From 2b9a6feca956b8207583a5cb3f7fd722d4de91d6 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:01:04 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0201.json | 170 +++++++++++----------- 2006/0xxx/CVE-2006-0730.json | 160 ++++++++++----------- 2006/0xxx/CVE-2006-0844.json | 160 ++++++++++----------- 2006/0xxx/CVE-2006-0880.json | 170 +++++++++++----------- 2006/1xxx/CVE-2006-1232.json | 210 +++++++++++++-------------- 2006/3xxx/CVE-2006-3345.json | 130 ++++++++--------- 2006/3xxx/CVE-2006-3800.json | 170 +++++++++++----------- 2006/4xxx/CVE-2006-4108.json | 160 ++++++++++----------- 2006/4xxx/CVE-2006-4378.json | 160 ++++++++++----------- 2006/4xxx/CVE-2006-4809.json | 270 +++++++++++++++++------------------ 2010/2xxx/CVE-2010-2213.json | 230 ++++++++++++++--------------- 2010/2xxx/CVE-2010-2280.json | 140 +++++++++--------- 2010/2xxx/CVE-2010-2801.json | 230 ++++++++++++++--------------- 2010/2xxx/CVE-2010-2879.json | 170 +++++++++++----------- 2010/3xxx/CVE-2010-3086.json | 230 ++++++++++++++--------------- 2010/3xxx/CVE-2010-3232.json | 140 +++++++++--------- 2010/3xxx/CVE-2010-3352.json | 34 ++--- 2010/3xxx/CVE-2010-3999.json | 220 ++++++++++++++-------------- 2010/4xxx/CVE-2010-4428.json | 180 +++++++++++------------ 2010/4xxx/CVE-2010-4741.json | 160 ++++++++++----------- 2010/4xxx/CVE-2010-4827.json | 150 +++++++++---------- 2011/1xxx/CVE-2011-1397.json | 170 +++++++++++----------- 2011/5xxx/CVE-2011-5181.json | 160 ++++++++++----------- 2014/3xxx/CVE-2014-3086.json | 240 +++++++++++++++---------------- 2014/3xxx/CVE-2014-3400.json | 120 ++++++++-------- 2014/3xxx/CVE-2014-3812.json | 120 ++++++++-------- 2014/7xxx/CVE-2014-7260.json | 140 +++++++++--------- 2014/7xxx/CVE-2014-7845.json | 150 +++++++++---------- 2014/8xxx/CVE-2014-8263.json | 34 ++--- 2014/8xxx/CVE-2014-8368.json | 140 +++++++++--------- 2014/8xxx/CVE-2014-8518.json | 120 ++++++++-------- 2014/8xxx/CVE-2014-8568.json | 34 ++--- 2014/9xxx/CVE-2014-9081.json | 34 ++--- 2014/9xxx/CVE-2014-9348.json | 140 +++++++++--------- 2014/9xxx/CVE-2014-9645.json | 190 ++++++++++++------------ 2014/9xxx/CVE-2014-9730.json | 220 ++++++++++++++-------------- 2014/9xxx/CVE-2014-9884.json | 140 +++++++++--------- 2016/2xxx/CVE-2016-2196.json | 130 ++++++++--------- 2016/2xxx/CVE-2016-2573.json | 34 ++--- 2016/2xxx/CVE-2016-2917.json | 130 ++++++++--------- 2016/6xxx/CVE-2016-6298.json | 160 ++++++++++----------- 2016/6xxx/CVE-2016-6355.json | 140 +++++++++--------- 2016/6xxx/CVE-2016-6599.json | 150 +++++++++---------- 2016/6xxx/CVE-2016-6732.json | 130 ++++++++--------- 2016/6xxx/CVE-2016-6911.json | 160 ++++++++++----------- 2016/7xxx/CVE-2016-7652.json | 180 +++++++++++------------ 2017/5xxx/CVE-2017-5626.json | 120 ++++++++-------- 2017/5xxx/CVE-2017-5860.json | 34 ++--- 2017/5xxx/CVE-2017-5884.json | 180 +++++++++++------------ 49 files changed, 3672 insertions(+), 3672 deletions(-) diff --git a/2006/0xxx/CVE-2006-0201.json b/2006/0xxx/CVE-2006-0201.json index df678fee747..079164725c4 100644 --- a/2006/0xxx/CVE-2006-0201.json +++ b/2006/0xxx/CVE-2006-0201.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0201", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST requests to ipn_success.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0201", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060112 Multiple PHP Toolkit for PayPal Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/421739" - }, - { - "name" : "http://www.uinc.ru/articles/vuln/ptpaypal050.shtml", - "refsource" : "MISC", - "url" : "http://www.uinc.ru/articles/vuln/ptpaypal050.shtml" - }, - { - "name" : "16218", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16218" - }, - { - "name" : "ADV-2006-0183", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0183" - }, - { - "name" : "22378", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22378" - }, - { - "name" : "18444", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18444" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST requests to ipn_success.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.uinc.ru/articles/vuln/ptpaypal050.shtml", + "refsource": "MISC", + "url": "http://www.uinc.ru/articles/vuln/ptpaypal050.shtml" + }, + { + "name": "18444", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18444" + }, + { + "name": "ADV-2006-0183", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0183" + }, + { + "name": "22378", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22378" + }, + { + "name": "16218", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16218" + }, + { + "name": "20060112 Multiple PHP Toolkit for PayPal Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/421739" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0730.json b/2006/0xxx/CVE-2006-0730.json index 9b49d0bbec0..6366791270b 100644 --- a/2006/0xxx/CVE-2006-0730.json +++ b/2006/0xxx/CVE-2006-0730.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0730", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) \"potential hangs\" in the APPEND command and \"potential crashes\" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0730", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Dovecot] 20060208 1.0beta3 released", - "refsource" : "MLIST", - "url" : "http://www.dovecot.org/list/dovecot/2006-February/011367.html" - }, - { - "name" : "16672", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16672" - }, - { - "name" : "ADV-2006-0549", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0549" - }, - { - "name" : "18870", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18870" - }, - { - "name" : "dovecot-append-dos(24709)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24709" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) \"potential hangs\" in the APPEND command and \"potential crashes\" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18870", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18870" + }, + { + "name": "dovecot-append-dos(24709)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24709" + }, + { + "name": "ADV-2006-0549", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0549" + }, + { + "name": "[Dovecot] 20060208 1.0beta3 released", + "refsource": "MLIST", + "url": "http://www.dovecot.org/list/dovecot/2006-February/011367.html" + }, + { + "name": "16672", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16672" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0844.json b/2006/0xxx/CVE-2006-0844.json index 499a47e028c..661c0f37873 100644 --- a/2006/0xxx/CVE-2006-0844.json +++ b/2006/0xxx/CVE-2006-0844.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0844", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Leif M. Wright's Blog 3.5 does not make a password comparison when authenticating an administrator via a cookie, which allows remote attackers to bypass login authentication, probably by setting the blogAdmin cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0844", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.evuln.com/vulns/82/summary.html", - "refsource" : "MISC", - "url" : "http://www.evuln.com/vulns/82/summary.html" - }, - { - "name" : "16714", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16714" - }, - { - "name" : "18923", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18923" - }, - { - "name" : "522", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/522" - }, - { - "name" : "webblog-cookie-auth-bypass(24755)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Leif M. Wright's Blog 3.5 does not make a password comparison when authenticating an administrator via a cookie, which allows remote attackers to bypass login authentication, probably by setting the blogAdmin cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "webblog-cookie-auth-bypass(24755)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24755" + }, + { + "name": "http://www.evuln.com/vulns/82/summary.html", + "refsource": "MISC", + "url": "http://www.evuln.com/vulns/82/summary.html" + }, + { + "name": "16714", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16714" + }, + { + "name": "18923", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18923" + }, + { + "name": "522", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/522" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0880.json b/2006/0xxx/CVE-2006-0880.json index 41aad55a5d1..1b4f691b4e7 100644 --- a/2006/0xxx/CVE-2006-0880.json +++ b/2006/0xxx/CVE-2006-0880.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0880", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.php in Noah's Classifieds 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) inf parameter; or, when register_globals is enabled, the (2) upperTemplate and (3) lowerTemplate parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0880", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060222 [KAPDA::#29]Noah's classifieds multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/425783/100/0/threaded" - }, - { - "name" : "http://www.kapda.ir/advisory-268.html", - "refsource" : "MISC", - "url" : "http://www.kapda.ir/advisory-268.html" - }, - { - "name" : "16772", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16772" - }, - { - "name" : "ADV-2006-0703", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0703" - }, - { - "name" : "1015667", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015667" - }, - { - "name" : "noahs-indexphp-xss(24895)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24895" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in Noah's Classifieds 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) inf parameter; or, when register_globals is enabled, the (2) upperTemplate and (3) lowerTemplate parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "noahs-indexphp-xss(24895)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24895" + }, + { + "name": "20060222 [KAPDA::#29]Noah's classifieds multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/425783/100/0/threaded" + }, + { + "name": "1015667", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015667" + }, + { + "name": "16772", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16772" + }, + { + "name": "http://www.kapda.ir/advisory-268.html", + "refsource": "MISC", + "url": "http://www.kapda.ir/advisory-268.html" + }, + { + "name": "ADV-2006-0703", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0703" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1232.json b/2006/1xxx/CVE-2006-1232.json index 25b194e3bec..167d99e4bd7 100644 --- a/2006/1xxx/CVE-2006-1232.json +++ b/2006/1xxx/CVE-2006-1232.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1232", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in DSDownload 1.0, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) key and (2) category parameters to (a) search.php and (b) downloads.