From 2e915665328608bc4448d8c3d384758d913ade17 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 21:55:59 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/5xxx/CVE-2006-5102.json | 160 +++++++++--------- 2006/5xxx/CVE-2006-5146.json | 160 +++++++++--------- 2006/5xxx/CVE-2006-5320.json | 200 +++++++++++----------- 2006/5xxx/CVE-2006-5478.json | 280 +++++++++++++++---------------- 2006/5xxx/CVE-2006-5798.json | 150 ++++++++--------- 2007/2xxx/CVE-2007-2132.json | 190 ++++++++++----------- 2007/2xxx/CVE-2007-2222.json | 260 ++++++++++++++-------------- 2007/2xxx/CVE-2007-2382.json | 130 +++++++------- 2007/2xxx/CVE-2007-2494.json | 180 ++++++++++---------- 2007/2xxx/CVE-2007-2566.json | 150 ++++++++--------- 2007/2xxx/CVE-2007-2685.json | 170 +++++++++---------- 2007/2xxx/CVE-2007-2704.json | 170 +++++++++---------- 2007/3xxx/CVE-2007-3119.json | 170 +++++++++---------- 2007/3xxx/CVE-2007-3535.json | 160 +++++++++--------- 2007/3xxx/CVE-2007-3547.json | 160 +++++++++--------- 2007/3xxx/CVE-2007-3760.json | 240 +++++++++++++------------- 2007/6xxx/CVE-2007-6093.json | 150 ++++++++--------- 2010/0xxx/CVE-2010-0148.json | 180 ++++++++++---------- 2010/0xxx/CVE-2010-0606.json | 150 ++++++++--------- 2010/0xxx/CVE-2010-0818.json | 130 +++++++------- 2010/1xxx/CVE-2010-1178.json | 130 +++++++------- 2010/1xxx/CVE-2010-1183.json | 150 ++++++++--------- 2010/1xxx/CVE-2010-1227.json | 150 ++++++++--------- 2010/5xxx/CVE-2010-5064.json | 130 +++++++------- 2010/5xxx/CVE-2010-5130.json | 34 ++-- 2014/0xxx/CVE-2014-0257.json | 180 ++++++++++---------- 2014/100xxx/CVE-2014-100005.json | 150 ++++++++--------- 2014/1xxx/CVE-2014-1642.json | 220 ++++++++++++------------ 2014/1xxx/CVE-2014-1835.json | 130 +++++++------- 2014/1xxx/CVE-2014-1885.json | 140 ++++++++-------- 2014/1xxx/CVE-2014-1941.json | 34 ++-- 2014/4xxx/CVE-2014-4043.json | 210 +++++++++++------------ 2014/4xxx/CVE-2014-4593.json | 120 ++++++------- 2014/4xxx/CVE-2014-4704.json | 34 ++-- 2014/5xxx/CVE-2014-5443.json | 160 +++++++++--------- 2014/5xxx/CVE-2014-5694.json | 140 ++++++++-------- 2014/5xxx/CVE-2014-5759.json | 140 ++++++++-------- 2014/5xxx/CVE-2014-5927.json | 140 ++++++++-------- 2014/5xxx/CVE-2014-5953.json | 140 ++++++++-------- 2016/10xxx/CVE-2016-10249.json | 160 +++++++++--------- 2016/10xxx/CVE-2016-10337.json | 140 ++++++++-------- 2016/10xxx/CVE-2016-10448.json | 132 +++++++-------- 2016/10xxx/CVE-2016-10512.json | 120 ++++++------- 2016/10xxx/CVE-2016-10667.json | 122 +++++++------- 2016/3xxx/CVE-2016-3006.json | 140 ++++++++-------- 2016/3xxx/CVE-2016-3734.json | 160 +++++++++--------- 2016/3xxx/CVE-2016-3771.json | 120 ++++++------- 2016/8xxx/CVE-2016-8401.json | 136 +++++++-------- 2016/8xxx/CVE-2016-8743.json | 272 +++++++++++++++--------------- 2016/9xxx/CVE-2016-9642.json | 150 ++++++++--------- 2016/9xxx/CVE-2016-9791.json | 34 ++-- 2016/9xxx/CVE-2016-9933.json | 260 ++++++++++++++-------------- 2019/2xxx/CVE-2019-2568.json | 34 ++-- 2019/2xxx/CVE-2019-2844.json | 34 ++-- 2019/2xxx/CVE-2019-2858.json | 34 ++-- 2019/2xxx/CVE-2019-2942.json | 34 ++-- 2019/6xxx/CVE-2019-6354.json | 34 ++-- 2019/6xxx/CVE-2019-6384.json | 34 ++-- 2019/6xxx/CVE-2019-6754.json | 34 ++-- 2019/6xxx/CVE-2019-6862.json | 34 ++-- 2019/6xxx/CVE-2019-6986.json | 130 +++++++------- 61 files changed, 4210 insertions(+), 4210 deletions(-) diff --git a/2006/5xxx/CVE-2006-5102.json b/2006/5xxx/CVE-2006-5102.json index 705f4d20268..c097c1dffef 100644 --- a/2006/5xxx/CVE-2006-5102.json +++ b/2006/5xxx/CVE-2006-5102.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5102", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in include/editfunc.inc.php in Sebastian Baumann and Philipp Wolfer Newswriter SW 1.42 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the NWCONF_SYSTEM[server_path] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5102", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2439", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2439" - }, - { - "name" : "20237", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20237" - }, - { - "name" : "ADV-2006-3816", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3816" - }, - { - "name" : "37965", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37965" - }, - { - "name" : "newswritersw-editfunc-file-include(29200)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29200" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in include/editfunc.inc.php in Sebastian Baumann and Philipp Wolfer Newswriter SW 1.42 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the NWCONF_SYSTEM[server_path] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3816", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3816" + }, + { + "name": "37965", + "refsource": "OSVDB", + "url": "http://osvdb.org/37965" + }, + { + "name": "newswritersw-editfunc-file-include(29200)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29200" + }, + { + "name": "20237", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20237" + }, + { + "name": "2439", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2439" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5146.json b/2006/5xxx/CVE-2006-5146.json index 8500ab6bc75..de2fb67d577 100644 --- a/2006/5xxx/CVE-2006-5146.json +++ b/2006/5xxx/CVE-2006-5146.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5146", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Yblog allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) funk.php, or the (2) action parameter in (b) tem.php and (c) uss.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5146", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060930 Yblog => Cross Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447427/100/0/threaded" - }, - { - "name" : "20061002 yblog: distributable product", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2006-October/001065.html" - }, - { - "name" : "20280", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20280" - }, - { - "name" : "1679", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1679" - }, - { - "name" : "yblog-multiple-xss(29291)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29291" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Yblog allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) funk.php, or the (2) action parameter in (b) tem.php and (c) uss.