diff --git a/2006/0xxx/CVE-2006-0389.json b/2006/0xxx/CVE-2006-0389.json index 949712874aa..a65e08b2fd0 100644 --- a/2006/0xxx/CVE-2006-0389.json +++ b/2006/0xxx/CVE-2006-0389.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0389", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) in Mac OS X 10.4 through 10.4.5 allows remote attackers to execute arbitrary JavaScript via unspecified vectors involving RSS feeds." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0389", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=303382", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=303382" - }, - { - "name" : "APPLE-SA-2006-03-01", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html" - }, - { - "name" : "TA06-062A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-062A.html" - }, - { - "name" : "16907", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16907" - }, - { - "name" : "ADV-2006-0791", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0791" - }, - { - "name" : "23649", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23649" - }, - { - "name" : "19064", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19064" - }, - { - "name" : "macosx-syndication-xss(25040)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25040" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) in Mac OS X 10.4 through 10.4.5 allows remote attackers to execute arbitrary JavaScript via unspecified vectors involving RSS feeds." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "macosx-syndication-xss(25040)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25040" + }, + { + "name": "23649", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23649" + }, + { + "name": "19064", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19064" + }, + { + "name": "16907", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16907" + }, + { + "name": "ADV-2006-0791", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0791" + }, + { + "name": "APPLE-SA-2006-03-01", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html" + }, + { + "name": "TA06-062A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-062A.html" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=303382", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=303382" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0783.json b/2006/0xxx/CVE-2006-0783.json index 0251218fb0c..d34543b14d9 100644 --- a/2006/0xxx/CVE-2006-0783.json +++ b/2006/0xxx/CVE-2006-0783.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0783", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in page.php in in Siteframe Beaumont, possibly 5.0.2 or 5.0.1a, allows remote attackers to inject arbitrary web script or HTML via the comment_text parameter to the user comment page (/edit/Comment)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0783", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060216 Siteframe Beaumont 5.0.2 <== User Comment Cross-Site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/425180/100/0/threaded" - }, - { - "name" : "16695", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16695" - }, - { - "name" : "23267", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23267" - }, - { - "name" : "18892", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18892" - }, - { - "name" : "443", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/443" - }, - { - "name" : "siteframe-comment-xss(24836)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24836" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in page.php in in Siteframe Beaumont, possibly 5.0.2 or 5.0.1a, allows remote attackers to inject arbitrary web script or HTML via the comment_text parameter to the user comment page (/edit/Comment)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060216 Siteframe Beaumont 5.0.2 <== User Comment Cross-Site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/425180/100/0/threaded" + }, + { + "name": "siteframe-comment-xss(24836)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24836" + }, + { + "name": "443", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/443" + }, + { + "name": "18892", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18892" + }, + { + "name": "23267", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23267" + }, + { + "name": "16695", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16695" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0822.json b/2006/0xxx/CVE-2006-0822.json index 49059058962..c741e1d3c25 100644 --- a/2006/0xxx/CVE-2006-0822.json +++ b/2006/0xxx/CVE-2006-0822.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0822", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in EmuLinker Kaillera Server before 0.99.17 allows remote attackers to cause a denial of service (probably resource consumption) via a crafted packet that causes a \"ghost game\" to be left on the server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0822", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=394690&group_id=127754", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=394690&group_id=127754" - }, - { - "name" : "16733", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16733" - }, - { - "name" : "ADV-2006-0665", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0665" - }, - { - "name" : "18938", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18938" - }, - { - "name" : "emulinker-packet-handling-dos(24784)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24784" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in EmuLinker Kaillera Server before 0.99.17 allows remote attackers to cause a denial of service (probably resource consumption) via a crafted packet that causes a \"ghost game\" to be left on the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18938", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18938" + }, + { + "name": "16733", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16733" + }, + { + "name": "emulinker-packet-handling-dos(24784)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24784" + }, + { + "name": "ADV-2006-0665", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0665" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=394690&group_id=127754", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=394690&group_id=127754" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0898.json b/2006/0xxx/CVE-2006-0898.json index 27a2a9b9299..0f8427918d1 100644 --- a/2006/0xxx/CVE-2006-0898.json +++ b/2006/0xxx/CVE-2006-0898.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0898", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0898", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060223 Vulnerability in Crypt::CBC Perl module, versions <= 2.16", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/425966/100/0/threaded" - }, - { - "name" : "DSA-996", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-996" - }, - { - "name" : "GLSA-200603-15", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200603-15.xml" - }, - { - "name" : "RHSA-2008:0261", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0261.html" - }, - { - "name" : "RHSA-2008:0630", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2008-0630.html" - }, - { - "name" : "SUSE-SR:2006:015", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_38_security.html" - }, - { - "name" : "16802", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16802" - }, - { - "name" : "18755", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18755" - }, - { - "name" : "19187", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19187" - }, - { - "name" : "19303", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19303" - }, - { - "name" : "20899", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20899" - }, - { - "name" : "31493", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31493" - }, - { - "name" : "488", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/488" - }, - { - "name" : "crypt-cbc-header-weak-encryption(24954)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24954" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20899", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20899" + }, + { + "name": "RHSA-2008:0630", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html" + }, + { + "name": "31493", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31493" + }, + { + "name": "GLSA-200603-15", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200603-15.xml" + }, + { + "name": "19187", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19187" + }, + { + "name": "488", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/488" + }, + { + "name": "DSA-996", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-996" + }, + { + "name": "20060223 Vulnerability in Crypt::CBC Perl module, versions <= 2.16", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/425966/100/0/threaded" + }, + { + "name": "SUSE-SR:2006:015", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_38_security.html" + }, + { + "name": "19303", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19303" + }, + { + "name": "18755", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18755" + }, + { + "name": "16802", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16802" + }, + { + "name": "RHSA-2008:0261", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" + }, + { + "name": "crypt-cbc-header-weak-encryption(24954)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24954" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1017.json b/2006/1xxx/CVE-2006-1017.json index 65fc54b8c18..c30a04485e7 100644 --- a/2006/1xxx/CVE-2006-1017.json +++ b/2006/1xxx/CVE-2006-1017.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1017", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x before 5.1.5 do not check the (1) safe_mode or (2) open_basedir functions, and when used in applications that accept user-controlled input for the mailbox argument to the imap_open function, allow remote attackers to obtain access to an IMAP stream data structure and conduct unauthorized IMAP actions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1017", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060228 (PHP) imap functions bypass safemode and open_basedir restrictions", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426339/100/0/threaded" - }, - { - "name" : "http://bugs.php.net/bug.php?id=37265", - "refsource" : "CONFIRM", - "url" : "http://bugs.php.net/bug.php?id=37265" - }, - { - "name" : "http://www.php.net/ChangeLog-5.php#5.1.5", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php#5.1.5" - }, - { - "name" : "http://www.php.net/release_5_1_5.