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1232", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060325 [eVuln] DSDownload Multiple SQL Injection Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/428808/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/99/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/99/summary.html" - }, - { - "name" : "17116", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17116" - }, - { - "name" : "ADV-2006-0934", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0934" - }, - { - "name" : "23886", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23886" - }, - { - "name" : "23887", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23887" - }, - { - "name" : "1015755", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015755" - }, - { - "name" : "19202", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19202" - }, - { - "name" : "626", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/626" - }, - { - "name" : "dsdownload-multiple-sql-injection(25193)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25193" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in DSDownload 1.0, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) key and (2) category parameters to (a) search.php and (b) downloads.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23886", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23886" + }, + { + "name": "1015755", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015755" + }, + { + "name": "dsdownload-multiple-sql-injection(25193)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25193" + }, + { + "name": "http://evuln.com/vulns/99/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/99/summary.html" + }, + { + "name": "17116", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17116" + }, + { + "name": "19202", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19202" + }, + { + "name": "23887", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23887" + }, + { + "name": "626", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/626" + }, + { + "name": "ADV-2006-0934", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0934" + }, + { + "name": "20060325 [eVuln] DSDownload Multiple SQL Injection Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/428808/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3345.json b/2006/3xxx/CVE-2006-3345.json index c0ab453330b..adab9e34bbf 100644 --- a/2006/3xxx/CVE-2006-3345.json +++ b/2006/3xxx/CVE-2006-3345.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3345", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in AliPAGER, possibly 1.5 and earlier, allows remote attackers to inject arbitrary web script or HTML via a chat line." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3345", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060613 alipager xss attack", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437508/100/200/threaded" - }, - { - "name" : "alipager-chat-xss(27269)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27269" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in AliPAGER, possibly 1.5 and earlier, allows remote attackers to inject arbitrary web script or HTML via a chat line." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "alipager-chat-xss(27269)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27269" + }, + { + "name": "20060613 alipager xss attack", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437508/100/200/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3800.json b/2006/3xxx/CVE-2006-3800.json index 940e1aced80..01146fe919b 100644 --- a/2006/3xxx/CVE-2006-3800.json +++ b/2006/3xxx/CVE-2006-3800.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3800", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Amazing Flash AFCommerce Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the \"new review\" text box." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3800", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060719 AFCommerce Shopping Cart", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440589/100/0/threaded" - }, - { - "name" : "20060720 Re: AFCommerce Shopping Cart", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440848/100/100/threaded" - }, - { - "name" : "19074", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19074" - }, - { - "name" : "1016538", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016538" - }, - { - "name" : "1255", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1255" - }, - { - "name" : "afcommerce-newreview-xss(27847)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27847" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Amazing Flash AFCommerce Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the \"new review\" text box." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "afcommerce-newreview-xss(27847)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27847" + }, + { + "name": "19074", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19074" + }, + { + "name": "20060720 Re: AFCommerce Shopping Cart", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440848/100/100/threaded" + }, + { + "name": "1255", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1255" + }, + { + "name": "1016538", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016538" + }, + { + "name": "20060719 AFCommerce Shopping Cart", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440589/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4108.json b/2006/4xxx/CVE-2006-4108.json index 81a594f4668..876565c7417 100644 --- a/2006/4xxx/CVE-2006-4108.json +++ b/2006/4xxx/CVE-2006-4108.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4108", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4108", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/77756", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/77756" - }, - { - "name" : "19441", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19441" - }, - { - "name" : "ADV-2006-3227", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3227" - }, - { - "name" : "21435", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21435" - }, - { - "name" : "bibliography-unspecified-sql-injection(28296)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28296" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21435", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21435" + }, + { + "name": "ADV-2006-3227", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3227" + }, + { + "name": "http://drupal.org/node/77756", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/77756" + }, + { + "name": "19441", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19441" + }, + { + "name": "bibliography-unspecified-sql-injection(28296)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28296" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4378.json b/2006/4xxx/CVE-2006-4378.json index 188093bff18..d5d281031d0 100644 --- a/2006/4xxx/CVE-2006-4378.json +++ b/2006/4xxx/CVE-2006-4378.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4378", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in the Rssxt component for Joomla! (com_rssxt), possibly 2.0 Beta 1 or 1.0 and earlier, allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) pinger.php, (2) RPC.php, or (3) rssxt.php. NOTE: another researcher has disputed this issue, saying that the attacker can not control this parameter. In addition, as of 20060825, the original researcher has appeared to be unreliable with some other past reports. CVE has not performed any followup analysis with respect to this issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4378", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060818 Joomla Rssxt <= 1.0 Remote File Include Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/443628/100/100/threaded" - }, - { - "name" : "20060818 Re: Joomla Rssxt <= 1.0 Remote File Include Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444058/100/100/threaded" - }, - { - "name" : "19593", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19593" - }, - { - "name" : "28096", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28096" - }, - { - "name" : "1456", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1456" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in the Rssxt component for Joomla! (com_rssxt), possibly 2.0 Beta 1 or 1.0 and earlier, allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) pinger.php, (2) RPC.php, or (3) rssxt.php. NOTE: another researcher has disputed this issue, saying that the attacker can not control this parameter. In addition, as of 20060825, the original researcher has appeared to be unreliable with some other past reports. CVE has not performed any followup analysis with respect to this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19593", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19593" + }, + { + "name": "28096", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28096" + }, + { + "name": "20060818 Joomla Rssxt <= 1.0 Remote File Include Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/443628/100/100/threaded" + }, + { + "name": "1456", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1456" + }, + { + "name": "20060818 Re: Joomla Rssxt <= 1.0 Remote File Include Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444058/100/100/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4809.json b/2006/4xxx/CVE-2006-4809.json index c2fba96a714..5bd0ba03731 100644 --- a/2006/4xxx/CVE-2006-4809.json +++ b/2006/4xxx/CVE-2006-4809.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4809", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in loader_pnm.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-4809", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.discontinuity.info/~rowan/pocs/libimlib2_pocs-1.2.0-2.2.tar.gz", - "refsource" : "MISC", - "url" : "http://www.discontinuity.info/~rowan/pocs/libimlib2_pocs-1.2.0-2.2.tar.gz" - }, - { - "name" : "GLSA-200612-20", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200612-20.xml" - }, - { - "name" : "MDKSA-2006:198", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:198" - }, - { - "name" : "MDKSA-2007:156", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:156" - }, - { - "name" : "SUSE-SR:2006:026", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_26_sr.html" - }, - { - "name" : "USN-376-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-376-1" - }, - { - "name" : "USN-376-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-376-2" - }, - { - "name" : "20903", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20903" - }, - { - "name" : "ADV-2006-4349", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4349" - }, - { - "name" : "30104", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30104" - }, - { - "name" : "22732", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22732" - }, - { - "name" : "22744", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22744" - }, - { - "name" : "22752", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22752" - }, - { - "name" : "23441", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23441" - }, - { - "name" : "22932", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22932" - }, - { - "name" : "imlib2-loaderpnmc-bo(30070)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30070" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in loader_pnm.