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1679", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1679" + }, + { + "name": "20060930 Yblog => Cross Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447427/100/0/threaded" + }, + { + "name": "20061002 yblog: distributable product", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2006-October/001065.html" + }, + { + "name": "20280", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20280" + }, + { + "name": "yblog-multiple-xss(29291)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29291" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5320.json b/2006/5xxx/CVE-2006-5320.json index dd1bbc53a56..c9243aabd4a 100644 --- a/2006/5xxx/CVE-2006-5320.json +++ b/2006/5xxx/CVE-2006-5320.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5320", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in getimg.php in Album Photo Sans Nom 1.6 allows remote attackers to read arbitrary files via the img parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5320", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061007 7 php scripts File Inclusion / Source disclosure Vuln", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/448096/100/0/threaded" - }, - { - "name" : "http://acid-root.new.fr/poc/13061007.txt", - "refsource" : "MISC", - "url" : "http://acid-root.new.fr/poc/13061007.txt" - }, - { - "name" : "2507", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2507" - }, - { - "name" : "20061220 Provable vendor ACK for Album Photo Sans Nom traversal issue", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2006-December/001193.html" - }, - { - "name" : "20441", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20441" - }, - { - "name" : "ADV-2006-4008", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4008" - }, - { - "name" : "29673", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29673" - }, - { - "name" : "22375", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22375" - }, - { - "name" : "album-photo-getimg-file-include(29473)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29473" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in getimg.php in Album Photo Sans Nom 1.6 allows remote attackers to read arbitrary files via the img parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29673", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29673" + }, + { + "name": "22375", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22375" + }, + { + "name": "ADV-2006-4008", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4008" + }, + { + "name": "2507", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2507" + }, + { + "name": "http://acid-root.new.fr/poc/13061007.txt", + "refsource": "MISC", + "url": "http://acid-root.new.fr/poc/13061007.txt" + }, + { + "name": "20061220 Provable vendor ACK for Album Photo Sans Nom traversal issue", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2006-December/001193.html" + }, + { + "name": "album-photo-getimg-file-include(29473)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29473" + }, + { + "name": "20061007 7 php scripts File Inclusion / Source disclosure Vuln", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/448096/100/0/threaded" + }, + { + "name": "20441", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20441" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5478.json b/2006/5xxx/CVE-2006-5478.json index 65574b78558..c74ee4f9ea2 100644 --- a/2006/5xxx/CVE-2006-5478.json +++ b/2006/5xxx/CVE-2006-5478.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5478", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in Novell eDirectory 8.8.x before 8.8.1 FTF1, and 8.x up to 8.7.3.8, and Novell NetMail before 3.52e FTF2, allow remote attackers to execute arbitrary code via (1) a long HTTP Host header, which triggers an overflow in the BuildRedirectURL function; or vectors related to a username containing a . (dot) character in the (2) SMTP, (3) POP, (4) IMAP, (5) HTTP, or (6) Networked Messaging Application Protocol (NMAP) Netmail services." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5478", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061026 ZDI-06-035: Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/449899/100/0/threaded" - }, - { - "name" : "20061028 Re: [Full-disclosure] ZDI-06-035: Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/450017/100/0/threaded" - }, - { - "name" : "20061103 ZDI-06-036: Novell Netmail User Authentication Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/450520/100/100/threaded" - }, - { - "name" : "20061028 ZDI-06-035: Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050382.html" - }, - { - "name" : "20061028 ZDI-06-035: Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050388.html" - }, - { - "name" : "http://www.mnin.org/advisories/2006_novell_httpstk.pdf", - "refsource" : "MISC", - "url" : "http://www.mnin.org/advisories/2006_novell_httpstk.pdf" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-06-035.html", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-06-035.html" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-06-036.html", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-06-036.html" - }, - { - "name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974600.htm", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974600.htm" - }, - { - "name" : "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=3723994&sliceId=SAL_Public&dialogID=16776123&stateId=1%200%202648401", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=3723994&sliceId=SAL_Public&dialogID=16776123&stateId=1%200%202648401" - }, - { - "name" : "https://secure-support.novell.com/KanisaPlatform/Publishing/134/3096026_f.SAL_Public.html", - "refsource" : "CONFIRM", - "url" : "https://secure-support.novell.com/KanisaPlatform/Publishing/134/3096026_f.SAL_Public.html" - }, - { - "name" : "20655", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20655" - }, - { - "name" : "20853", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20853" - }, - { - "name" : "ADV-2006-4141", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4141" - }, - { - "name" : "1017125", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017125" - }, - { - "name" : "1017141", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017141" - }, - { - "name" : "22519", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22519" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in