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/release_5_1_5.php" - }, - { - "name" : "MDKSA-2006:122", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:122" - }, - { - "name" : "ADV-2006-0772", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0772" - }, - { - "name" : "23535", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23535" - }, - { - "name" : "18694", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18694" - }, - { - "name" : "21050", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21050" - }, - { - "name" : "21546", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21546" - }, - { - "name" : "516", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/516" - }, - { - "name" : "php-imap-restriction-bypass(24964)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24964" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x before 5.1.5 do not check the (1) safe_mode or (2) open_basedir functions, and when used in applications that accept user-controlled input for the mailbox argument to the imap_open function, allow remote attackers to obtain access to an IMAP stream data structure and conduct unauthorized IMAP actions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0772", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0772" + }, + { + "name": "http://www.php.net/release_5_1_5.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/release_5_1_5.php" + }, + { + "name": "23535", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23535" + }, + { + "name": "21050", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21050" + }, + { + "name": "516", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/516" + }, + { + "name": "21546", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21546" + }, + { + "name": "MDKSA-2006:122", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:122" + }, + { + "name": "http://bugs.php.net/bug.php?id=37265", + "refsource": "CONFIRM", + "url": "http://bugs.php.net/bug.php?id=37265" + }, + { + "name": "php-imap-restriction-bypass(24964)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24964" + }, + { + "name": "http://www.php.net/ChangeLog-5.php#5.1.5", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php#5.1.5" + }, + { + "name": "20060228 (PHP) imap functions bypass safemode and open_basedir restrictions", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426339/100/0/threaded" + }, + { + "name": "18694", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18694" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1271.json b/2006/1xxx/CVE-2006-1271.json index 983d99ed01a..9066359c64b 100644 --- a/2006/1xxx/CVE-2006-1271.json +++ b/2006/1xxx/CVE-2006-1271.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1271", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in OxyNews allows remote attackers to execute arbitrary SQL commands via the oxynews_comment_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060316 Oxynews Sql İnjection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/428057/100/0/threaded" - }, - { - "name" : "http://biyosecurity.be/bugs/oxynews.txt", - "refsource" : "MISC", - "url" : "http://biyosecurity.be/bugs/oxynews.txt" - }, - { - "name" : "17132", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17132" - }, - { - "name" : "ADV-2006-0976", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0976" - }, - { - "name" : "23940", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23940" - }, - { - "name" : "19255", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19255" - }, - { - "name" : "oxynews-index-sql-injection(25301)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25301" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in OxyNews allows remote attackers to execute arbitrary SQL commands via the oxynews_comment_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23940", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23940" + }, + { + "name": "17132", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17132" + }, + { + "name": "19255", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19255" + }, + { + "name": "20060316 Oxynews Sql İnjection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/428057/100/0/threaded" + }, + { + "name": "oxynews-index-sql-injection(25301)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25301" + }, + { + "name": "http://biyosecurity.be/bugs/oxynews.txt", + "refsource": "MISC", + "url": "http://biyosecurity.be/bugs/oxynews.txt" + }, + { + "name": "ADV-2006-0976", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0976" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1523.json b/2006/1xxx/CVE-2006-1523.json index b14511b9f8f..42295fda71e 100644 --- a/2006/1xxx/CVE-2006-1523.json +++ b/2006/1xxx/CVE-2006-1523.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1523", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The __group_complete_signal function in the RCU signal handling (signal.c) in Linux kernel 2.6.16, and possibly other versions, has unknown impact and attack vectors related to improper use of BUG_ON." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-1523", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20060411 [PATCH] __group_complete_signal: remove bogus BUG_ON", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=linux-kernel&m=114476543426600&w=2" - }, - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188604", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188604" - }, - { - "name" : "DSA-1103", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1103" - }, - { - "name" : "SUSE-SA:2006:028", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006-05-31.html" - }, - { - "name" : "17640", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17640" - }, - { - "name" : "ADV-2006-2554", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2554" - }, - { - "name" : "20914", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20914" - }, - { - "name" : "20398", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20398" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The __group_complete_signal function in the RCU signal handling (signal.c) in Linux kernel 2.6.16, and possibly other versions, has unknown impact and attack vectors related to improper use of BUG_ON." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-2554", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2554" + }, + { + "name": "[linux-kernel] 20060411 [PATCH] __group_complete_signal: remove bogus BUG_ON", + "refsource": "MLIST", + "url": "http://marc.info/?l=linux-kernel&m=114476543426600&w=2" + }, + { + "name": "SUSE-SA:2006:028", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006-05-31.html" + }, + { + "name": "DSA-1103", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1103" + }, + { + "name": "20398", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20398" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188604", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188604" + }, + { + "name": "17640", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17640" + }, + { + "name": "20914", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20914" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1907.json b/2006/1xxx/CVE-2006-1907.json index 9fb58bf010c..c42d27d9400 100644 --- a/2006/1xxx/CVE-2006-1907.json +++ b/2006/1xxx/CVE-2006-1907.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1907", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in myEvent 1.x allow remote attackers to inject arbitrary SQL commands via the event_id parameter to (1) addevent.php or (2) del.php or (3) event_desc parameter to addevent.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1907", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ADV-2006-1384", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1384" - }, - { - "name" : "24720", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24720" - }, - { - "name" : "24721", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24721" - }, - { - "name" : "19680", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19680" - }, - { - "name" : "myevent-addevent-del-sql-injection(25886)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25886" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in myEvent 1.x allow remote attackers to inject arbitrary SQL commands via the event_id parameter to (1) addevent.php or (2) del.php or (3) event_desc parameter to addevent.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24721", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24721" + }, + { + "name": "19680", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19680" + }, + { + "name": "myevent-addevent-del-sql-injection(25886)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25886" + }, + { + "name": "24720", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24720" + }, + { + "name": "ADV-2006-1384", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1384" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5226.json b/2006/5xxx/CVE-2006-5226.json index 539cd60a53e..bc8088790c5 100644 --- a/2006/5xxx/CVE-2006-5226.json +++ b/2006/5xxx/CVE-2006-5226.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5226", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in moteur/moteur.php in Prologin.fr Freenews 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5226", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061008 Freenews v1.1 <= (chemin) Remote File Include Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/448019/100/0/threaded" - }, - { - "name" : "2490", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2490" - }, - { - "name" : "20405", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20405" - }, - { - "name" : "1704", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1704" - }, - { - "name" : "freenews-moteur-file-include(29395)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29395" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in moteur/moteur.php in Prologin.fr Freenews 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2490", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2490" + }, + { + "name": "1704", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1704" + }, + { + "name": "20405", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20405" + }, + { + "name": "freenews-moteur-file-include(29395)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29395" + }, + { + "name": "20061008 Freenews v1.1 <= (chemin) Remote File Include Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/448019/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5652.json b/2006/5xxx/CVE-2006-5652.json index b136b9c0aa6..6dae3715e5b 100644 --- a/2006/5xxx/CVE-2006-5652.json +++ b/2006/5xxx/CVE-2006-5652.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging Server Messenger Express allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated by setting the width style for an IMG element. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers, it has been assigned a new CVE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061031 Cross Site Scripting (XSS) Vulnerability in iPlanet Messaging Server Messenger Express by \"Sun\"", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/450184/100/0/threaded" - }, - { - "name" : "20061031 Cross Site Scripting (XSS) Vulnerability in iPlanet Messaging Server Messenger Express by \"Sun\"", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050460.html" - }, - { - "name" : "20838", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20838" - }, - { - "name" : "1806", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1806" - }, - { - "name" : "sun-messaging-expression-xss(29929)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29929" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging Server Messenger Express allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated by setting the width style for an IMG element. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers, it has been assigned a new CVE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sun-messaging-expression-xss(29929)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29929" + }, + { + "name": "20838", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20838" + }, + { + "name": "20061031 Cross Site Scripting (XSS) Vulnerability in iPlanet Messaging Server Messenger Express by \"Sun\"", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050460.html" + }, + { + "name": "20061031 Cross Site Scripting (XSS) Vulnerability in iPlanet Messaging Server Messenger Express by \"Sun\"", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/450184/100/0/threaded" + }, + { + "name": "1806", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1806" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5923.json b/2006/5xxx/CVE-2006-5923.json index abc53a18e46..e3cd0a93cd6 100644 --- a/2006/5xxx/CVE-2006-5923.json +++ b/2006/5xxx/CVE-2006-5923.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5923", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in index.php in Chris Mac gtcatalog (aka GimeScripts Shopping Catalog) 0.9.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the custom parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5923", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061120 Shopping_Catalog Remote File Include exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452114/100/200/threaded" - }, - { - "name" : "2745", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2745" - }, - { - "name" : "20979", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20979" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in index.php in Chris Mac gtcatalog (aka GimeScripts Shopping Catalog) 0.9.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the custom parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20979", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20979" + }, + { + "name": "20061120 Shopping_Catalog Remote File Include exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452114/100/200/threaded" + }, + { + "name": "2745", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2745" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5979.json b/2006/5xxx/CVE-2006-5979.json index 34da9e6d2de..a12d7e48d40 100644 --- a/2006/5xxx/CVE-2006-5979.json +++ b/2006/5xxx/CVE-2006-5979.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5979", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Renasoft NetJetServer 2.5.3.939, and possibly earlier, uses insecure permissions for Global.asa, which allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; details are obtained from third party sources." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5979", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ADV-2006-4559", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4559" - }, - { - "name" : "22859", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22859" - }, - { - "name" : "netjetserver-permissions-info-disclosure(30338)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30338" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Renasoft NetJetServer 2.5.3.939, and possibly earlier, uses insecure permissions for Global.asa, which allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; details are obtained from third party sources." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "netjetserver-permissions-info-disclosure(30338)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30338" + }, + { + "name": "22859", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22859" + }, + { + "name": "ADV-2006-4559", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4559" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0053.json b/2010/0xxx/CVE-2010-0053.json index ab5e6b30aa3..67881a75d23 100644 --- a/2010/0xxx/CVE-2010-0053.json +++ b/2010/0xxx/CVE-2010-0053.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0053", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the run-in Cascading Style Sheets (CSS) display property." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-0053", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4070", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4070" - }, - { - "name" : "http://support.apple.com/kb/HT4225", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4225" - }, - { - "name" : "APPLE-SA-2010-03-11-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html" - }, - { - "name" : "APPLE-SA-2010-06-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" - }, - { - "name" : "FEDORA-2010-8360", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.html" - }, - { - "name" : "FEDORA-2010-8379", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.html" - }, - { - "name" : "FEDORA-2010-8423", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.html" - }, - { - "name" : "MDVSA-2011:039", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "USN-1006-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1006-1" - }, - { - "name" : "38671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38671" - }, - { - "name" : "62948", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/62948" - }, - { - "name" : "oval:org.mitre.oval:def:7323", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7323" - }, - { - "name" : "1023708", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023708" - }, - { - "name" : "41856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41856" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2010-2722", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2722" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - }, - { - "name" : "ADV-2011-0552", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the run-in Cascading Style Sheets (CSS) display property." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:039", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" + }, + { + "name": "APPLE-SA-2010-03-11-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html" + }, + { + "name": "ADV-2010-2722", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2722" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "USN-1006-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1006-1" + }, + { + "name": "1023708", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023708" + }, + { + "name": "41856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41856" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "http://support.apple.com/kb/HT4225", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4225" + }, + { + "name": "FEDORA-2010-8360", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.html" + }, + { + "name": "oval:org.mitre.oval:def:7323", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7323" + }, + { + "name": "http://support.apple.com/kb/HT4070", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4070" + }, + { + "name": "62948", + "refsource": "OSVDB", + "url": "http://osvdb.org/62948" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "ADV-2011-0552", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0552" + }, + { + "name": "FEDORA-2010-8379", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.html" + }, + { + "name": "APPLE-SA-2010-06-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" + }, + { + "name": "38671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38671" + }, + { + "name": "FEDORA-2010-8423", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0135.json b/2010/0xxx/CVE-2010-0135.json index 9ec98bcbefc..d8c32fc4c22 100644 --- a/2010/0xxx/CVE-2010-0135.json +++ b/2010/0xxx/CVE-2010-0135.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0135", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the WordPerfect 5.x reader (wosr.dll), as used in Autonomy KeyView 10.4 and 10.9 and possibly other products, allows remote attackers to execute arbitrary code via unspecified vectors related to \"data blocks.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2010-0135", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2010-31/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2010-31/" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21440812", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21440812" - }, - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01" - }, - { - "name" : "41928", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41928" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the WordPerfect 5.x reader (wosr.dll), as used in Autonomy KeyView 10.4 and 10.9 and possibly other products, allows remote attackers to execute arbitrary code via unspecified vectors related to \"data blocks.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01" + }, + { + "name": "41928", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41928" + }, + { + "name": "http://secunia.com/secunia_research/2010-31/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2010-31/" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21440812", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21440812" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0544.json b/2010/0xxx/CVE-2010-0544.json index bf1e4d89ed6..25ff9cd372c 100644 --- a/2010/0xxx/CVE-2010-0544.json +++ b/2010/0xxx/CVE-2010-0544.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0544", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to a malformed URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-0544", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4196", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4196" - }, - { - "name" : "http://support.apple.com/kb/HT4220", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4220" - }, - { - "name" : "http://support.apple.com/kb/HT4225", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4225" - }, - { - "name" : "http://support.apple.com/kb/HT4456", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4456" - }, - { - "name" : "APPLE-SA-2010-06-07-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html" - }, - { - "name" : "APPLE-SA-2010-06-16-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html" - }, - { - "name" : "APPLE-SA-2010-06-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" - }, - { - "name" : "APPLE-SA-2010-11-22-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" - }, - { - "name" : "40620", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40620" - }, - { - "name" : "oval:org.mitre.oval:def:6656", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6656" - }, - { - "name" : "1024067", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024067" - }, - { - "name" : "40105", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40105" - }, - { - "name" : "40196", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40196" - }, - { - "name" : "42314", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42314" - }, - { - "name" : "ADV-2010-1373", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1373" - }, - { - "name" : "ADV-2010-1512", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1512" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to a malformed URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4220", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4220" + }, + { + "name": "http://support.apple.com/kb/HT4225", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4225" + }, + { + "name": "APPLE-SA-2010-06-07-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html" + }, + { + "name": "40196", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40196" + }, + { + "name": "40105", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40105" + }, + { + "name": "ADV-2010-1373", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1373" + }, + { + "name": "oval:org.mitre.oval:def:6656", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6656" + }, + { + "name": "APPLE-SA-2010-06-16-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html" + }, + { + "name": "42314", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42314" + }, + { + "name": "ADV-2010-1512", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1512" + }, + { + "name": "40620", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40620" + }, + { + "name": "http://support.apple.com/kb/HT4456", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4456" + }, + { + "name": "1024067", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024067" + }, + { + "name": "http://support.apple.com/kb/HT4196", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4196" + }, + { + "name": "APPLE-SA-2010-06-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" + }, + { + "name": "APPLE-SA-2010-11-22-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0825.json b/2010/0xxx/CVE-2010-0825.json index b39e8b47b3c..5193fcffddb 100644 --- a/2010/0xxx/CVE-2010-0825.json +++ b/2010/0xxx/CVE-2010-0825.