { - "name" : "oracle-cpujan2014-cve20140393(90386)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90386" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2086-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-2086-1" + }, + { + "name": "DSA-2845", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2845" + }, + { + "name": "56491", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56491" + }, + { + "name": "RHSA-2014:0186", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0186.html" + }, + { + "name": "56541", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56541" + }, + { + "name": "DSA-2848", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2848" + }, + { + "name": "56580", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56580" + }, + { + "name": "64877", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64877" + }, + { + "name": "RHSA-2014:0173", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0173.html" + }, + { + "name": "RHSA-2014:0189", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0189.html" + }, + { + "name": "RHSA-2014:0164", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0164.html" + }, + { + "name": "oracle-cpujan2014-cve20140393(90386)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90386" + }, + { + "name": "64758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64758" + }, + { + "name": "102075", + "refsource": "OSVDB", + "url": "http://osvdb.org/102075" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" + }, + { + "name": "GLSA-201409-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201409-04.xml" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0662.json b/2014/0xxx/CVE-2014-0662.json index edb37b9416f..6941ec17c1b 100644 --- a/2014/0xxx/CVE-2014-0662.json +++ b/2014/0xxx/CVE-2014-0662.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0662", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SIP module in Cisco TelePresence Video Communication Server (VCS) before 8.1 allows remote attackers to cause a denial of service (process failure) via a crafted SDP message, aka Bug ID CSCue97632." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-0662", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=32409", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=32409" - }, - { - "name" : "20140122 Cisco TelePresence Video Communication Server SIP Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-vcs" - }, - { - "name" : "65076", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65076" - }, - { - "name" : "102363", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102363" - }, - { - "name" : "1029655", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029655" - }, - { - "name" : "56592", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56592" - }, - { - "name" : "cisco-vcs-cve20140662-dos(90621)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90621" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SIP module in Cisco TelePresence Video Communication Server (VCS) before 8.1 allows remote attackers to cause a denial of service (process failure) via a crafted SDP message, aka Bug ID CSCue97632." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=32409", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=32409" + }, + { + "name": "65076", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65076" + }, + { + "name": "20140122 Cisco TelePresence Video Communication Server SIP Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-vcs" + }, + { + "name": "102363", + "refsource": "OSVDB", + "url": "http://osvdb.org/102363" + }, + { + "name": "1029655", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029655" + }, + { + "name": "56592", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56592" + }, + { + "name": "cisco-vcs-cve20140662-dos(90621)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90621" + } + ] + } +} \ No newline at end of file diff --git a/2014/10xxx/CVE-2014-10004.json b/2014/10xxx/CVE-2014-10004.json index 5d7650006f8..941e9608cd1 100644 --- a/2014/10xxx/CVE-2014-10004.json +++ b/2014/10xxx/CVE-2014-10004.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-10004", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in admin/data_files/move.php in Maian Uploader 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-10004", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/124918", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/124918" - }, - { - "name" : "102488", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102488" - }, - { - "name" : "maian-uploader-move-sql-injection(90715)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90715" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in admin/data_files/move.php in Maian Uploader 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102488", + "refsource": "OSVDB", + "url": "http://osvdb.org/102488" + }, + { + "name": "maian-uploader-move-sql-injection(90715)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90715" + }, + { + "name": "http://packetstormsecurity.com/files/124918", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/124918" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4017.json b/2014/4xxx/CVE-2014-4017.json index 2c4254dfa71..7df9615d3b2 100644 --- a/2014/4xxx/CVE-2014-4017.json +++ b/2014/4xxx/CVE-2014-4017.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4017", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Conversion Ninja plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to lp/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4017", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/126781/WordPress-Conversion-Ninja-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/126781/WordPress-Conversion-Ninja-Cross-Site-Scripting.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Conversion Ninja plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to lp/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/126781/WordPress-Conversion-Ninja-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/126781/WordPress-Conversion-Ninja-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4360.json b/2014/4xxx/CVE-2014-4360.json index 364e74e1514..e6468e349f7 100644 --- a/2014/4xxx/CVE-2014-4360.json +++ b/2014/4xxx/CVE-2014-4360.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4360", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-4360", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4645.json b/2014/4xxx/CVE-2014-4645.json index f29c295de55..2b8c933f7b2 100644 --- a/2014/4xxx/CVE-2014-4645.json +++ b/2014/4xxx/CVE-2014-4645.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4645", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in dhcpinfo.html in D-link DSL-2760U-E1 allows remote attackers to inject arbitrary web script or HTML via a hostname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4645", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "33822", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/33822" - }, - { - "name" : "68144", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68144" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in dhcpinfo.html in D-link DSL-2760U-E1 allows remote attackers to inject arbitrary web script or HTML via a hostname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33822", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/33822" + }, + { + "name": "68144", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68144" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4977.json b/2014/4xxx/CVE-2014-4977.json index df2874dd7ed..08b5b89d7de 100644 --- a/2014/4xxx/CVE-2014-4977.json +++ b/2014/4xxx/CVE-2014-4977.