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22932", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22932" + }, + { + "name": "MDKSA-2007:156", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:156" + }, + { + "name": "22752", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22752" + }, + { + "name": "imlib2-loaderpnmc-bo(30070)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30070" + }, + { + "name": "MDKSA-2006:198", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:198" + }, + { + "name": "30104", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30104" + }, + { + "name": "SUSE-SR:2006:026", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_26_sr.html" + }, + { + "name": "20903", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20903" + }, + { + "name": "http://www.discontinuity.info/~rowan/pocs/libimlib2_pocs-1.2.0-2.2.tar.gz", + "refsource": "MISC", + "url": "http://www.discontinuity.info/~rowan/pocs/libimlib2_pocs-1.2.0-2.2.tar.gz" + }, + { + "name": "USN-376-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-376-2" + }, + { + "name": "GLSA-200612-20", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200612-20.xml" + }, + { + "name": "ADV-2006-4349", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4349" + }, + { + "name": "23441", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23441" + }, + { + "name": "22732", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22732" + }, + { + "name": "22744", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22744" + }, + { + "name": "USN-376-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-376-1" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2213.json b/2010/2xxx/CVE-2010-2213.json index 6b849b7547f..460ac42a7d7 100644 --- a/2010/2xxx/CVE-2010-2213.json +++ b/2010/2xxx/CVE-2010-2213.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2213", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2214, and CVE-2010-2216." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-2213", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-16.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-16.html" - }, - { - "name" : "http://support.apple.com/kb/HT4435", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4435" - }, - { - "name" : "APPLE-SA-2010-11-10-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" - }, - { - "name" : "GLSA-201101-09", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201101-09.xml" - }, - { - "name" : "HPSBMA02592", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=128767780602751&w=2" - }, - { - "name" : "SSRT100300", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=128767780602751&w=2" - }, - { - "name" : "42364", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42364" - }, - { - "name" : "oval:org.mitre.oval:def:10983", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10983" - }, - { - "name" : "oval:org.mitre.oval:def:16020", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16020" - }, - { - "name" : "1024621", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024621" - }, - { - "name" : "43026", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43026" - }, - { - "name" : "ADV-2011-0192", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0192" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2214, and CVE-2010-2216." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0192", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0192" + }, + { + "name": "http://support.apple.com/kb/HT4435", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4435" + }, + { + "name": "HPSBMA02592", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=128767780602751&w=2" + }, + { + "name": "1024621", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024621" + }, + { + "name": "43026", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43026" + }, + { + "name": "GLSA-201101-09", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml" + }, + { + "name": "APPLE-SA-2010-11-10-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" + }, + { + "name": "42364", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42364" + }, + { + "name": "SSRT100300", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=128767780602751&w=2" + }, + { + "name": "oval:org.mitre.oval:def:10983", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10983" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-16.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-16.html" + }, + { + "name": "oval:org.mitre.oval:def:16020", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16020" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2280.json b/2010/2xxx/CVE-2010-2280.json index f5a524aac1e..8c7d71b2b96 100644 --- a/2010/2xxx/CVE-2010-2280.json +++ b/2010/2xxx/CVE-2010-2280.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2280", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in the Mobile component in IBM Lotus Connections 2.5.x before 2.5.0.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, related to \"mobile edit actions,\" aka SPR ASRE83PPVH." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2280", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21431472", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21431472" - }, - { - "name" : "40007", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40007" - }, - { - "name" : "ADV-2010-1281", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1281" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in the Mobile component in IBM Lotus Connections 2.5.x before 2.5.0.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, related to \"mobile edit actions,\" aka SPR ASRE83PPVH." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-1281", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1281" + }, + { + "name": "40007", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40007" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2801.json b/2010/2xxx/CVE-2010-2801.json index 04a4de7abdb..9198110e70d 100644 --- a/2010/2xxx/CVE-2010-2801.json +++ b/2010/2xxx/CVE-2010-2801.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2801", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Quantum archive in a .cab file, related to the libmspack library." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2801", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100802 CVE Request [two ids] -- cabextract -- 1, Infinite loop in MS-ZIP and Quantum decoders (minor) 2, Integer wrap-around (crash) by processing certain *.cab files in test archive mode", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=128076168623266&w=2" - }, - { - "name" : "[oss-security] 20100802 Re: CVE Request [two ids] -- cabextract -- 1, Infinite loop in MS-ZIP and Quantum decoders (minor) 2, Integer wrap-around (crash) by processing certain *.cab files in test archive mode", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=128077976522470&w=2" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=329891", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=329891" - }, - { - "name" : "http://libmspack.svn.sourceforge.net/viewvc/libmspack/libmspack/trunk/mspack/qtmd.c?r1=114&r2=113", - "refsource" : "CONFIRM", - "url" : "http://libmspack.svn.sourceforge.net/viewvc/libmspack/libmspack/trunk/mspack/qtmd.c?r1=114&r2=113" - }, - { - "name" : "http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=118", - "refsource" : "CONFIRM", - "url" : "http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=118" - }, - { - "name" : "http://www.cabextract.org.uk/#changes", - "refsource" : "CONFIRM", - "url" : "http://www.cabextract.org.uk/#changes" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=620454", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=620454" - }, - { - "name" : "DSA-2087", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2087" - }, - { - "name" : "42173", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42173" - }, - { - "name" : "ADV-2010-1903", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1903" - }, - { - "name" : "ADV-2010-1997", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1997" - }, - { - "name" : "cabextract-archive-code-execution(60891)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60891" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Quantum archive in a .cab file, related to the libmspack library." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-1903", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1903" + }, + { + "name": "http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=118", + "refsource": "CONFIRM", + "url": "http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=118" + }, + { + "name": "[oss-security] 20100802 CVE Request [two ids] -- cabextract -- 1, Infinite loop in MS-ZIP and Quantum decoders (minor) 2, Integer wrap-around (crash) by processing certain *.cab files in test archive mode", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=128076168623266&w=2" + }, + { + "name": "http://libmspack.svn.sourceforge.net/viewvc/libmspack/libmspack/trunk/mspack/qtmd.c?r1=114&r2=113", + "refsource": "CONFIRM", + "url": "http://libmspack.svn.sourceforge.net/viewvc/libmspack/libmspack/trunk/mspack/qtmd.c?r1=114&r2=113" + }, + { + "name": "[oss-security] 20100802 Re: CVE Request [two ids] -- cabextract -- 1, Infinite loop in MS-ZIP and Quantum decoders (minor) 2, Integer wrap-around (crash) by processing certain *.cab files in test archive mode", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=128077976522470&w=2" + }, + { + "name": "http://www.cabextract.org.uk/#changes", + "refsource": "CONFIRM", + "url": "http://www.cabextract.org.uk/#changes" + }, + { + "name": "DSA-2087", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2087" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=329891", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=329891" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=620454", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620454" + }, + { + "name": "ADV-2010-1997", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1997" + }, + { + "name": "cabextract-archive-code-execution(60891)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60891" + }, + { + "name": "42173", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42173" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2879.json b/2010/2xxx/CVE-2010-2879.json index b77f4c2d08f..71a1f47aeb6 100644 --- a/2010/2xxx/CVE-2010-2879.json +++ b/2010/2xxx/CVE-2010-2879.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2879", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in the allocator in the TextXtra.x32 module in Adobe Shockwave Player before 11.5.8.612 allow remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted (1) element count or (2) element size value in a file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-2879", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100824 TPTI-10-12: Adobe Shockwave TextXtra Allocator Integer Overflow Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/513300/100/0/threaded" - }, - { - "name" : "http://dvlabs.tippingpoint.com/advisory/TPTI-10-12", - "refsource" : "MISC", - "url" : "http://dvlabs.tippingpoint.com/advisory/TPTI-10-12" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-20.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-20.html" - }, - { - "name" : "oval:org.mitre.oval:def:11998", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11998" - }, - { - "name" : "1024361", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024361" - }, - { - "name" : "ADV-2010-2176", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2176" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in the allocator in the TextXtra.x32 module in Adobe Shockwave Player before 11.5.8.612 allow remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted (1) element count or (2) element size value in a file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024361", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024361" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-20.