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0825", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2010-0825", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/ubuntu/+bug/531569", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+bug/531569" - }, - { - "name" : "MDVSA-2010:083", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:083" - }, - { - "name" : "USN-919-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-919-1" - }, - { - "name" : "39155", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39155" - }, - { - "name" : "ADV-2010-0734", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0734" - }, - { - "name" : "ADV-2010-0952", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0952" - }, - { - "name" : "emacs-emailhelper-symlink(57457)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57457" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2010:083", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:083" + }, + { + "name": "emacs-emailhelper-symlink(57457)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57457" + }, + { + "name": "USN-919-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-919-1" + }, + { + "name": "39155", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39155" + }, + { + "name": "ADV-2010-0734", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0734" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+bug/531569", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+bug/531569" + }, + { + "name": "ADV-2010-0952", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0952" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2218.json b/2010/2xxx/CVE-2010-2218.json index cdb2a989c2f..4afffb08c81 100644 --- a/2010/2xxx/CVE-2010-2218.json +++ b/2010/2xxx/CVE-2010-2218.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2218", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, allows attackers to cause a denial of service via unspecified vectors, related to a \"JS method issue.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-2218", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-19.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-19.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, allows attackers to cause a denial of service via unspecified vectors, related to a \"JS method issue.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-19.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-19.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3210.json b/2010/3xxx/CVE-2010-3210.json index ae02f1b255d..43f1a609b2f 100644 --- a/2010/3xxx/CVE-2010-3210.json +++ b/2010/3xxx/CVE-2010-3210.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3210", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Multi-lingual E-Commerce System 0.2 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) checkout2-CYM.php, (2) checkout2-EN.php, (3) checkout2-FR.php, (4) cat-FR.php, (5) cat-EN.php, (6) cat-CYM.php, (7) checkout1-CYM.php, (8) checkout1-EN.php, (9) checkout1-FR.php, (10) prod-CYM.php, (11) prod-EN.php, and (12) prod-FR.php in inc/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3210", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14835", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14835" - }, - { - "name" : "http://packetstormsecurity.org/1008-exploits/mlecomsys-rfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1008-exploits/mlecomsys-rfi.txt" - }, - { - "name" : "mlecs-multiple-file-include(61464)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61464" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Multi-lingual E-Commerce System 0.2 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) checkout2-CYM.php, (2) checkout2-EN.php, (3) checkout2-FR.php, (4) cat-FR.php, (5) cat-EN.php, (6) cat-CYM.php, (7) checkout1-CYM.php, (8) checkout1-EN.php, (9) checkout1-FR.php, (10) prod-CYM.php, (11) prod-EN.php, and (12) prod-FR.php in inc/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/1008-exploits/mlecomsys-rfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1008-exploits/mlecomsys-rfi.txt" + }, + { + "name": "mlecs-multiple-file-include(61464)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61464" + }, + { + "name": "14835", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14835" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3294.json b/2010/3xxx/CVE-2010-3294.json index dc92828f610..6c4cddf7bda 100644 --- a/2010/3xxx/CVE-2010-3294.json +++ b/2010/3xxx/CVE-2010-3294.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3294", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in apc.php in the Alternative PHP Cache (APC) extension before 3.1.4 for PHP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3294", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100914 CVE request: xss in pecl-apc before 3.1.4", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/14/1" - }, - { - "name" : "[oss-security] 20100914 Re: CVE request: xss in pecl-apc before 3.1.4", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/14/6" - }, - { - "name" : "[oss-security] 20100914 Re: CVE request: xss in pecl-apc before 3.1.4", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/14/8" - }, - { - "name" : "http://pecl.php.net/package-changelog.php?package=APC&release=3.1.4", - "refsource" : "CONFIRM", - "url" : "http://pecl.php.net/package-changelog.php?package=APC&release=3.1.4" - }, - { - "name" : "RHSA-2012:0811", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0811.html" - }, - { - "name" : "ADV-2010-2406", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2406" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in apc.php in the Alternative PHP Cache (APC) extension before 3.1.4 for PHP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pecl.php.net/package-changelog.php?package=APC&release=3.1.4", + "refsource": "CONFIRM", + "url": "http://pecl.php.net/package-changelog.php?package=APC&release=3.1.4" + }, + { + "name": "ADV-2010-2406", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2406" + }, + { + "name": "[oss-security] 20100914 Re: CVE request: xss in pecl-apc before 3.1.4", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/14/6" + }, + { + "name": "RHSA-2012:0811", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0811.html" + }, + { + "name": "[oss-security] 20100914 CVE request: xss in pecl-apc before 3.1.4", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/14/1" + }, + { + "name": "[oss-security] 20100914 Re: CVE request: xss in pecl-apc before 3.1.4", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/14/8" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3474.json b/2010/3xxx/CVE-2010-3474.json index 00460c275d4..1b970367465 100644 --- a/2010/3xxx/CVE-2010-3474.json +++ b/2010/3xxx/CVE-2010-3474.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3474", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM DB2 9.7 before FP3 does not perform the expected drops or invalidations of dependent functions upon a loss of privileges by the functions' owners, which allows remote authenticated users to bypass intended access restrictions via calls to these functions, a different vulnerability than CVE-2009-3471." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3474", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21446455", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21446455" - }, - { - "name" : "IC68015", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68015" - }, - { - "name" : "43291", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43291" - }, - { - "name" : "68121", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/68121" - }, - { - "name" : "oval:org.mitre.oval:def:14669", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14669" - }, - { - "name" : "1024457", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024457" - }, - { - "name" : "41444", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41444" - }, - { - "name" : "ADV-2010-2425", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2425" - }, - { - "name" : "ibm-db2-public-security-bypass(61872)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61872" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM DB2 9.7 before FP3 does not perform the expected drops or invalidations of dependent functions upon a loss of privileges by the functions' owners, which allows remote authenticated users to bypass intended access restrictions via calls to these functions, a different vulnerability than CVE-2009-3471." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43291", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43291" + }, + { + "name": "oval:org.mitre.oval:def:14669", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14669" + }, + { + "name": "ibm-db2-public-security-bypass(61872)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61872" + }, + { + "name": "IC68015", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68015" + }, + { + "name": "ADV-2010-2425", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2425" + }, + { + "name": "1024457", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024457" + }, + { + "name": "41444", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41444" + }, + { + "name": "68121", + "refsource": "OSVDB", + "url": "http://osvdb.org/68121" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21446455", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21446455" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4362.json b/2010/4xxx/CVE-2010-4362.json index 5f734b6a703..2f98543f35f 100644 --- a/2010/4xxx/CVE-2010-4362.json +++ b/2010/4xxx/CVE-2010-4362.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4362", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in MicroNetsoft RV Dealer Website allow remote attackers to execute arbitrary SQL commands via the (1) selStock parameter to search.asp and the (2) orderBy parameter to showAlllistings.