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4977", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the (2) user_id parameter in the changeUnit function, (3) methodDetail parameter in the methodDetail function, or (4) xcNetworkDetail parameter in the xcNetworkDetail function in d4d/exporters.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4977", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "39836", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/39836/" - }, - { - "name" : "20140710 Dell Scrutinizer 11.01 multiple vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Jul/44" - }, - { - "name" : "http://packetstormsecurity.com/files/127429/Dell-Sonicwall-Scrutinizer-11.01-Code-Execution-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127429/Dell-Sonicwall-Scrutinizer-11.01-Code-Execution-SQL-Injection.html" - }, - { - "name" : "https://gist.github.com/brandonprry/36b4b8df1cde279a9305", - "refsource" : "MISC", - "url" : "https://gist.github.com/brandonprry/36b4b8df1cde279a9305" - }, - { - "name" : "https://gist.github.com/brandonprry/76741d9a0d4f518fe297", - "refsource" : "MISC", - "url" : "https://gist.github.com/brandonprry/76741d9a0d4f518fe297" - }, - { - "name" : "http://packetstormsecurity.com/files/137098/Dell-SonicWALL-Scrutinizer-11.01-methodDetail-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/137098/Dell-SonicWALL-Scrutinizer-11.01-methodDetail-SQL-Injection.html" - }, - { - "name" : "68495", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68495" - }, - { - "name" : "dell-scrutinizer-admin-sql-injection(94439)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94439" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the (2) user_id parameter in the changeUnit function, (3) methodDetail parameter in the methodDetail function, or (4) xcNetworkDetail parameter in the xcNetworkDetail function in d4d/exporters.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39836", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/39836/" + }, + { + "name": "20140710 Dell Scrutinizer 11.01 multiple vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Jul/44" + }, + { + "name": "http://packetstormsecurity.com/files/137098/Dell-SonicWALL-Scrutinizer-11.01-methodDetail-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/137098/Dell-SonicWALL-Scrutinizer-11.01-methodDetail-SQL-Injection.html" + }, + { + "name": "http://packetstormsecurity.com/files/127429/Dell-Sonicwall-Scrutinizer-11.01-Code-Execution-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127429/Dell-Sonicwall-Scrutinizer-11.01-Code-Execution-SQL-Injection.html" + }, + { + "name": "dell-scrutinizer-admin-sql-injection(94439)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94439" + }, + { + "name": "68495", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68495" + }, + { + "name": "https://gist.github.com/brandonprry/36b4b8df1cde279a9305", + "refsource": "MISC", + "url": "https://gist.github.com/brandonprry/36b4b8df1cde279a9305" + }, + { + "name": "https://gist.github.com/brandonprry/76741d9a0d4f518fe297", + "refsource": "MISC", + "url": "https://gist.github.com/brandonprry/76741d9a0d4f518fe297" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8572.json b/2014/8xxx/CVE-2014-8572.json index a062c553e71..d4b14bbb26d 100644 --- a/2014/8xxx/CVE-2014-8572.json +++ b/2014/8xxx/CVE-2014-8572.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2014-8572", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "AC6605,AC6605,ACU,S2300, S3300,S2700, S3700,S5300, S5700,S6300, S6700,S7700, S9300,S9300E, S9700, AC6605 AC6605 V200R001C00, AC6605 V200R002C00,ACU ACU V200R001C00, ACU V200R002C00,S2300, S3300, V100R006C05 and earlier versions,S2700, S3700,S5300, S5700, V100R006,?S6300, S6700 V200R001, V200R002, V200R003, V200R005C00SPC300 and earlier versions,S7700, S9300, V100R006,S9300E, S9700 V200R001, V200R002, V200R003, V200R005C00SPC300 and earlier versions,", - "version" : { - "version_data" : [ - { - "version_value" : "AC6605,AC6605,ACU,S2300, S3300,S2700, S3700,S5300, S5700,S6300, S6700,S7700, S9300,S9300E, S9700, AC6605 AC6605 V200R001C00, AC6605 V200R002C00,ACU ACU V200R001C00, ACU V200R002C00,S2300, S3300, V100R006C05 and earlier versions,S2700, S3700,S5300, S5700, V100R006,?S6300, S6700 V200R001, V200R002, V200R003, V200R005C00SPC300 and earlier versions,S7700, S9300, V100R006,S9300E, S9700 V200R001, V200R002, V200R003, V200R005C00SPC300 and earlier versions," - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei AC6605 with software V200R001C00; AC6605 with software V200R002C00; ACU with software V200R001C00; ACU with software V200R002C00; S2300, S3300, S2700, S3700 with software V100R006C05 and earlier versions; S5300, S5700, S6300, S6700 with software V100R006, V200R001, V200R002, V200R003, V200R005C00SPC300 and earlier versions; S7700, S9300, S9300E, S9700 with software V100R006, V200R001, V200R002, V200R003, V200R005C00SPC300 and earlier versions could allow remote attackers to send a special SSH packet to the VRP device to cause a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "SSH Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2014-8572", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AC6605,AC6605,ACU,S2300, S3300,S2700, S3700,S5300, S5700,S6300, S6700,S7700, S9300,S9300E, S9700, AC6605 AC6605 V200R001C00, AC6605 V200R002C00,ACU ACU V200R001C00, ACU V200R002C00,S2300, S3300, V100R006C05 and earlier versions,S2700, S3700,S5300, S5700, V100R006,?S6300, S6700 V200R001, V200R002, V200R003, V200R005C00SPC300 and earlier versions,S7700, S9300, V100R006,S9300E, S9700 V200R001, V200R002, V200R003, V200R005C00SPC300 and earlier versions,", + "version": { + "version_data": [ + { + "version_value": "AC6605,AC6605,ACU,S2300, S3300,S2700, S3700,S5300, S5700,S6300, S6700,S7700, S9300,S9300E, S9700, AC6605 AC6605 V200R001C00, AC6605 V200R002C00,ACU ACU V200R001C00, ACU V200R002C00,S2300, S3300, V100R006C05 and earlier versions,S2700, S3700,S5300, S5700, V100R006,?S6300, S6700 V200R001, V200R002, V200R003, V200R005C00SPC300 and earlier versions,S7700, S9300, V100R006,S9300E, S9700 V200R001, V200R002, V200R003, V200R005C00SPC300 and earlier versions," + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/hw-373182", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/hw-373182" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei AC6605 with software V200R001C00; AC6605 with software V200R002C00; ACU with software V200R001C00; ACU with software V200R002C00; S2300, S3300, S2700, S3700 with software V100R006C05 and earlier versions; S5300, S5700, S6300, S6700 with software V100R006, V200R001, V200R002, V200R003, V200R005C00SPC300 and earlier versions; S7700, S9300, S9300E, S9700 with software V100R006, V200R001, V200R002, V200R003, V200R005C00SPC300 and earlier versions could allow remote attackers to send a special SSH packet to the VRP device to cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SSH Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/hw-373182", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/hw-373182" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8785.json b/2014/8xxx/CVE-2014-8785.json index 97a5305489d..d82da047b14 100644 --- a/2014/8xxx/CVE-2014-8785.json +++ b/2014/8xxx/CVE-2014-8785.