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html" + }, + { + "name": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-12", + "refsource": "MISC", + "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-12" + }, + { + "name": "20100824 TPTI-10-12: Adobe Shockwave TextXtra Allocator Integer Overflow Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/513300/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:11998", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11998" + }, + { + "name": "ADV-2010-2176", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2176" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3086.json b/2010/3xxx/CVE-2010-3086.json index c4e426f0935..d52b0b3c99b 100644 --- a/2010/3xxx/CVE-2010-3086.json +++ b/2010/3xxx/CVE-2010-3086.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3086", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "include/asm-x86/futex.h in the Linux kernel before 2.6.25 does not properly implement exception fixup, which allows local users to cause a denial of service (panic) via an invalid application that triggers a page fault." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3086", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/520102/100/0/threaded" - }, - { - "name" : "[oss-security] 20101110 CVE-2010-3086 kernel panic via futex", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=128935856605589&w=2" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9d55b9923a1b7ea8193b8875c57ec940dc2ff027", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9d55b9923a1b7ea8193b8875c57ec940dc2ff027" - }, - { - "name" : "http://kerneltrap.org/mailarchive/linux-kernel/2008/2/6/752194/thread", - "refsource" : "CONFIRM", - "url" : "http://kerneltrap.org/mailarchive/linux-kernel/2008/2/6/752194/thread" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=429412", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=429412" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=633170", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=633170" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" - }, - { - "name" : "RHSA-2010:0839", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0839.html" - }, - { - "name" : "SUSE-SA:2010:060", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html" - }, - { - "name" : "1024709", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024709" - }, - { - "name" : "46397", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46397" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "include/asm-x86/futex.h in the Linux kernel before 2.6.25 does not properly implement exception fixup, which allows local users to cause a denial of service (panic) via an invalid application that triggers a page fault." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=633170", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=633170" + }, + { + "name": "1024709", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024709" + }, + { + "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded" + }, + { + "name": "46397", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46397" + }, + { + "name": "http://kerneltrap.org/mailarchive/linux-kernel/2008/2/6/752194/thread", + "refsource": "CONFIRM", + "url": "http://kerneltrap.org/mailarchive/linux-kernel/2008/2/6/752194/thread" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=429412", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=429412" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9d55b9923a1b7ea8193b8875c57ec940dc2ff027", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9d55b9923a1b7ea8193b8875c57ec940dc2ff027" + }, + { + "name": "SUSE-SA:2010:060", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html" + }, + { + "name": "RHSA-2010:0839", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0839.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25" + }, + { + "name": "[oss-security] 20101110 CVE-2010-3086 kernel panic via futex", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=128935856605589&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3232.json b/2010/3xxx/CVE-2010-3232.json index 6103cdeb6ba..133499c5fbb 100644 --- a/2010/3xxx/CVE-2010-3232.json +++ b/2010/3xxx/CVE-2010-3232.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3232", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Excel 2003 SP3 and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka \"Excel File Format Parsing Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-3232", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-080", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-080" - }, - { - "name" : "TA10-285A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-285A.html" - }, - { - "name" : "oval:org.mitre.oval:def:7575", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7575" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Excel 2003 SP3 and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka \"Excel File Format Parsing Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:7575", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7575" + }, + { + "name": "MS10-080", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-080" + }, + { + "name": "TA10-285A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-285A.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3352.json b/2010/3xxx/CVE-2010-3352.json index 1c890ae15f2..83881af4d1d 100644 --- a/2010/3xxx/CVE-2010-3352.json +++ b/2010/3xxx/CVE-2010-3352.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3352", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3352", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3999.json b/2010/3xxx/CVE-2010-3999.json index 2953aad9cf4..acc995a150c 100644 --- a/2010/3xxx/CVE-2010-3999.json +++ b/2010/3xxx/CVE-2010-3999.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3999", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3999", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=644933", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=644933" - }, - { - "name" : "FEDORA-2010-16605", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050177.html" - }, - { - "name" : "FEDORA-2010-16622", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050164.html" - }, - { - "name" : "FEDORA-2010-16762", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050269.html" - }, - { - "name" : "MDVSA-2010:241", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:241" - }, - { - "name" : "44563", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44563" - }, - { - "name" : "42048", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42048" - }, - { - "name" : "42054", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42054" - }, - { - "name" : "ADV-2010-2898", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2898" - }, - { - "name" : "ADV-2010-2848", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2848" - }, - { - "name" : "ADV-2010-3060", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3060" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2010-16762", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050269.html" + }, + { + "name": "ADV-2010-2898", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2898" + }, + { + "name": "42054", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42054" + }, + { + "name": "ADV-2010-3060", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3060" + }, + { + "name": "FEDORA-2010-16622", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050164.html" + }, + { + "name": "MDVSA-2010:241", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:241" + }, + { + "name": "ADV-2010-2848", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2848" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=644933", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=644933" + }, + { + "name": "42048", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42048" + }, + { + "name": "FEDORA-2010-16605", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050177.html" + }, + { + "name": "44563", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44563" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4428.json b/2010/4xxx/CVE-2010-4428.json index 7020f2685c3..5f5d6a29965 100644 --- a/2010/4xxx/CVE-2010-4428.json +++ b/2010/4xxx/CVE-2010-4428.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4428", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft and JDEdwards Suite 9.0 Update 2010-F allows remote authenticated users to affect confidentiality via unknown vectors related to Absence Management." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-4428", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" - }, - { - "name" : "45873", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45873" - }, - { - "name" : "70562", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70562" - }, - { - "name" : "1024978", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024978" - }, - { - "name" : "42982", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42982" - }, - { - "name" : "ADV-2011-0147", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0147" - }, - { - "name" : "peoplesoft-absence-info-disclosure(64791)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64791" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft and JDEdwards Suite 9.0 Update 2010-F allows remote authenticated users to affect confidentiality via unknown vectors related to Absence Management." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0147", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0147" + }, + { + "name": "1024978", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024978" + }, + { + "name": "45873", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45873" + }, + { + "name": "peoplesoft-absence-info-disclosure(64791)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64791" + }, + { + "name": "42982", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42982" + }, + { + "name": "70562", + "refsource": "OSVDB", + "url": "http://osvdb.org/70562" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4741.json b/2010/4xxx/CVE-2010-4741.json index 19c1234b891..55c30a34d67 100644 --- a/2010/4xxx/CVE-2010-4741.json +++ b/2010/4xxx/CVE-2010-4741.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4741", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in MDMUtil.dll in MDMTool.exe in MDM Tool before 2.3 in Moxa Device Manager allows remote MDM Gateways to execute arbitrary code via crafted data in a session on TCP port 54321." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4741", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://reversemode.com/index.php?option=com_content&task=view&id=70&Itemid=1", - "refsource" : "MISC", - "url" : "http://reversemode.com/index.php?option=com_content&task=view&id=70&Itemid=1" - }, - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-10-301-01A.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-10-301-01A.pdf" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/MORO-8D9JX8", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/MORO-8D9JX8" - }, - { - "name" : "http://www.moxa.com/support/download.aspx?d_id=2669", - "refsource" : "CONFIRM", - "url" : "http://www.moxa.com/support/download.aspx?d_id=2669" - }, - { - "name" : "VU#237495", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/237495" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in MDMUtil.dll in MDMTool.exe in MDM Tool before 2.3 in Moxa Device Manager allows remote MDM Gateways to execute arbitrary code via crafted data in a session on TCP port 54321." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-301-01A.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-301-01A.pdf" + }, + { + "name": "http://reversemode.com/index.php?option=com_content&task=view&id=70&Itemid=1", + "refsource": "MISC", + "url": "http://reversemode.com/index.php?option=com_content&task=view&id=70&Itemid=1" + }, + { + "name": "VU#237495", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/237495" + }, + { + "name": "http://www.moxa.com/support/download.aspx?d_id=2669", + "refsource": "CONFIRM", + "url": "http://www.moxa.com/support/download.aspx?d_id=2669" + }, + { + "name": "http://www.kb.cert.org/vuls/id/MORO-8D9JX8", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/MORO-8D9JX8" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4827.json b/2010/4xxx/CVE-2010-4827.json index 8c24c0a66f3..cded678a4bb 100644 --- a/2010/4xxx/CVE-2010-4827.json +++ b/2010/4xxx/CVE-2010-4827.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4827", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in members.asp in Snitz Forums 2000 3.4.07 allows remote attackers to inject arbitrary web script or HTML via the M_NAME parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4827", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://forum.snitz.com/forum/topic.asp?TOPIC_ID=69770", - "refsource" : "CONFIRM", - "url" : "http://forum.snitz.com/forum/topic.asp?TOPIC_ID=69770" - }, - { - "name" : "45381", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45381" - }, - { - "name" : "69793", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/69793" - }, - { - "name" : "42308", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42308" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in members.asp in Snitz Forums 2000 3.4.07 allows remote attackers to inject arbitrary web script or HTML via the M_NAME parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42308", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42308" + }, + { + "name": "69793", + "refsource": "OSVDB", + "url": "http://osvdb.org/69793" + }, + { + "name": "45381", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45381" + }, + { + "name": "http://forum.snitz.com/forum/topic.asp?TOPIC_ID=69770", + "refsource": "CONFIRM", + "url": "http://forum.snitz.com/forum/topic.asp?TOPIC_ID=69770" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1397.json b/2011/1xxx/CVE-2011-1397.json index 10fe0c280da..1dc74153852 100644 --- a/2011/1xxx/CVE-2011-1397.json +++ b/2011/1xxx/CVE-2011-1397.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1397", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to hijack the authentication of arbitrary users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1397", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21584666", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21584666" - }, - { - "name" : "IV09193", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09193" - }, - { - "name" : "52333", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52333" - }, - { - "name" : "48299", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48299" - }, - { - "name" : "48305", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48305" - }, - { - "name" : "maximo-laborreporting-csrf(72000)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72000" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to hijack the authentication of arbitrary users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "maximo-laborreporting-csrf(72000)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72000" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21584666", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666" + }, + { + "name": "48299", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48299" + }, + { + "name": "48305", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48305" + }, + { + "name": "52333", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52333" + }, + { + "name": "IV09193", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09193" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5181.json b/2011/5xxx/CVE-2011-5181.json index 07999566152..d437f7f2753 100644 --- a/2011/5xxx/CVE-2011-5181.json +++ b/2011/5xxx/CVE-2011-5181.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5181", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5181", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111123 Wordpress clickdesk-live-support-chat plugin Cross-Site Scripting Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/520624/100/0/threaded" - }, - { - "name" : "http://wordpress.org/extend/plugins/clickdesk-live-support-chat-plugin/changelog/", - "refsource" : "MISC", - "url" : "http://wordpress.org/extend/plugins/clickdesk-live-support-chat-plugin/changelog/" - }, - { - "name" : "50778", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50778" - }, - { - "name" : "77338", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/77338" - }, - { - "name" : "clickdesk-cdwidget-xss(71469)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50778", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50778" + }, + { + "name": "http://wordpress.org/extend/plugins/clickdesk-live-support-chat-plugin/changelog/", + "refsource": "MISC", + "url": "http://wordpress.org/extend/plugins/clickdesk-live-support-chat-plugin/changelog/" + }, + { + "name": "77338", + "refsource": "OSVDB", + "url": "http://osvdb.org/77338" + }, + { + "name": "20111123 Wordpress clickdesk-live-support-chat plugin Cross-Site Scripting Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/520624/100/0/threaded" + }, + { + "name": "clickdesk-cdwidget-xss(71469)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71469" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3086.json b/2014/3xxx/CVE-2014-3086.json index 5bec876644d..e2f679529f1 100644 --- a/2014/3xxx/CVE-2014-3086.json +++ b/2014/3xxx/CVE-2014-3086.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3086", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by leveraging the ability to execute code in the context of a security manager." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-3086", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680333", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680333" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686383", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686383" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686824", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686824" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680334", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680334" - }, - { - "name" : "IV62634", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV62634" - }, - { - "name" : "69183", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69183" - }, - { - "name" : "60081", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60081" - }, - { - "name" : "60317", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60317" - }, - { - "name" : "61577", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61577" - }, - { - "name" : "61640", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61640" - }, - { - "name" : "59680", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59680" - }, - { - "name" : "60622", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60622" - }, - { - "name" : "ibm-java-cve20143086-code-exec(94097)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94097" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by leveraging the ability to execute code in the context of a security manager." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680333", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680333" + }, + { + "name": "69183", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69183" + }, + { + "name": "61577", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61577" + }, + { + "name": "59680", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59680" + }, + { + "name": "ibm-java-cve20143086-code-exec(94097)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94097" + }, + { + "name": "IV62634", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV62634" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686383", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686383" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680334", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680334" + }, + { + "name": "60622", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60622" + }, + { + "name": "60081", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60081" + }, + { + "name": "61640", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61640" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686824", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686824" + }, + { + "name": "60317", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60317" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3400.json b/2014/3xxx/CVE-2014-3400.json index 43d2dc1d3c8..e06f12ce323 100644 --- a/2014/3xxx/CVE-2014-3400.json +++ b/2014/3xxx/CVE-2014-3400.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3400", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive information by reading logs, aka Bug IDs CSCuq36417 and CSCuq40344." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3400", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141003 Cisco WebEx Meetings Server Password Disclosure Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3400" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive information by reading logs, aka Bug IDs CSCuq36417 and CSCuq40344." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141003 Cisco WebEx Meetings Server Password Disclosure Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3400" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3812.json b/2014/3xxx/CVE-2014-3812.json index fefb0dd41ab..c3b05e8bb88 100644 --- a/2014/3xxx/CVE-2014-3812.json +++ b/2014/3xxx/CVE-2014-3812.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3812", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS before 7.4r5 and 8.x before 8.0r1 and Junos Pulse Access Control Service (UAC) before 4.4r5 and 5.x before 5.0r1 enable cipher suites with weak encryption algorithms, which make it easier for remote attackers to obtain sensitive information by sniffing the network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3812", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10628", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10628" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS before 7.4r5 and 8.x before 8.0r1 and Junos Pulse Access Control Service (UAC) before 4.4r5 and 5.x before 5.0r1 enable cipher suites with weak encryption algorithms, which make it easier for remote attackers to obtain sensitive information by sniffing the network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10628", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10628" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7260.json b/2014/7xxx/CVE-2014-7260.json index e1f1733bc38..3cb616c5692 100644 --- a/2014/7xxx/CVE-2014-7260.json +++ b/2014/7xxx/CVE-2014-7260.