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4362", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15629", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15629" - }, - { - "name" : "45089", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45089" - }, - { - "name" : "41319", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41319" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in MicroNetsoft RV Dealer Website allow remote attackers to execute arbitrary SQL commands via the (1) selStock parameter to search.asp and the (2) orderBy parameter to showAlllistings.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15629", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15629" + }, + { + "name": "45089", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45089" + }, + { + "name": "41319", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41319" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4473.json b/2010/4xxx/CVE-2010-4473.json index 93292180f99..d2c11d6a858 100644 --- a/2010/4xxx/CVE-2010-4473.json +++ b/2010/4xxx/CVE-2010-4473.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4473", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs, a different vulnerability than CVE-2010-4454 and CVE-2010-4462." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-4473", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" - }, - { - "name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html" - }, - { - "name" : "HPSBMU02797", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" - }, - { - "name" : "HPSBUX02777", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133728004526190&w=2" - }, - { - "name" : "SSRT100854", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133728004526190&w=2" - }, - { - "name" : "SSRT100867", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "RHSA-2011:0282", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0282.html" - }, - { - "name" : "RHSA-2011:0880", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0880.html" - }, - { - "name" : "SUSE-SA:2011:024", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html" - }, - { - "name" : "SUSE-SU-2011:0823", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html" - }, - { - "name" : "oval:org.mitre.oval:def:12952", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12952" - }, - { - "name" : "oval:org.mitre.oval:def:14119", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14119" - }, - { - "name" : "44954", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44954" - }, - { - "name" : "49198", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49198" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs, a different vulnerability than CVE-2010-4454 and CVE-2010-4462." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" + }, + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "SUSE-SU-2011:0823", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html" + }, + { + "name": "oval:org.mitre.oval:def:12952", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12952" + }, + { + "name": "44954", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44954" + }, + { + "name": "RHSA-2011:0880", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html" + }, + { + "name": "RHSA-2011:0282", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0282.html" + }, + { + "name": "SSRT100867", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" + }, + { + "name": "49198", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49198" + }, + { + "name": "oval:org.mitre.oval:def:14119", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14119" + }, + { + "name": "SUSE-SA:2011:024", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html" + }, + { + "name": "HPSBUX02777", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133728004526190&w=2" + }, + { + "name": "SSRT100854", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133728004526190&w=2" + }, + { + "name": "HPSBMU02797", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4610.json b/2010/4xxx/CVE-2010-4610.json index 223312477a0..aaadc1ab28f 100644 --- a/2010/4xxx/CVE-2010-4610.json +++ b/2010/4xxx/CVE-2010-4610.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4610", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to inject arbitrary web script or HTML via the error parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4610", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15800", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15800" - }, - { - "name" : "http://www.htbridge.ch/advisory/xss_in_html_edit_cms.html", - "refsource" : "MISC", - "url" : "http://www.htbridge.ch/advisory/xss_in_html_edit_cms.html" - }, - { - "name" : "42664", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42664" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to inject arbitrary web script or HTML via the error parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15800", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15800" + }, + { + "name": "http://www.htbridge.ch/advisory/xss_in_html_edit_cms.html", + "refsource": "MISC", + "url": "http://www.htbridge.ch/advisory/xss_in_html_edit_cms.html" + }, + { + "name": "42664", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42664" + } + ] + } +} \ No newline at end of file diff --git a/2014/10xxx/CVE-2014-10029.json b/2014/10xxx/CVE-2014-10029.json index 606556f1715..da543891443 100644 --- a/2014/10xxx/CVE-2014-10029.json +++ b/2014/10xxx/CVE-2014-10029.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-10029", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in profile.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to execute arbitrary SQL commands via the req_new_email parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-10029", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141121 FluxBB <= 1.5.6 SQL Injection", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Nov/73" - }, - { - "name" : "http://packetstormsecurity.com/files/129225/FluxBB-1.5.6-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129225/FluxBB-1.5.6-SQL-Injection.html" - }, - { - "name" : "http://fluxbb.org/forums/viewtopic.php?id=8001", - "refsource" : "CONFIRM", - "url" : "http://fluxbb.org/forums/viewtopic.php?id=8001" - }, - { - "name" : "https://fluxbb.org/development/core/tickets/990/", - "refsource" : "CONFIRM", - "url" : "https://fluxbb.org/development/core/tickets/990/" - }, - { - "name" : "59038", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59038" - }, - { - "name" : "fluxbb-profile-sql-injection(98890)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98890" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in profile.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to execute arbitrary SQL commands via the req_new_email parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://fluxbb.org/forums/viewtopic.php?id=8001", + "refsource": "CONFIRM", + "url": "http://fluxbb.org/forums/viewtopic.php?id=8001" + }, + { + "name": "http://packetstormsecurity.com/files/129225/FluxBB-1.5.6-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129225/FluxBB-1.5.6-SQL-Injection.html" + }, + { + "name": "59038", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59038" + }, + { + "name": "20141121 FluxBB <= 1.5.6 SQL Injection", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Nov/73" + }, + { + "name": "fluxbb-profile-sql-injection(98890)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98890" + }, + { + "name": "https://fluxbb.org/development/core/tickets/990/", + "refsource": "CONFIRM", + "url": "https://fluxbb.org/development/core/tickets/990/" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3322.json b/2014/3xxx/CVE-2014-3322.json index 7dc2cc8ed19..9ef679a1c61 100644 --- a/2014/3xxx/CVE-2014-3322.json +++ b/2014/3xxx/CVE-2014-3322.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3322", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of IP packets, which allows remote attackers to cause a denial of service (chip and card hangs) via malformed (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCuo68417." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3322", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35009", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35009" - }, - { - "name" : "20140722 Cisco IOS XR Software NetFlow Processing Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3322" - }, - { - "name" : "68833", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68833" - }, - { - "name" : "1030623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030623" - }, - { - "name" : "60311", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60311" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of IP packets, which allows remote attackers to cause a denial of service (chip and card hangs) via malformed (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCuo68417." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "60311", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60311" + }, + { + "name": "1030623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030623" + }, + { + "name": "20140722 Cisco IOS XR Software NetFlow Processing Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3322" + }, + { + "name": "68833", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68833" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35009", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35009" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3712.json b/2014/3xxx/CVE-2014-3712.json index 5247cba4623..0770766520b 100644 --- a/2014/3xxx/CVE-2014-3712.json +++ b/2014/3xxx/CVE-2014-3712.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3712", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Katello allows remote attackers to cause a denial of service (memory consumption) via the (1) mode parameter in the setup_utils function in content_search_controller.rb or (2) action parameter in the respond function in api/api_controller.rb in app/controllers/katello/, which is passed to the to_sym method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3712", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141022 CVE-2014-3712 Katello: user parameters passed to to_sym", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q4/419" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1155708", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1155708" - }, - { - "name" : "70707", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70707" - }, - { - "name" : "katello-cve20143712-dos(97724)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97724" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Katello allows remote attackers to cause a denial of service (memory consumption) via the (1) mode parameter in the setup_utils function in content_search_controller.rb or (2) action parameter in the respond function in api/api_controller.rb in app/controllers/katello/, which is passed to the to_sym method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70707", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70707" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1155708", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1155708" + }, + { + "name": "katello-cve20143712-dos(97724)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97724" + }, + { + "name": "[oss-security] 20141022 CVE-2014-3712 Katello: user parameters passed to to_sym", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q4/419" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4040.json b/2014/4xxx/CVE-2014-4040.json index 517cc50822e..0d9b4ab97ab 100644 --- a/2014/4xxx/CVE-2014-4040.json +++ b/2014/4xxx/CVE-2014-4040.