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8785", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8785", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8828.json b/2014/8xxx/CVE-2014-8828.json index 977dfbd8989..8c00a1a7a86 100644 --- a/2014/8xxx/CVE-2014-8828.json +++ b/2014/8xxx/CVE-2014-8828.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8828", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sandbox in Apple OS X before 10.10 allows attackers to write to the sandbox-profile cache via a sandboxed app that includes a com.apple.sandbox segment in a path." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-8828", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/HT204244", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204244" - }, - { - "name" : "APPLE-SA-2015-01-27-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" - }, - { - "name" : "1031650", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031650" - }, - { - "name" : "macosx-cve20148828-sec-bypass(100522)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100522" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sandbox in Apple OS X before 10.10 allows attackers to write to the sandbox-profile cache via a sandboxed app that includes a com.apple.sandbox segment in a path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031650", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031650" + }, + { + "name": "http://support.apple.com/HT204244", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204244" + }, + { + "name": "APPLE-SA-2015-01-27-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" + }, + { + "name": "macosx-cve20148828-sec-bypass(100522)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100522" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8889.json b/2014/8xxx/CVE-2014-8889.json index a01afe31833..46f2764951c 100644 --- a/2014/8xxx/CVE-2014-8889.json +++ b/2014/8xxx/CVE-2014-8889.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8889", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dropbox SDK for Android before 1.6.2 might allow remote attackers to obtain sensitive information via crafted malware or via a drive-by download attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-8889", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150311 Vulnerability in the Dropbox SDK for Android (CVE-2014-8889)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534843/100/1500/threaded" - }, - { - "name" : "20150311 Vulnerability in the Dropbox SDK for Android (CVE-2014-8889)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Mar/61" - }, - { - "name" : "http://packetstormsecurity.com/files/130767/Dropbox-SDK-For-Android-Remote-Exploitation.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130767/Dropbox-SDK-For-Android-Remote-Exploitation.html" - }, - { - "name" : "https://securityintelligence.com/droppedin-remotely-exploitable-vulnerability-in-the-dropbox-sdk-for-android/", - "refsource" : "MISC", - "url" : "https://securityintelligence.com/droppedin-remotely-exploitable-vulnerability-in-the-dropbox-sdk-for-android/" - }, - { - "name" : "73035", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73035" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dropbox SDK for Android before 1.6.2 might allow remote attackers to obtain sensitive information via crafted malware or via a drive-by download attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "73035", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73035" + }, + { + "name": "20150311 Vulnerability in the Dropbox SDK for Android (CVE-2014-8889)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534843/100/1500/threaded" + }, + { + "name": "https://securityintelligence.com/droppedin-remotely-exploitable-vulnerability-in-the-dropbox-sdk-for-android/", + "refsource": "MISC", + "url": "https://securityintelligence.com/droppedin-remotely-exploitable-vulnerability-in-the-dropbox-sdk-for-android/" + }, + { + "name": "http://packetstormsecurity.com/files/130767/Dropbox-SDK-For-Android-Remote-Exploitation.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130767/Dropbox-SDK-For-Android-Remote-Exploitation.html" + }, + { + "name": "20150311 Vulnerability in the Dropbox SDK for Android (CVE-2014-8889)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Mar/61" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9130.json b/2014/9xxx/CVE-2014-9130.json index 6103adf5d2f..2407aca4a0e 100644 --- a/2014/9xxx/CVE-2014-9130.json +++ b/2014/9xxx/CVE-2014-9130.json @@ -1,212 +1,212 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9130", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9130", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141128 Re: libyaml / YAML-LibYAML DoS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/11/28/8" - }, - { - "name" : "[oss-security] 20141128 libyaml / YAML-LibYAML DoS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/11/28/1" - }, - { - "name" : "[oss-security] 20141129 Re: Re: libyaml / YAML-LibYAML DoS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/11/29/3" - }, - { - "name" : "https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure", - "refsource" : "MISC", - "url" : "https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure" - }, - { - "name" : "https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2", - "refsource" : "CONFIRM", - "url" : "https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2015-0100.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2015-0100.html" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0508.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0508.html" - }, - { - "name" : "https://puppet.com/security/cve/cve-2014-9130", - "refsource" : "CONFIRM", - "url" : "https://puppet.com/security/cve/cve-2014-9130" - }, - { - "name" : "DSA-3102", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3102" - }, - { - "name" : "DSA-3103", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3103" - }, - { - "name" : "DSA-3115", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3115" - }, - { - "name" : "MDVSA-2014:242", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:242" - }, - { - "name" : "MDVSA-2015:060", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060" - }, - { - "name" : "RHSA-2015:0100", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0100.html" - }, - { - "name" : "RHSA-2015:0112", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0112.html" - }, - { - "name" : "RHSA-2015:0260", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0260.html" - }, - { - "name" : "openSUSE-SU-2015:0319", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html" - }, - { - "name" : "openSUSE-SU-2016:1067", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html" - }, - { - "name" : "USN-2461-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2461-1" - }, - { - "name" : "USN-2461-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2461-2" - }, - { - "name" : "USN-2461-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2461-3" - }, - { - "name" : "71349", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71349" - }, - { - "name" : "59947", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59947" - }, - { - "name" : "60944", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60944" - }, - { - "name" : "62705", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62705" - }, - { - "name" : "62723", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62723" - }, - { - "name" : "62774", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62774" - }, - { - "name" : "62164", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62164" - }, - { - "name" : "62174", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62174" - }, - { - "name" : "62176", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62176" - }, - { - "name" : "libyaml-cve20149130-dos(99047)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99047" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62705", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62705" + }, + { + "name": "https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2", + "refsource": "CONFIRM", + "url": "https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2" + }, + { + "name": "71349", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71349" + }, + { + "name": "DSA-3102", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3102" + }, + { + "name": "62174", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62174" + }, + { + "name": "RHSA-2015:0112", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0112.html" + }, + { + "name": "[oss-security] 20141128 libyaml / YAML-LibYAML DoS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/11/28/1" + }, + { + "name": "MDVSA-2015:060", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060" + }, + { + "name": "USN-2461-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2461-3" + }, + { + "name": "DSA-3115", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3115" + }, + { + "name": "openSUSE-SU-2015:0319", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html" + }, + { + "name": "[oss-security] 20141129 Re: Re: libyaml / YAML-LibYAML DoS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/11/29/3" + }, + { + "name": "62774", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62774" + }, + { + "name": "[oss-security] 20141128 Re: libyaml / YAML-LibYAML DoS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/11/28/8" + }, + { + "name": "RHSA-2015:0260", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0260.html" + }, + { + "name": "62723", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62723" + }, + { + "name": "USN-2461-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2461-1" + }, + { + "name": "https://puppet.com/security/cve/cve-2014-9130", + "refsource": "CONFIRM", + "url": "https://puppet.com/security/cve/cve-2014-9130" + }, + { + "name": "USN-2461-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2461-2" + }, + { + "name": "62176", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62176" + }, + { + "name": "https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure", + "refsource": "MISC", + "url": "https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure" + }, + { + "name": "MDVSA-2014:242", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:242" + }, + { + "name": "DSA-3103", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3103" + }, + { + "name": "60944", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60944" + }, + { + "name": "openSUSE-SU-2016:1067", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html" + }, + { + "name": "62164", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62164" + }, + { + "name": "libyaml-cve20149130-dos(99047)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99047" + }, + { + "name": "RHSA-2015:0100", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0100.html" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2015-0100.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2015-0100.html" + }, + { + "name": "59947", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59947" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0508.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0508.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9289.json b/2014/9xxx/CVE-2014-9289.json index 0267c4c47db..0273548db03 100644 --- a/2014/9xxx/CVE-2014-9289.json +++ b/2014/9xxx/CVE-2014-9289.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9289", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-9289", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9445.json b/2014/9xxx/CVE-2014-9445.json index a2f1bba47f1..5874c71c831 100644 --- a/2014/9xxx/CVE-2014-9445.json +++ b/2014/9xxx/CVE-2014-9445.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9445", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in incl/create.inc.php in Installatron GQ File Manager 0.2.5 allows remote attackers to execute arbitrary SQL commands via the create parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) attacks by creating a file that generates an error. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9445", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35584", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35584" - }, - { - "name" : "gqfilemanager-editinc-xss(99365)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99365" - }, - { - "name" : "gqfilemanager-index-sql-injection(99366)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99366" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in incl/create.inc.php in Installatron GQ File Manager 0.2.5 allows remote attackers to execute arbitrary SQL commands via the create parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) attacks by creating a file that generates an error. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "gqfilemanager-index-sql-injection(99366)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99366" + }, + { + "name": "35584", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35584" + }, + { + "name": "gqfilemanager-editinc-xss(99365)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99365" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9617.json b/2014/9xxx/CVE-2014-9617.json index 6204de37580..8f0a92561cb 100644 --- a/2014/9xxx/CVE-2014-9617.json +++ b/2014/9xxx/CVE-2014-9617.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9617", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9617", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9930.json b/2014/9xxx/CVE-2014-9930.json index 12d89e8f622..6de7034dc89 100644 --- a/2014/9xxx/CVE-2014-9930.json +++ b/2014/9xxx/CVE-2014-9930.