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7260", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Server Side Includes (SSI) implementation in the File Upload BBS component in ULTRAPOP.JP i-HTTPD allows remote attackers to execute arbitrary commands by uploading files containing commands in SSI directives." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-7260", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://jvn.jp/en/jp/JVN16406395/360573/index.html", - "refsource" : "MISC", - "url" : "http://jvn.jp/en/jp/JVN16406395/360573/index.html" - }, - { - "name" : "JVN#16406395", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN16406395/index.html" - }, - { - "name" : "JVNDB-2014-000143", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000143" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Server Side Includes (SSI) implementation in the File Upload BBS component in ULTRAPOP.JP i-HTTPD allows remote attackers to execute arbitrary commands by uploading files containing commands in SSI directives." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2014-000143", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000143" + }, + { + "name": "http://jvn.jp/en/jp/JVN16406395/360573/index.html", + "refsource": "MISC", + "url": "http://jvn.jp/en/jp/JVN16406395/360573/index.html" + }, + { + "name": "JVN#16406395", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN16406395/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7845.json b/2014/7xxx/CVE-2014-7845.json index 275db07dafe..a1aa6d907f5 100644 --- a/2014/7xxx/CVE-2014-7845.json +++ b/2014/7xxx/CVE-2014-7845.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7845", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The generate_password function in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide a sufficient number of possible temporary passwords, which allows remote attackers to obtain access via a brute-force attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-7845", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141117 Moodle security issues are now public", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/11/17/11" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47050", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47050" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=275152", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=275152" - }, - { - "name" : "1031215", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The generate_password function in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide a sufficient number of possible temporary passwords, which allows remote attackers to obtain access via a brute-force attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47050", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47050" + }, + { + "name": "1031215", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031215" + }, + { + "name": "https://moodle.org/mod/forum/discuss.php?d=275152", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=275152" + }, + { + "name": "[oss-security] 20141117 Moodle security issues are now public", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/11/17/11" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8263.json b/2014/8xxx/CVE-2014-8263.json index ab81e888fe2..b2b595fc839 100644 --- a/2014/8xxx/CVE-2014-8263.json +++ b/2014/8xxx/CVE-2014-8263.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8263", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8263", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8368.json b/2014/8xxx/CVE-2014-8368.json index 4ab2a8c84be..c23399e6e4e 100644 --- a/2014/8xxx/CVE-2014-8368.json +++ b/2014/8xxx/CVE-2014-8368.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8368", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authenticated users to gain privileges and execute arbitrary commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8368", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.arubanetworks.com/support/alerts/aid-11192014.txt", - "refsource" : "CONFIRM", - "url" : "http://www.arubanetworks.com/support/alerts/aid-11192014.txt" - }, - { - "name" : "62578", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62578" - }, - { - "name" : "airwave-cve20148368-priv-esc(98871)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98871" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authenticated users to gain privileges and execute arbitrary commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.arubanetworks.com/support/alerts/aid-11192014.txt", + "refsource": "CONFIRM", + "url": "http://www.arubanetworks.com/support/alerts/aid-11192014.txt" + }, + { + "name": "airwave-cve20148368-priv-esc(98871)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98871" + }, + { + "name": "62578", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62578" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8518.json b/2014/8xxx/CVE-2014-8518.json index 1b2d63623c0..8095dd9ef77 100644 --- a/2014/8xxx/CVE-2014-8518.json +++ b/2014/8xxx/CVE-2014-8518.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8518", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) Removable Media and (2) CD and DVD encryption offsite access options (formerly Endpoint Encryption for Removable Media or EERM) in McAfee File and Removable Media Protection (FRP) 4.3.0.x, and Endpoint Encryption for Files and Folders (EEFF) 3.2.x through 4.2.x, uses a hard-coded salt, which makes it easier for local users to obtain passwords via a brute force attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8518", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10089", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10089" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) Removable Media and (2) CD and DVD encryption offsite access options (formerly Endpoint Encryption for Removable Media or EERM) in McAfee File and Removable Media Protection (FRP) 4.3.0.x, and Endpoint Encryption for Files and Folders (EEFF) 3.2.x through 4.2.x, uses a hard-coded salt, which makes it easier for local users to obtain passwords via a brute force attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10089", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10089" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8568.json b/2014/8xxx/CVE-2014-8568.json index d11d4552fd7..0e2b3cd979f 100644 --- a/2014/8xxx/CVE-2014-8568.json +++ b/2014/8xxx/CVE-2014-8568.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8568", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8568", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9081.json b/2014/9xxx/CVE-2014-9081.json index ba5609cd99b..14800312d43 100644 --- a/2014/9xxx/CVE-2014-9081.json +++ b/2014/9xxx/CVE-2014-9081.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9081", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9081", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9348.json b/2014/9xxx/CVE-2014-9348.json index 79836eaf02f..b91d1c37879 100644 --- a/2014/9xxx/CVE-2014-9348.json +++ b/2014/9xxx/CVE-2014-9348.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9348", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the formulaireRobot function in admin/robots.lib.php in RobotStats 1.0 allows remote attackers to execute arbitrary SQL commands via the robot parameter to admin/robots.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9348", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35344", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35344" - }, - { - "name" : "http://packetstormsecurity.com/files/129229/RobotStats-1.0-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129229/RobotStats-1.0-SQL-Injection.html" - }, - { - "name" : "robotstats-robotslib-sql-injection(98951)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98951" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the formulaireRobot function in admin/robots.lib.php in RobotStats 1.0 allows remote attackers to execute arbitrary SQL commands via the robot parameter to admin/robots.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/129229/RobotStats-1.0-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129229/RobotStats-1.0-SQL-Injection.html" + }, + { + "name": "robotstats-robotslib-sql-injection(98951)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98951" + }, + { + "name": "35344", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35344" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9645.json b/2014/9xxx/CVE-2014-9645.json index c12c128094a..f34ed863424 100644 --- a/2014/9xxx/CVE-2014-9645.json +++ b/2014/9xxx/CVE-2014-9645.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9645", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demonstrated by an \"ifconfig /usbserial up\" command or a \"mount -t /snd_pcm none /\" command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9645", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150124 Re: CVE Request: Linux kernel crypto api unprivileged arbitrary module load", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2015/01/24/4" - }, - { - "name" : "[debian-lts-announce] 20180727 [SECURITY] [DLA 1445-1] busybox security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html" - }, - { - "name" : "https://plus.google.com/+MathiasKrause/posts/PqFCo4bfrWu", - "refsource" : "MISC", - "url" : "https://plus.google.com/+MathiasKrause/posts/PqFCo4bfrWu" - }, - { - "name" : "http://git.busybox.net/busybox/commit/?id=4e314faa0aecb66717418e9a47a4451aec59262b", - "refsource" : "CONFIRM", - "url" : "http://git.busybox.net/busybox/commit/?id=4e314faa0aecb66717418e9a47a4451aec59262b" - }, - { - "name" : "https://bugs.busybox.net/show_bug.cgi?id=7652", - "refsource" : "CONFIRM", - "url" : "https://bugs.busybox.net/show_bug.cgi?id=7652" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1185707", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1185707" - }, - { - "name" : "GLSA-201503-13", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201503-13" - }, - { - "name" : "72324", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72324" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demonstrated by an \"ifconfig /usbserial up\" command or a \"mount -t /snd_pcm none /\" command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://plus.google.com/+MathiasKrause/posts/PqFCo4bfrWu", + "refsource": "MISC", + "url": "https://plus.google.com/+MathiasKrause/posts/PqFCo4bfrWu" + }, + { + "name": "https://bugs.busybox.net/show_bug.cgi?id=7652", + "refsource": "CONFIRM", + "url": "https://bugs.busybox.net/show_bug.cgi?id=7652" + }, + { + "name": "[oss-security] 20150124 Re: CVE Request: Linux kernel crypto api unprivileged arbitrary module load", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2015/01/24/4" + }, + { + "name": "GLSA-201503-13", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201503-13" + }, + { + "name": "72324", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72324" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1185707", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185707" + }, + { + "name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1445-1] busybox security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html" + }, + { + "name": "http://git.busybox.net/busybox/commit/?id=4e314faa0aecb66717418e9a47a4451aec59262b", + "refsource": "CONFIRM", + "url": "http://git.busybox.net/busybox/commit/?id=4e314faa0aecb66717418e9a47a4451aec59262b" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9730.json b/2014/9xxx/CVE-2014-9730.json index ac8db2e1393..6ed21bc0e39 100644 --- a/2014/9xxx/CVE-2014-9730.json +++ b/2014/9xxx/CVE-2014-9730.