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4040", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "snap in powerpc-utils 1.2.20 produces an archive with fstab and yaboot.conf files potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4040", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140617 Re: CVE request: multiple /tmp races in ppc64-diag", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/06/17/1" - }, - { - "name" : "RHSA-2015:0384", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0384.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "snap in powerpc-utils 1.2.20 produces an archive with fstab and yaboot.conf files potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140617 Re: CVE request: multiple /tmp races in ppc64-diag", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/06/17/1" + }, + { + "name": "RHSA-2015:0384", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0384.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4505.json b/2014/4xxx/CVE-2014-4505.json index 2081926c32a..b66dd2a5616 100644 --- a/2014/4xxx/CVE-2014-4505.json +++ b/2014/4xxx/CVE-2014-4505.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4505", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Easy Breadcrumb module 7.x-2.x before 7.x-2.10 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4505", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.drupal.org/node/2288353", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2288353" - }, - { - "name" : "https://www.drupal.org/node/2286121", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2286121" - }, - { - "name" : "68106", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68106" - }, - { - "name" : "59379", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59379" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Easy Breadcrumb module 7.x-2.x before 7.x-2.10 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/node/2286121", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2286121" + }, + { + "name": "59379", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59379" + }, + { + "name": "https://www.drupal.org/node/2288353", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2288353" + }, + { + "name": "68106", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68106" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4726.json b/2014/4xxx/CVE-2014-4726.json index 325160eadb5..91fa53477f1 100644 --- a/2014/4xxx/CVE-2014-4726.json +++ b/2014/4xxx/CVE-2014-4726.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4726", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.8 for WordPress has unspecified impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4726", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140708 Re: CVE request: WordPress plugin wysija-newsletters remote file upload", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/07/08/7" - }, - { - "name" : "https://wordpress.org/plugins/wysija-newsletters/changelog/", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/wysija-newsletters/changelog/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.8 for WordPress has unspecified impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/wysija-newsletters/changelog/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/wysija-newsletters/changelog/" + }, + { + "name": "[oss-security] 20140708 Re: CVE request: WordPress plugin wysija-newsletters remote file upload", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/07/08/7" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8030.json b/2014/8xxx/CVE-2014-8030.json index 170b746abdc..1cbadf5c939 100644 --- a/2014/8xxx/CVE-2014-8030.json +++ b/2014/8xxx/CVE-2014-8030.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8030", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in sendPwMail.do in Cisco WebEx Meetings Server allows remote attackers to inject arbitrary web script or HTML via the email parameter, aka Bug ID CSCuj40381." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-8030", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150108 Cisco WebEx Meetings Server Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8030" - }, - { - "name" : "71945", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71945" - }, - { - "name" : "1031517", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031517" - }, - { - "name" : "62163", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62163" - }, - { - "name" : "cisco-webex-cve20148030-xss(100574)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100574" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in sendPwMail.do in Cisco WebEx Meetings Server allows remote attackers to inject arbitrary web script or HTML via the email parameter, aka Bug ID CSCuj40381." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-webex-cve20148030-xss(100574)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100574" + }, + { + "name": "1031517", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031517" + }, + { + "name": "62163", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62163" + }, + { + "name": "20150108 Cisco WebEx Meetings Server Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8030" + }, + { + "name": "71945", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71945" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8174.json b/2014/8xxx/CVE-2014-8174.json index 277e86a0119..6bf568f85f7 100644 --- a/2014/8xxx/CVE-2014-8174.json +++ b/2014/8xxx/CVE-2014-8174.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8174", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "eDeploy makes it easier for remote attackers to execute arbitrary code by leveraging use of HTTP to download files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-8174", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/redhat-cip/edeploy/issues/230", - "refsource" : "MISC", - "url" : "https://github.com/redhat-cip/edeploy/issues/230" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1202972", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1202972" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "eDeploy makes it easier for remote attackers to execute arbitrary code by leveraging use of HTTP to download files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/redhat-cip/edeploy/issues/230", + "refsource": "MISC", + "url": "https://github.com/redhat-cip/edeploy/issues/230" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1202972", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202972" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8562.json b/2014/8xxx/CVE-2014-8562.json index 30709699e51..5dcc7132fc3 100644 --- a/2014/8xxx/CVE-2014-8562.json +++ b/2014/8xxx/CVE-2014-8562.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8562", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DCM decode in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8562", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://int21.de/cve/CVE-2014-8562-ImageMagick-dcm-oob-heap-overflow.html", - "refsource" : "MISC", - "url" : "https://int21.de/cve/CVE-2014-8562-ImageMagick-dcm-oob-heap-overflow.html" - }, - { - "name" : "https://packetstormsecurity.com/files/128944/ImageMagick-Out-Of-Bounds-Read-Heap-Overflow.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/128944/ImageMagick-Out-Of-Bounds-Read-Heap-Overflow.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1159362", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1159362" - }, - { - "name" : "70837", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70837" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DCM decode in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70837", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70837" + }, + { + "name": "https://int21.de/cve/CVE-2014-8562-ImageMagick-dcm-oob-heap-overflow.html", + "refsource": "MISC", + "url": "https://int21.de/cve/CVE-2014-8562-ImageMagick-dcm-oob-heap-overflow.html" + }, + { + "name": "https://packetstormsecurity.com/files/128944/ImageMagick-Out-Of-Bounds-Read-Heap-Overflow.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/128944/ImageMagick-Out-Of-Bounds-Read-Heap-Overflow.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1159362", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1159362" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8576.json b/2014/8xxx/CVE-2014-8576.json index 79facc659c5..11732f17554 100644 --- a/2014/8xxx/CVE-2014-8576.json +++ b/2014/8xxx/CVE-2014-8576.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8576", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8576", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8890.json b/2014/8xxx/CVE-2014-8890.json index 143c21d4b6e..492619b8002 100644 --- a/2014/8xxx/CVE-2014-8890.json +++ b/2014/8xxx/CVE-2014-8890.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8890", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4 allows remote attackers to gain privileges by leveraging the combination of a servlet's deployment descriptor security constraints and ServletSecurity annotations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-8890", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21690185", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21690185" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21963275", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21963275" - }, - { - "name" : "PI29911", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI29911" - }, - { - "name" : "71834", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71834" - }, - { - "name" : "1033384", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033384" - }, - { - "name" : "ibm-websphere-cve20148890-priv-escalation(99009)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99009" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4 allows remote attackers to gain privileges by leveraging the combination of a servlet's deployment descriptor security constraints and ServletSecurity annotations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21963275", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963275" + }, + { + "name": "1033384", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033384" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21690185", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690185" + }, + { + "name": "PI29911", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI29911" + }, + { + "name": "71834", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71834" + }, + { + "name": "ibm-websphere-cve20148890-priv-escalation(99009)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99009" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9967.json b/2014/9xxx/CVE-2014-9967.json index 8d1cc2fb779..86c51cd63d1 100644 --- a/2014/9xxx/CVE-2014-9967.json +++ b/2014/9xxx/CVE-2014-9967.