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2014-9930", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "All Qualcomm products", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In WCDMA in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free Vulnerability in WCDMA" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2014-9930", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All Qualcomm products", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-05-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-05-01" - }, - { - "name" : "98323", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98323" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In WCDMA in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free Vulnerability in WCDMA" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-05-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-05-01" + }, + { + "name": "98323", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98323" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9946.json b/2014/9xxx/CVE-2014-9946.json index 5e0bf184be2..ed89f6037c1 100644 --- a/2014/9xxx/CVE-2014-9946.json +++ b/2014/9xxx/CVE-2014-9946.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2014-9946", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "All Qualcomm products", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Core Kernel in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free Vulnerability in Core Kernel" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2014-9946", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All Qualcomm products", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-05-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-05-01" - }, - { - "name" : "98247", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98247" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Core Kernel in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free Vulnerability in Core Kernel" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-05-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-05-01" + }, + { + "name": "98247", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98247" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2219.json b/2016/2xxx/CVE-2016-2219.json index 735a041f471..ee0a1644c21 100644 --- a/2016/2xxx/CVE-2016-2219.json +++ b/2016/2xxx/CVE-2016-2219.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2219", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the management interface in Palo Alto Networks PAN-OS 7.x before 7.0.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2219", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/42", - "refsource" : "CONFIRM", - "url" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/42" - }, - { - "name" : "1036192", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036192" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the management interface in Palo Alto Networks PAN-OS 7.x before 7.0.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036192", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036192" + }, + { + "name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/42", + "refsource": "CONFIRM", + "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/42" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3122.json b/2016/3xxx/CVE-2016-3122.json index a84f61b9628..de6ee9f5a8a 100644 --- a/2016/3xxx/CVE-2016-3122.json +++ b/2016/3xxx/CVE-2016-3122.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3122", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3122", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3156.json b/2016/3xxx/CVE-2016-3156.json index c74a9712c68..f607ba87dd5 100644 --- a/2016/3xxx/CVE-2016-3156.json +++ b/2016/3xxx/CVE-2016-3156.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3156", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3156", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160315 CVE request: ipv4: Don't do expensive useless work during inetdev destroy", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/03/15/3" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbd40ea0180a2d328c5adc61414dc8bab9335ce2", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbd40ea0180a2d328c5adc61414dc8bab9335ce2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1318172", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1318172" - }, - { - "name" : "https://github.com/torvalds/linux/commit/fbd40ea0180a2d328c5adc61414dc8bab9335ce2", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/fbd40ea0180a2d328c5adc61414dc8bab9335ce2" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" - }, - { - "name" : "DSA-3607", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3607" - }, - { - "name" : "RHSA-2016:2574", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2574.html" - }, - { - "name" : "RHSA-2016:2584", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2584.html" - }, - { - "name" : "SUSE-SU-2016:1672", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html" - }, - { - "name" : "SUSE-SU-2016:1690", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html" - }, - { - "name" : "SUSE-SU-2016:1707", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html" - }, - { - "name" : "SUSE-SU-2016:1764", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" - }, - { - "name" : "SUSE-SU-2016:2074", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" - }, - { - "name" : "openSUSE-SU-2016:1382", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html" - }, - { - "name" : "SUSE-SU-2016:1019", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html" - }, - { - "name" : "USN-2996-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2996-1" - }, - { - "name" : "USN-2997-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2997-1" - }, - { - "name" : "USN-2968-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2968-1" - }, - { - "name" : "USN-2968-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2968-2" - }, - { - "name" : "USN-2969-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2969-1" - }, - { - "name" : "USN-2970-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2970-1" - }, - { - "name" : "USN-2971-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2971-1" - }, - { - "name" : "USN-2971-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2971-2" - }, - { - "name" : "USN-2971-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2971-3" - }, - { - "name" : "84428", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84428" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2971-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2971-2" + }, + { + "name": "SUSE-SU-2016:1690", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1318172", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1318172" + }, + { + "name": "USN-2970-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2970-1" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbd40ea0180a2d328c5adc61414dc8bab9335ce2", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbd40ea0180a2d328c5adc61414dc8bab9335ce2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" + }, + { + "name": "USN-2969-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2969-1" + }, + { + "name": "USN-2968-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2968-1" + }, + { + "name": "RHSA-2016:2584", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