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9730", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-9730", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150602 CVE request Linux kernel: fs: udf heap overflow in __udf_adinicb_readpage", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/06/02/7" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e237ec37ec154564f8690c5bd1795339955eeef9", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e237ec37ec154564f8690c5bd1795339955eeef9" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1228229", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1228229" - }, - { - "name" : "https://github.com/torvalds/linux/commit/e237ec37ec154564f8690c5bd1795339955eeef9", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/e237ec37ec154564f8690c5bd1795339955eeef9" - }, - { - "name" : "SUSE-SU-2015:1592", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html" - }, - { - "name" : "SUSE-SU-2015:1611", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html" - }, - { - "name" : "SUSE-SU-2015:1224", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html" - }, - { - "name" : "SUSE-SU-2015:1324", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html" - }, - { - "name" : "openSUSE-SU-2015:1382", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html" - }, - { - "name" : "74964", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74964" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150602 CVE request Linux kernel: fs: udf heap overflow in __udf_adinicb_readpage", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/06/02/7" + }, + { + "name": "https://github.com/torvalds/linux/commit/e237ec37ec154564f8690c5bd1795339955eeef9", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/e237ec37ec154564f8690c5bd1795339955eeef9" + }, + { + "name": "SUSE-SU-2015:1611", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html" + }, + { + "name": "SUSE-SU-2015:1324", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1228229", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1228229" + }, + { + "name": "74964", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74964" + }, + { + "name": "openSUSE-SU-2015:1382", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e237ec37ec154564f8690c5bd1795339955eeef9", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e237ec37ec154564f8690c5bd1795339955eeef9" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2" + }, + { + "name": "SUSE-SU-2015:1224", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html" + }, + { + "name": "SUSE-SU-2015:1592", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9884.json b/2014/9xxx/CVE-2014-9884.json index 3d6abdd3851..e91904bcc95 100644 --- a/2014/9xxx/CVE-2014-9884.json +++ b/2014/9xxx/CVE-2014-9884.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9884", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain pointers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769920 and Qualcomm internal bug CR580740." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2014-9884", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-08-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-08-01.html" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=f4948193c46f75e16d4382c4472485ab12b7bd17", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=f4948193c46f75e16d4382c4472485ab12b7bd17" - }, - { - "name" : "92219", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92219" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain pointers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769920 and Qualcomm internal bug CR580740." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-08-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-08-01.html" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=f4948193c46f75e16d4382c4472485ab12b7bd17", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=f4948193c46f75e16d4382c4472485ab12b7bd17" + }, + { + "name": "92219", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92219" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2196.json b/2016/2xxx/CVE-2016-2196.json index 95557b5ddda..d39dd5c7ce1 100644 --- a/2016/2xxx/CVE-2016-2196.json +++ b/2016/2xxx/CVE-2016-2196.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2196", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the P-521 reduction function in Botan 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (memory overwrite and crash) or execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2196", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[botan-devel] 20160201 Botan 1.11.28 and 1.10.11 released with security fixes", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=botan-devel&m=145435148602911&w=2" - }, - { - "name" : "http://botan.randombit.net/security.html", - "refsource" : "CONFIRM", - "url" : "http://botan.randombit.net/security.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the P-521 reduction function in Botan 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (memory overwrite and crash) or execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[botan-devel] 20160201 Botan 1.11.28 and 1.10.11 released with security fixes", + "refsource": "MLIST", + "url": "http://marc.info/?l=botan-devel&m=145435148602911&w=2" + }, + { + "name": "http://botan.randombit.net/security.html", + "refsource": "CONFIRM", + "url": "http://botan.randombit.net/security.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2573.json b/2016/2xxx/CVE-2016-2573.json index ce872c8e465..55df9a361ba 100644 --- a/2016/2xxx/CVE-2016-2573.json +++ b/2016/2xxx/CVE-2016-2573.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2573", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2573", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2917.json b/2016/2xxx/CVE-2016-2917.json index 9dee1bf592f..b0438ea4aad 100644 --- a/2016/2xxx/CVE-2016-2917.json +++ b/2016/2xxx/CVE-2016-2917.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2917", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The notifications component in IBM TRIRIGA Applications 10.4 and 10.5 before 10.5.1 allows remote authenticated users to obtain sensitive password information, and consequently gain privileges, via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-2917", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21984304", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21984304" - }, - { - "name" : "IV84740", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV84740" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The notifications component in IBM TRIRIGA Applications 10.4 and 10.5 before 10.5.1 allows remote authenticated users to obtain sensitive password information, and consequently gain privileges, via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21984304", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984304" + }, + { + "name": "IV84740", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV84740" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6298.json b/2016/6xxx/CVE-2016-6298.json index 9af90aa2ef3..71bd86710e8 100644 --- a/2016/6xxx/CVE-2016-6298.json +++ b/2016/6xxx/CVE-2016-6298.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-6298", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-6298", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/latchset/jwcrypto/commit/eb5be5bd94c8cae1d7f3ba9801377084d8e5a7ba", - "refsource" : "CONFIRM", - "url" : "https://github.com/latchset/jwcrypto/commit/eb5be5bd94c8cae1d7f3ba9801377084d8e5a7ba" - }, - { - "name" : "https://github.com/latchset/jwcrypto/issues/65", - "refsource" : "CONFIRM", - "url" : "https://github.com/latchset/jwcrypto/issues/65" - }, - { - "name" : "https://github.com/latchset/jwcrypto/pull/66", - "refsource" : "CONFIRM", - "url" : "https://github.com/latchset/jwcrypto/pull/66" - }, - { - "name" : "https://github.com/latchset/jwcrypto/releases/tag/v0.3.2", - "refsource" : "CONFIRM", - "url" : "https://github.com/latchset/jwcrypto/releases/tag/v0.3.2" - }, - { - "name" : "92729", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92729" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/latchset/jwcrypto/issues/65", + "refsource": "CONFIRM", + "url": "https://github.com/latchset/jwcrypto/issues/65" + }, + { + "name": "https://github.com/latchset/jwcrypto/pull/66", + "refsource": "CONFIRM", + "url": "https://github.com/latchset/jwcrypto/pull/66" + }, + { + "name": "92729", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92729" + }, + { + "name": "https://github.com/latchset/jwcrypto/releases/tag/v0.3.2", + "refsource": "CONFIRM", + "url": "https://github.com/latchset/jwcrypto/releases/tag/v0.3.2" + }, + { + "name": "https://github.com/latchset/jwcrypto/commit/eb5be5bd94c8cae1d7f3ba9801377084d8e5a7ba", + "refsource": "CONFIRM", + "url": "https://github.com/latchset/jwcrypto/commit/eb5be5bd94c8cae1d7f3ba9801377084d8e5a7ba" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6355.json b/2016/6xxx/CVE-2016-6355.json index 9c89122b8c9..b215845b590 100644 --- a/2016/6xxx/CVE-2016-6355.json +++ b/2016/6xxx/CVE-2016-6355.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6355", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in Cisco IOS XR 5.1.x through 5.1.3, 5.2.x through 5.2.5, and 5.3.x through 5.3.2 on ASR 9001 devices allows remote attackers to cause a denial of service (control-plane protocol outage) via crafted fragmented packets, aka Bug ID CSCux26791." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6355", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160810 Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160810-iosxr" - }, - { - "name" : "92399", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92399" - }, - { - "name" : "1036585", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036585" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in Cisco IOS XR 5.1.x through 5.1.3, 5.2.x through 5.2.5, and 5.3.x through 5.3.2 on ASR 9001 devices allows remote attackers to cause a denial of service (control-plane protocol outage) via crafted fragmented packets, aka Bug ID CSCux26791." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036585", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036585" + }, + { + "name": "20160810 Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160810-iosxr" + }, + { + "name": "92399", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92399" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6599.json b/2016/6xxx/CVE-2016-6599.json index a1bc612cfac..a8fe94495da 100644 --- a/2016/6xxx/CVE-2016-6599.json +++ b/2016/6xxx/CVE-2016-6599.