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2014-9967", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "All Qualcomm products", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted Pointer Dereference Vulnerability in TrustZone" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2014-9967", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All Qualcomm products", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-06-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-06-01" - }, - { - "name" : "98874", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98874" - }, - { - "name" : "1038623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted Pointer Dereference Vulnerability in TrustZone" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-06-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-06-01" + }, + { + "name": "98874", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98874" + }, + { + "name": "1038623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038623" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2116.json b/2016/2xxx/CVE-2016-2116.json index 5d3bd5c657a..6bd09f34363 100644 --- a/2016/2xxx/CVE-2016-2116.json +++ b/2016/2xxx/CVE-2016-2116.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-2116", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-2116", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160303 Security issues in JasPer (CVE-2016-1577 and CVE-2016-2116)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/03/03/12" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/jasper/+bug/1547865", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/jasper/+bug/1547865" - }, - { - "name" : "DSA-3508", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3508" - }, - { - "name" : "RHSA-2017:1208", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1208" - }, - { - "name" : "USN-2919-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2919-1" - }, - { - "name" : "84133", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84133" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3508", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3508" + }, + { + "name": "[oss-security] 20160303 Security issues in JasPer (CVE-2016-1577 and CVE-2016-2116)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/03/03/12" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/jasper/+bug/1547865", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/jasper/+bug/1547865" + }, + { + "name": "USN-2919-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2919-1" + }, + { + "name": "RHSA-2017:1208", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1208" + }, + { + "name": "84133", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84133" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2977.json b/2016/2xxx/CVE-2016-2977.json index 54d3bdb837f..dffcbc95360 100644 --- a/2016/2xxx/CVE-2016-2977.json +++ b/2016/2xxx/CVE-2016-2977.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-08-23T00:00:00", - "ID" : "CVE-2016-2977", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Sametime", - "version" : { - "version_data" : [ - { - "version_value" : "8.5.2" - }, - { - "version_value" : "8.5.2.1" - }, - { - "version_value" : "9.0" - }, - { - "version_value" : "9.0.0.1" - }, - { - "version_value" : "9.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a malicious user to lower other users hands in the meeting. IBM X-Force ID: 113937." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Other" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-08-23T00:00:00", + "ID": "CVE-2016-2977", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sametime", + "version": { + "version_data": [ + { + "version_value": "8.5.2" + }, + { + "version_value": "8.5.2.1" + }, + { + "version_value": "9.0" + }, + { + "version_value": "9.0.0.1" + }, + { + "version_value": "9.0.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/113937", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/113937" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22006439", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22006439" - }, - { - "name" : "100599", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100599" - }, - { - "name" : "1039231", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039231" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a malicious user to lower other users hands in the meeting. IBM X-Force ID: 113937." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100599", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100599" + }, + { + "name": "1039231", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039231" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22006439", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22006439" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113937", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113937" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2986.json b/2016/2xxx/CVE-2016-2986.json index 5b7f236b3f1..24fb5a92a47 100644 --- a/2016/2xxx/CVE-2016-2986.json +++ b/2016/2xxx/CVE-2016-2986.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2986", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 6.x before 6.0.1 iFix6, Rational Quality Manager 6.x before 6.0.1 iFix6, Rational Team Concert 6.x before 6.0.1 iFix6, Rational DOORS Next Generation 6.x before 6.0.1 iFix6, Rational Engineering Lifecycle Manager 6.x before 6.0.1 iFix6, and Rational Rhapsody Design Manager 6.x before 6.0.1 iFix6 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-2986", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21989940", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21989940" - }, - { - "name" : "92869", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92869" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 6.x before 6.0.1 iFix6, Rational Quality Manager 6.x before 6.0.1 iFix6, Rational Team Concert 6.x before 6.0.1 iFix6, Rational DOORS Next Generation 6.x before 6.0.1 iFix6, Rational Engineering Lifecycle Manager 6.x before 6.0.1 iFix6, and Rational Rhapsody Design Manager 6.x before 6.0.1 iFix6 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21989940", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989940" + }, + { + "name": "92869", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92869" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3154.json b/2016/3xxx/CVE-2016-3154.json index 0be49f47a67..50a80db80bc 100644 --- a/2016/3xxx/CVE-2016-3154.json +++ b/2016/3xxx/CVE-2016-3154.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3154", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3154", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-1-SPIP-3-0-22-et-SPIP-2-1.html?lang=fr", - "refsource" : "CONFIRM", - "url" : "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-1-SPIP-3-0-22-et-SPIP-2-1.html?lang=fr" - }, - { - "name" : "https://core.spip.net/projects/spip/repository/revisions/22903", - "refsource" : "CONFIRM", - "url" : "https://core.spip.net/projects/spip/repository/revisions/22903" - }, - { - "name" : "DSA-3518", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3518" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-1-SPIP-3-0-22-et-SPIP-2-1.html?lang=fr", + "refsource": "CONFIRM", + "url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-1-SPIP-3-0-22-et-SPIP-2-1.html?lang=fr" + }, + { + "name": "DSA-3518", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3518" + }, + { + "name": "https://core.spip.net/projects/spip/repository/revisions/22903", + "refsource": "CONFIRM", + "url": "https://core.spip.net/projects/spip/repository/revisions/22903" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3217.json b/2016/3xxx/CVE-2016-3217.json index a6a70b78ee2..4d597a1132b 100644 --- a/2016/3xxx/CVE-2016-3217.json +++ b/2016/3xxx/CVE-2016-3217.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3217", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-3217", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3290.json b/2016/3xxx/CVE-2016-3290.json index ad5d8e4fe42..1b90815d731 100644 --- a/2016/3xxx/CVE-2016-3290.json +++ b/2016/3xxx/CVE-2016-3290.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3290", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-3288." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3290", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-095", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-095" - }, - { - "name" : "92322", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92322" - }, - { - "name" : "1036562", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036562" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-3288." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92322", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92322" + }, + { + "name": "MS16-095", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-095" + }, + { + "name": "1036562", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036562" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3754.json b/2016/3xxx/CVE-2016-3754.json index 801234caa7c..8ea3ebd1b7e 100644 --- a/2016/3xxx/CVE-2016-3754.json +++ b/2016/3xxx/CVE-2016-3754.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3754", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not limit process-memory usage, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28615448." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3754", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-07-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-07-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/frameworks/av/+/6fdee2a83432b3b150d6a34f231c4e2f7353c01e", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/av/+/6fdee2a83432b3b150d6a34f231c4e2f7353c01e" - }, - { - "name" : "https://android.googlesource.com/platform/frameworks/av/+/e7142a0703bc93f75e213e96ebc19000022afed9", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/av/+/e7142a0703bc93f75e213e96ebc19000022afed9" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not limit process-memory usage, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28615448." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://android.googlesource.com/platform/frameworks/av/+/e7142a0703bc93f75e213e96ebc19000022afed9", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/av/+/e7142a0703bc93f75e213e96ebc19000022afed9" + }, + { + "name": "http://source.android.com/security/bulletin/2016-07-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-07-01.html" + }, + { + "name": "https://android.googlesource.com/platform/frameworks/av/+/6fdee2a83432b3b150d6a34f231c4e2f7353c01e", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/av/+/6fdee2a83432b3b150d6a34f231c4e2f7353c01e" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3876.json b/2016/3xxx/CVE-2016-3876.json index 16092d19a57..001693276f9 100644 --- a/2016/3xxx/CVE-2016-3876.json +++ b/2016/3xxx/CVE-2016-3876.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3876", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "providers/settings/SettingsProvider.java in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the SAFE_BOOT_DISALLOWED protection mechanism and boot to safe mode via the Android Debug Bridge (adb) tool, aka internal bug 29900345." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3876", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-09-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-09-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/frameworks/base/+/91fc934bb2e5ea59929bb2f574de6db9b5100745", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/base/+/91fc934bb2e5ea59929bb2f574de6db9b5100745" - }, - { - "name" : "92819", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92819" - }, - { - "name" : "1036763", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036763" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "providers/settings/SettingsProvider.java in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the SAFE_BOOT_DISALLOWED protection mechanism and boot to safe mode via the Android Debug Bridge (adb) tool, aka internal bug 29900345." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://android.googlesource.com/platform/frameworks/base/+/91fc934bb2e5ea59929bb2f574de6db9b5100745", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/base/+/91fc934bb2e5ea59929bb2f574de6db9b5100745" + }, + { + "name": "http://source.android.com/security/bulletin/2016-09-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-09-01.html" + }, + { + "name": "1036763", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036763" + }, + { + "name": "92819", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92819" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6242.json b/2016/6xxx/CVE-2016-6242.json index 13649f071c0..f7145bdd54f 100644 --- a/2016/6xxx/CVE-2016-6242.json +++ b/2016/6xxx/CVE-2016-6242.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6242", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (assertion failure and kernel panic) via a large ident value in a kevent system call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160714 Multiple Bugs in OpenBSD Kernel", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/14/5" - }, - { - "name" : "[oss-security] 20160717 ReL Multiple Bugs in OpenBSD Kernel", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/17/7" - }, - { - "name" : "http://www.openbsd.org/errata58.html", - "refsource" : "CONFIRM", - "url" : "http://www.openbsd.org/errata58.html" - }, - { - "name" : "http://www.openbsd.org/errata59.html", - "refsource" : "CONFIRM", - "url" : "http://www.openbsd.org/errata59.html" - }, - { - "name" : "91805", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91805" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (assertion failure and kernel panic) via a large ident value in a kevent system call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.openbsd.org/errata59.html", + "refsource": "CONFIRM", + "url": "http://www.openbsd.org/errata59.html" + }, + { + "name": "[oss-security] 20160714 Multiple Bugs in OpenBSD Kernel", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/14/5" + }, + { + "name": "[oss-security] 20160717 ReL Multiple Bugs in OpenBSD Kernel", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/17/7" + }, + { + "name": "http://www.openbsd.org/errata58.html", + "refsource": "CONFIRM", + "url": "http://www.openbsd.org/errata58.html" + }, + { + "name": "91805", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91805" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6246.json b/2016/6xxx/CVE-2016-6246.json index ee79ac34315..8098031d8f1 100644 --- a/2016/6xxx/CVE-2016-6246.json +++ b/2016/6xxx/CVE-2016-6246.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6246", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenBSD 5.8 and 5.9 allows certain local users with kern.usermount privileges to cause a denial of service (kernel panic) by mounting a tmpfs with a VNOVAL in the (1) username, (2) groupname, or (3) device name of the root node." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6246", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160714 Multiple Bugs in OpenBSD Kernel", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/14/5" - }, - { - "name" : "[oss-security] 20160717 ReL Multiple Bugs in OpenBSD Kernel", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/17/7" - }, - { - "name" : "http://www.openbsd.org/errata58.html", - "refsource" : "CONFIRM", - "url" : "http://www.openbsd.org/errata58.html" - }, - { - "name" : "http://www.openbsd.org/errata59.html", - "refsource" : "CONFIRM", - "url" : "http://www.openbsd.org/errata59.html" - }, - { - "name" : "91805", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91805" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenBSD 5.8 and 5.9 allows certain local users with kern.usermount privileges to cause a denial of service (kernel panic) by mounting a tmpfs with a VNOVAL in the (1) username, (2) groupname, or (3) device name of the root node." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.openbsd.org/errata59.html", + "refsource": "CONFIRM", + "url": "http://www.openbsd.org/errata59.html" + }, + { + "name": "[oss-security] 20160714 Multiple Bugs in OpenBSD Kernel", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/14/5" + }, + { + "name": "[oss-security] 20160717 ReL Multiple Bugs in OpenBSD Kernel", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/17/7" + }, + { + "name": "http://www.openbsd.org/errata58.html", + "refsource": "CONFIRM", + "url": "http://www.openbsd.org/errata58.html" + }, + { + "name": "91805", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91805" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7874.json b/2016/7xxx/CVE-2016-7874.json index 8408e0b17b8..71d3d7306bf 100644 --- a/2016/7xxx/CVE-2016-7874.json +++ b/2016/7xxx/CVE-2016-7874.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2016-7874", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the NetConnection class when handling the proxy types. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory Corruption" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-7874", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier", + "version": { + "version_data": [ + { + "version_value": "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html" - }, - { - "name" : "GLSA-201701-17", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-17" - }, - { - "name" : "MS16-154", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154" - }, - { - "name" : "RHSA-2016:2947", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2947.html" - }, - { - "name" : "SUSE-SU-2016:3148", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html" - }, - { - "name" : "openSUSE-SU-2016:3160", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html" - }, - { - "name" : "94866", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94866" - }, - { - "name" : "1037442", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037442" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the NetConnection class when handling the proxy types. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2016:3148", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html" + }, + { + "name": "MS16-154", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154" + }, + { + "name": "GLSA-201701-17", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-17" + }, + { + "name": "1037442", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037442" + }, + { + "name": "94866", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94866" + }, + { + "name": "RHSA-2016:2947", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2947.html" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html" + }, + { + "name": "openSUSE-SU-2016:3160", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7935.json b/2016/7xxx/CVE-2016-7935.json index e16fa83ad89..1f9ca469793 100644 --- a/2016/7xxx/CVE-2016-7935.json +++ b/2016/7xxx/CVE-2016-7935.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7935", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The RTP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtp_print()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7935", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html", - "refsource" : "CONFIRM", - "url" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html" - }, - { - "name" : "DSA-3775", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3775" - }, - { - "name" : "GLSA-201702-30", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-30" - }, - { - "name" : "RHSA-2017:1871", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1871" - }, - { - "name" : "95852", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95852" - }, - { - "name" : "1037755", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The RTP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtp_print()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037755", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037755" + }, + { + "name": "DSA-3775", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3775" + }, + { + "name": "RHSA-2017:1871", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1871" + }, + { + "name": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html", + "refsource": "CONFIRM", + "url": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html" + }, + { + "name": "95852", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95852" + }, + { + "name": "GLSA-201702-30", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-30" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7938.json b/2016/7xxx/CVE-2016-7938.json index 8bbbe19585c..72bce735729 100644 --- a/2016/7xxx/CVE-2016-7938.json +++ b/2016/7xxx/CVE-2016-7938.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7938", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in print-zeromq.c:zmtp1_print_frame()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7938", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html", - "refsource" : "CONFIRM", - "url" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html" - }, - { - "name" : "DSA-3775", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3775" - }, - { - "name" : "GLSA-201702-30", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-30" - }, - { - "name" : "RHSA-2017:1871", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1871" - }, - { - "name" : "95852", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95852" - }, - { - "name" : "1037755", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in print-zeromq.c:zmtp1_print_frame()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037755", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037755" + }, + { + "name": "DSA-3775", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3775" + }, + { + "name": "RHSA-2017:1871", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1871" + }, + { + "name": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html", + "refsource": "CONFIRM", + "url": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html" + }, + { + "name": "95852", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95852" + }, + { + "name": "GLSA-201702-30", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-30" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7941.json b/2016/7xxx/CVE-2016-7941.json index 5c273f0f91d..293532c17b7 100644 --- a/2016/7xxx/CVE-2016-7941.json +++ b/2016/7xxx/CVE-2016-7941.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7941", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7941", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file