html" + }, + { + "name": "RHSA-2016:2574", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html" + }, + { + "name": "USN-2971-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2971-3" + }, + { + "name": "USN-2997-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2997-1" + }, + { + "name": "SUSE-SU-2016:1764", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" + }, + { + "name": "DSA-3607", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3607" + }, + { + "name": "USN-2971-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2971-1" + }, + { + "name": "SUSE-SU-2016:1707", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html" + }, + { + "name": "USN-2996-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2996-1" + }, + { + "name": "SUSE-SU-2016:1672", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html" + }, + { + "name": "SUSE-SU-2016:1019", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html" + }, + { + "name": "USN-2968-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2968-2" + }, + { + "name": "openSUSE-SU-2016:1382", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html" + }, + { + "name": "SUSE-SU-2016:2074", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" + }, + { + "name": "84428", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84428" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" + }, + { + "name": "[oss-security] 20160315 CVE request: ipv4: Don't do expensive useless work during inetdev destroy", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/03/15/3" + }, + { + "name": "https://github.com/torvalds/linux/commit/fbd40ea0180a2d328c5adc61414dc8bab9335ce2", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/fbd40ea0180a2d328c5adc61414dc8bab9335ce2" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3216.json b/2016/3xxx/CVE-2016-3216.json index 6aacf1961fc..65c4e4686e2 100644 --- a/2016/3xxx/CVE-2016-3216.json +++ b/2016/3xxx/CVE-2016-3216.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3216", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GDI32.dll in the Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka \"Windows Graphics Component Information Disclosure Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3216", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "39990", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/39990/" - }, - { - "name" : "MS16-074", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-074" - }, - { - "name" : "1036101", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036101" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GDI32.dll in the Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka \"Windows Graphics Component Information Disclosure Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-074", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-074" + }, + { + "name": "39990", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/39990/" + }, + { + "name": "1036101", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036101" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3371.json b/2016/3xxx/CVE-2016-3371.json index a0527425ab4..3b3502806be 100644 --- a/2016/3xxx/CVE-2016-3371.json +++ b/2016/3xxx/CVE-2016-3371.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3371", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 does not properly enforce permissions, which allows local users to obtain sensitive information via a crafted application, aka \"Windows Kernel Elevation of Privilege Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3371", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40429", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40429/" - }, - { - "name" : "MS16-111", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-111" - }, - { - "name" : "92814", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92814" - }, - { - "name" : "1036802", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036802" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 does not properly enforce permissions, which allows local users to obtain sensitive information via a crafted application, aka \"Windows Kernel Elevation of Privilege Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-111", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-111" + }, + { + "name": "1036802", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036802" + }, + { + "name": "92814", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92814" + }, + { + "name": "40429", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40429/" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3997.json b/2016/3xxx/CVE-2016-3997.json index 221819ea769..b2232dcedaa 100644 --- a/2016/3xxx/CVE-2016-3997.json +++ b/2016/3xxx/CVE-2016-3997.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3997", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service by leveraging failure to enable SMB signing enforcement in its default state." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3997", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1006063", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1006063" - }, - { - "name" : "https://kb.netapp.com/support/s/article/ka51A0000008SXzQAM/smb-vulnerabilities-in-multiple-netapp-products", - "refsource" : "CONFIRM", - "url" : "https://kb.netapp.com/support/s/article/ka51A0000008SXzQAM/smb-vulnerabilities-in-multiple-netapp-products" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service by leveraging failure to enable SMB signing enforcement in its default state." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1006063", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1006063" + }, + { + "name": "https://kb.netapp.com/support/s/article/ka51A0000008SXzQAM/smb-vulnerabilities-in-multiple-netapp-products", + "refsource": "CONFIRM", + "url": "https://kb.netapp.com/support/s/article/ka51A0000008SXzQAM/smb-vulnerabilities-in-multiple-netapp-products" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6114.json b/2016/6xxx/CVE-2016-6114.json index 23db6911b92..0eb13efa8b5 100644 --- a/2016/6xxx/CVE-2016-6114.json +++ b/2016/6xxx/CVE-2016-6114.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-07-10T00:00:00", - "ID" : "CVE-2016-6114", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Emptoris Sourcing", - "version" : { - "version_data" : [ - { - "version_value" : " 9.5" - }, - { - "version_value" : "10.0.0" - }, - { - "version_value" : "10.0.1" - }, - { - "version_value" : "10.0.2" - }, - { - "version_value" : "10.0.4" - }, - { - "version_value" : "10.1.0" - }, - { - "version_value" : "10.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118352." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-07-10T00:00:00", + "ID": "CVE-2016-6114", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Emptoris Sourcing", + "version": { + "version_data": [ + { + "version_value": " 9.5" + }, + { + "version_value": "10.0.0" + }, + { + "version_value": "10.0.1" + }, + { + "version_value": "10.0.2" + }, + { + "version_value": "10.0.4" + }, + { + "version_value": "10.1.0" + }, + { + "version_value": "10.1.