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6599", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service (ConfigurationService) on port 9010. This service contains a method that can be used to retrieve a configuration file that contains the application database name, username and password as well as the domain administrator username and password. These are encrypted with a fixed key and IV (\"NumaraIT\") using the DES algorithm. The domain administrator username and password can only be obtained if the Self-Service component is enabled, which is the most common scenario in enterprise deployments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6599", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180126 [CVE-2016-6598/9]: RCE and admin cred disclosure in BMC Track-It! 11.4", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Jan/92" - }, - { - "name" : "http://packetstormsecurity.com/files/146110/BMC-Track-It-11.4-Code-Execution-Information-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/146110/BMC-Track-It-11.4-Code-Execution-Information-Disclosure.html" - }, - { - "name" : "https://github.com/pedrib/PoC/blob/master/advisories/bmc-track-it-11.4.txt", - "refsource" : "MISC", - "url" : "https://github.com/pedrib/PoC/blob/master/advisories/bmc-track-it-11.4.txt" - }, - { - "name" : "https://communities.bmc.com/community/bmcdn/bmc_track-it/blog/2016/01/04/track-it-security-advisory-24-dec-2015", - "refsource" : "CONFIRM", - "url" : "https://communities.bmc.com/community/bmcdn/bmc_track-it/blog/2016/01/04/track-it-security-advisory-24-dec-2015" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service (ConfigurationService) on port 9010. This service contains a method that can be used to retrieve a configuration file that contains the application database name, username and password as well as the domain administrator username and password. These are encrypted with a fixed key and IV (\"NumaraIT\") using the DES algorithm. The domain administrator username and password can only be obtained if the Self-Service component is enabled, which is the most common scenario in enterprise deployments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180126 [CVE-2016-6598/9]: RCE and admin cred disclosure in BMC Track-It! 11.4", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Jan/92" + }, + { + "name": "https://github.com/pedrib/PoC/blob/master/advisories/bmc-track-it-11.4.txt", + "refsource": "MISC", + "url": "https://github.com/pedrib/PoC/blob/master/advisories/bmc-track-it-11.4.txt" + }, + { + "name": "https://communities.bmc.com/community/bmcdn/bmc_track-it/blog/2016/01/04/track-it-security-advisory-24-dec-2015", + "refsource": "CONFIRM", + "url": "https://communities.bmc.com/community/bmcdn/bmc_track-it/blog/2016/01/04/track-it-security-advisory-24-dec-2015" + }, + { + "name": "http://packetstormsecurity.com/files/146110/BMC-Track-It-11.4-Code-Execution-Information-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/146110/BMC-Track-It-11.4-Code-Execution-Information-Disclosure.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6732.json b/2016/6xxx/CVE-2016-6732.json index e5631c6f3fe..b777a5592ad 100644 --- a/2016/6xxx/CVE-2016-6732.json +++ b/2016/6xxx/CVE-2016-6732.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-6732", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30906599. References: NVIDIA N-CVE-2016-6732." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-6732", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2016-11-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2016-11-01.html" - }, - { - "name" : "94140", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94140" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30906599. References: NVIDIA N-CVE-2016-6732." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94140", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94140" + }, + { + "name": "https://source.android.com/security/bulletin/2016-11-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2016-11-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6911.json b/2016/6xxx/CVE-2016-6911.json index 228f5a5ec94..44e2a689d4a 100644 --- a/2016/6xxx/CVE-2016-6911.json +++ b/2016/6xxx/CVE-2016-6911.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6911", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6911", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md", - "refsource" : "CONFIRM", - "url" : "https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md" - }, - { - "name" : "https://github.com/libgd/libgd/commit/4859d69e07504d4b0a4bdf9bcb4d9e3769ca35ae", - "refsource" : "CONFIRM", - "url" : "https://github.com/libgd/libgd/commit/4859d69e07504d4b0a4bdf9bcb4d9e3769ca35ae" - }, - { - "name" : "https://github.com/libgd/libgd/pull/353", - "refsource" : "CONFIRM", - "url" : "https://github.com/libgd/libgd/pull/353" - }, - { - "name" : "DSA-3693", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3693" - }, - { - "name" : "95840", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95840" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95840", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95840" + }, + { + "name": "https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md", + "refsource": "CONFIRM", + "url": "https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md" + }, + { + "name": "DSA-3693", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3693" + }, + { + "name": "https://github.com/libgd/libgd/pull/353", + "refsource": "CONFIRM", + "url": "https://github.com/libgd/libgd/pull/353" + }, + { + "name": "https://github.com/libgd/libgd/commit/4859d69e07504d4b0a4bdf9bcb4d9e3769ca35ae", + "refsource": "CONFIRM", + "url": "https://github.com/libgd/libgd/commit/4859d69e07504d4b0a4bdf9bcb4d9e3769ca35ae" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7652.json b/2016/7xxx/CVE-2016-7652.json index a58b92195eb..9f9dd6d4f69 100644 --- a/2016/7xxx/CVE-2016-7652.json +++ b/2016/7xxx/CVE-2016-7652.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-7652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-7652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207421", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207421" - }, - { - "name" : "https://support.apple.com/HT207422", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207422" - }, - { - "name" : "https://support.apple.com/HT207424", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207424" - }, - { - "name" : "https://support.apple.com/HT207427", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207427" - }, - { - "name" : "GLSA-201706-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-15" - }, - { - "name" : "94907", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94907" - }, - { - "name" : "1037459", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037459" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT207427", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207427" + }, + { + "name": "94907", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94907" + }, + { + "name": "https://support.apple.com/HT207421", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207421" + }, + { + "name": "1037459", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037459" + }, + { + "name": "https://support.apple.com/HT207422", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207422" + }, + { + "name": "GLSA-201706-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-15" + }, + { + "name": "https://support.apple.com/HT207424", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207424" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5626.json b/2017/5xxx/CVE-2017-5626.json index 122a0a261c7..45ea1ffd656 100644 --- a/2017/5xxx/CVE-2017-5626.json +++ b/2017/5xxx/CVE-2017-5626.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5626", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden fastboot oem commands (4F500301 and 4F500302) that allow the attacker to lock/unlock the bootloader, disregarding the 'OEM Unlocking' checkbox, without user confirmation and without a factory reset. This allows for persistent code execution with high privileges (kernel/root) with complete access to user data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5626", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://securityresear.ch/2017/02/08/oneplus3-bootloader-vulns/", - "refsource" : "MISC", - "url" : "https://securityresear.ch/2017/02/08/oneplus3-bootloader-vulns/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden fastboot oem commands (4F500301 and 4F500302) that allow the attacker to lock/unlock the bootloader, disregarding the 'OEM Unlocking' checkbox, without user confirmation and without a factory reset. This allows for persistent code execution with high privileges (kernel/root) with complete access to user data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://securityresear.ch/2017/02/08/oneplus3-bootloader-vulns/", + "refsource": "MISC", + "url": "https://securityresear.ch/2017/02/08/oneplus3-bootloader-vulns/" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5860.json b/2017/5xxx/CVE-2017-5860.json index 4cf67ec55f3..df433b8ac81 100644 --- a/2017/5xxx/CVE-2017-5860.json +++ b/2017/5xxx/CVE-2017-5860.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5860", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5860", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5884.json b/2017/5xxx/CVE-2017-5884.json index 4d77d8cfa69..c60560ff3ab 100644 --- a/2017/5xxx/CVE-2017-5884.json +++ b/2017/5xxx/CVE-2017-5884.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5884", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-5884", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170203 CVE request for two input validation flaws in gtk-vnc", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/03/5" - }, - { - "name" : "[oss-security] 20170204 Re: CVE request for two input validation flaws in gtk-vnc", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/05/5" - }, - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=778048", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=778048" - }, - { - "name" : "https://git.gnome.org/browse/gtk-vnc/commit/?id=ea0386933214c9178aaea9f2f85049ea3fa3e14a", - "refsource" : "CONFIRM", - "url" : "https://git.gnome.org/browse/gtk-vnc/commit/?id=ea0386933214c9178aaea9f2f85049ea3fa3e14a" - }, - { - "name" : "FEDORA-2017-ab04a91edd", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LGPQ5MQR6SN4DYTEFACHP2PP5RR26KYK/" - }, - { - "name" : "RHSA-2017:2258", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2258" - }, - { - "name" : "96016", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96016" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20170203 CVE request for two input validation flaws in gtk-vnc", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/03/5" + }, + { + "name": "96016", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96016" + }, + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=778048", + "refsource": "CONFIRM", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=778048" + }, + { + "name": "RHSA-2017:2258", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2258" + }, + { + "name": "FEDORA-2017-ab04a91edd", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LGPQ5MQR6SN4DYTEFACHP2PP5RR26KYK/" + }, + { + "name": "https://git.gnome.org/browse/gtk-vnc/commit/?id=ea0386933214c9178aaea9f2f85049ea3fa3e14a", + "refsource": "CONFIRM", + "url": "https://git.gnome.org/browse/gtk-vnc/commit/?id=ea0386933214c9178aaea9f2f85049ea3fa3e14a" + }, + { + "name": "[oss-security] 20170204 Re: CVE request for two input validation flaws in gtk-vnc", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/05/5" + } + ] + } +} \ No newline at end of file