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/118352", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/118352" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22005549", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22005549" - }, - { - "name" : "99545", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99545" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118352." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22005549", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22005549" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118352", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118352" + }, + { + "name": "99545", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99545" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6225.json b/2016/6xxx/CVE-2016-6225.json index 9ef5e50e8f8..479c40aeb7c 100644 --- a/2016/6xxx/CVE-2016-6225.json +++ b/2016/6xxx/CVE-2016-6225.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6225", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6225", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/percona-xtrabackup/+bug/1643949", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/percona-xtrabackup/+bug/1643949" - }, - { - "name" : "https://github.com/percona/percona-xtrabackup/pull/266", - "refsource" : "CONFIRM", - "url" : "https://github.com/percona/percona-xtrabackup/pull/266" - }, - { - "name" : "https://github.com/percona/percona-xtrabackup/pull/267", - "refsource" : "CONFIRM", - "url" : "https://github.com/percona/percona-xtrabackup/pull/267" - }, - { - "name" : "https://www.percona.com/blog/2017/01/12/cve-2016-6225-percona-xtrabackup-encryption-iv-not-set-properly/", - "refsource" : "CONFIRM", - "url" : "https://www.percona.com/blog/2017/01/12/cve-2016-6225-percona-xtrabackup-encryption-iv-not-set-properly/" - }, - { - "name" : "FEDORA-2017-5a823376be", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBVCP6KLFVGG6HSGLHLTMZRD6C4IJSZP/" - }, - { - "name" : "FEDORA-2017-6382ea8d57", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAHI6ETS22FJCMLW7A6SICFKQXF5G2VI/" - }, - { - "name" : "openSUSE-SU-2017:0250", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2017-01/msg00125.html" - }, - { - "name" : "openSUSE-SU-2017:0251", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2017-01/msg00126.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/percona/percona-xtrabackup/pull/267", + "refsource": "CONFIRM", + "url": "https://github.com/percona/percona-xtrabackup/pull/267" + }, + { + "name": "openSUSE-SU-2017:0251", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00126.html" + }, + { + "name": "openSUSE-SU-2017:0250", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00125.html" + }, + { + "name": "https://bugs.launchpad.net/percona-xtrabackup/+bug/1643949", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/percona-xtrabackup/+bug/1643949" + }, + { + "name": "FEDORA-2017-5a823376be", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBVCP6KLFVGG6HSGLHLTMZRD6C4IJSZP/" + }, + { + "name": "https://github.com/percona/percona-xtrabackup/pull/266", + "refsource": "CONFIRM", + "url": "https://github.com/percona/percona-xtrabackup/pull/266" + }, + { + "name": "FEDORA-2017-6382ea8d57", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAHI6ETS22FJCMLW7A6SICFKQXF5G2VI/" + }, + { + "name": "https://www.percona.com/blog/2017/01/12/cve-2016-6225-percona-xtrabackup-encryption-iv-not-set-properly/", + "refsource": "CONFIRM", + "url": "https://www.percona.com/blog/2017/01/12/cve-2016-6225-percona-xtrabackup-encryption-iv-not-set-properly/" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6432.json b/2016/6xxx/CVE-2016-6432.json index 0ee8e4bfd51..04230a3e464 100644 --- a/2016/6xxx/CVE-2016-6432.json +++ b/2016/6xxx/CVE-2016-6432.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2016-6432", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco ASA Software before 9.6(2.1)", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco ASA Software before 9.6(2.1)" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Identity Firewall feature of Cisco ASA Software before 9.6(2.1) could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to a buffer overflow in the affected code area. An attacker could exploit this vulnerability by sending a crafted NetBIOS packet in response to a NetBIOS probe sent by the ASA software. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or cause a reload of the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed and transparent firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 traffic." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unspecified" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6432", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco ASA Software before 9.6(2.1)", + "version": { + "version_data": [ + { + "version_value": "Cisco ASA Software before 9.6(2.1)" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-asa-idfw", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-asa-idfw" - }, - { - "name" : "93784", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93784" - }, - { - "name" : "1037059", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037059" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Identity Firewall feature of Cisco ASA Software before 9.6(2.1) could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to a buffer overflow in the affected code area. An attacker could exploit this vulnerability by sending a crafted NetBIOS packet in response to a NetBIOS probe sent by the ASA software. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or cause a reload of the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed and transparent firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 traffic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-asa-idfw", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-asa-idfw" + }, + { + "name": "1037059", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037059" + }, + { + "name": "93784", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93784" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7015.json b/2016/7xxx/CVE-2016-7015.json index 39df7257f6d..0979b632a7a 100644 --- a/2016/7xxx/CVE-2016-7015.json +++ b/2016/7xxx/CVE-2016-7015.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7015", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-7015", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" - }, - { - "name" : "93496", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93496" - }, - { - "name" : "1036986", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036986", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036986" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" + }, + { + "name": "93496", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93496" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7129.json b/2016/7xxx/CVE-2016-7129.json index bdb8dec9ac2..929a1c58cd3 100644 --- a/2016/7xxx/CVE-2016-7129.json +++ b/2016/7xxx/CVE-2016-7129.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7129", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deserialize call that mishandles a dateTime element in a wddxPacket XML document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7129", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160902 Re: CVE assignment for PHP 5.6.25 and 7.0.10 - and libcurl", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2016/09/02/9" - }, - { - "name" : "http://www.php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php" - }, - { - "name" : "http://www.php.net/ChangeLog-7.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-7.php" - }, - { - "name" : "https://bugs.php.net/bug.php?id=72749", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=72749" - }, - { - "name" : "https://github.com/php/php-src/commit/426aeb2808955ee3d3f52e0cfb102834cdb836a5?w=1", - "refsource" : "CONFIRM", - "url" : "https://github.com/php/php-src/commit/426aeb2808955ee3d3f52e0cfb102834cdb836a5?w=1" - }, - { - "name" : "https://www.tenable.com/security/tns-2016-19", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2016-19" - }, - { - "name" : "GLSA-201611-22", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201611-22" - }, - { - "name" : "RHSA-2016:2750", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2750.html" - }, - { - "name" : "92758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92758" - }, - { - "name" : "1036680", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036680" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deserialize call that mishandles a dateTime element in a wddxPacket XML document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.php.net/ChangeLog-7.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-7.php" + }, + { + "name": "GLSA-201611-22", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201611-22" + }, + { + "name": "https://github.com/php/php-src/commit/426aeb2808955ee3d3f52e0cfb102834cdb836a5?w=1", + "refsource": "CONFIRM", + "url": "https://github.com/php/php-src/commit/426aeb2808955ee3d3f52e0cfb102834cdb836a5?w=1" + }, + { + "name": "1036680", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036680" + }, + { + "name": "RHSA-2016:2750", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html" + }, + { + "name": "http://www.php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php" + }, + { + "name": "https://www.tenable.com/security/tns-2016-19", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-19" + }, + { + "name": "[oss-security] 20160902 Re: CVE assignment for PHP 5.6.25 and 7.0.10 - and libcurl", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2016/09/02/9" + }, + { + "name": "https://bugs.php.net/bug.php?id=72749", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=72749" + }, + { + "name": "92758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92758" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7570.json b/2016/7xxx/CVE-2016-7570.json index 348aeb95d77..36131e60816 100644 --- a/2016/7xxx/CVE-2016-7570.json +++ b/2016/7xxx/CVE-2016-7570.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7570", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Drupal 8.x before 8.1.10 does not properly check for \"Administer comments\" permission, which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging rights to edit those nodes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7570", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.drupal.org/SA-CORE-2016-004", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/SA-CORE-2016-004" - }, - { - "name" : "93101", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93101" - }, - { - "name" : "1036886", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036886" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Drupal 8.x before 8.1.10 does not properly check for \"Administer comments\" permission, which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging rights to edit those nodes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/SA-CORE-2016-004", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/SA-CORE-2016-004" + }, + { + "name": "93101", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93101" + }, + { + "name": "1036886", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036886" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8391.json b/2016/8xxx/CVE-2016-8391.json index f78fe16ec79..4aeb083cba8 100644 --- a/2016/8xxx/CVE-2016-8391.json +++ b/2016/8xxx/CVE-2016-8391.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-8391", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - }, - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31253255. References: QC-CR#1072166." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-8391", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + }, + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2016-12-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2016-12-01.html" - }, - { - "name" : "94681", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94681" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31253255. References: QC-CR#1072166." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2016-12-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2016-12-01.html" + }, + { + "name": "94681", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94681" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8499.json b/2016/8xxx/CVE-2016-8499.json index 0248424a811..09c227e881e 100644 --- a/2016/8xxx/CVE-2016-8499.json +++ b/2016/8xxx/CVE-2016-8499.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8499", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8499", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8695.json b/2016/8xxx/CVE-2016-8695.json index 8fe3056c219..438c4a83cf3 100644 --- a/2016/8xxx/CVE-2016-8695.json +++ b/2016/8xxx/CVE-2016-8695.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8695", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted BMP image, a different vulnerability than CVE-2016-8694 and CVE-2016-8696." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8695", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160818 potrace: multiple crashes", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/08/18/11" - }, - { - "name" : "[oss-security] 20161015 Re: potrace: multiple crashes", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/16/12" - }, - { - "name" : "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/" - }, - { - "name" : "http://potrace.sourceforge.net/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://potrace.sourceforge.net/ChangeLog" - }, - { - "name" : "93778", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93778" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted BMP image, a different vulnerability than CVE-2016-8694 and CVE-2016-8696." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93778", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93778" + }, + { + "name": "[oss-security] 20161015 Re: potrace: multiple crashes", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/16/12" + }, + { + "name": "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/" + }, + { + "name": "[oss-security] 20160818 potrace: multiple crashes", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/08/18/11" + }, + { + "name": "http://potrace.sourceforge.net/ChangeLog", + "refsource": "CONFIRM", + "url": "http://potrace.sourceforge.net/ChangeLog" + } + ] + } +} \ No newline at end of file