Novell eDirectory 8.8.x before 8.8.1 FTF1, and 8.x up to 8.7.3.8, and Novell NetMail before 3.52e FTF2, allow remote attackers to execute arbitrary code via (1) a long HTTP Host header, which triggers an overflow in the BuildRedirectURL function; or vectors related to a username containing a . (dot) character in the (2) SMTP, (3) POP, (4) IMAP, (5) HTTP, or (6) Networked Messaging Application Protocol (NMAP) Netmail services." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061028 ZDI-06-035: Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050388.html" + }, + { + "name": "20655", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20655" + }, + { + "name": "20061026 ZDI-06-035: Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/449899/100/0/threaded" + }, + { + "name": "http://www.mnin.org/advisories/2006_novell_httpstk.pdf", + "refsource": "MISC", + "url": "http://www.mnin.org/advisories/2006_novell_httpstk.pdf" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-06-036.html", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-036.html" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-06-035.html", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-035.html" + }, + { + "name": "https://secure-support.novell.com/KanisaPlatform/Publishing/134/3096026_f.SAL_Public.html", + "refsource": "CONFIRM", + "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/134/3096026_f.SAL_Public.html" + }, + { + "name": "1017141", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017141" + }, + { + "name": "1017125", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017125" + }, + { + "name": "20061028 ZDI-06-035: Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050382.html" + }, + { + "name": "20061103 ZDI-06-036: Novell Netmail User Authentication Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/450520/100/100/threaded" + }, + { + "name": "20061028 Re: [Full-disclosure] ZDI-06-035: Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/450017/100/0/threaded" + }, + { + "name": "ADV-2006-4141", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4141" + }, + { + "name": "20853", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20853" + }, + { + "name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974600.htm", + "refsource": "CONFIRM", + "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974600.htm" + }, + { + "name": "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=3723994&sliceId=SAL_Public&dialogID=16776123&stateId=1%200%202648401", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=3723994&sliceId=SAL_Public&dialogID=16776123&stateId=1%200%202648401" + }, + { + "name": "22519", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22519" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5798.json b/2006/5xxx/CVE-2006-5798.json index b5ba7653a32..4b11d44d063 100644 --- a/2006/5xxx/CVE-2006-5798.json +++ b/2006/5xxx/CVE-2006-5798.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5798", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in default.asp in Xenis.creator CMS allows remote attackers to execute arbitrary SQL commands via the contid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5798", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061104 Re: MajorSecurity Advisory #31]Xenis.creator CMS - Multiple Cross", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=116267021732120&w=2" - }, - { - "name" : "20908", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20908" - }, - { - "name" : "1017162", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017162" - }, - { - "name" : "xeniscreatorcms-default-sql-injection(30017)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30017" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in default.asp in Xenis.creator CMS allows remote attackers to execute arbitrary SQL commands via the contid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20908", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20908" + }, + { + "name": "xeniscreatorcms-default-sql-injection(30017)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30017" + }, + { + "name": "20061104 Re: MajorSecurity Advisory #31]Xenis.creator CMS - Multiple Cross", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=116267021732120&w=2" + }, + { + "name": "1017162", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017162" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2132.json b/2007/2xxx/CVE-2007-2132.json index 8ca6d78c8ae..461b1ef9bb3 100644 --- a/2007/2xxx/CVE-2007-2132.json +++ b/2007/2xxx/CVE-2007-2132.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2132", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise 8.47.12 and 8.48.08 has unknown impact and attack vectors, aka PSE02." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2132", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/466329/100/200/threaded" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/466329/100/200/threaded" - }, - { - "name" : "TA07-108A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-108A.html" - }, - { - "name" : "23532", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23532" - }, - { - "name" : "ADV-2007-1426", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1426" - }, - { - "name" : "1017927", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017927" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise 8.47.12 and 8.48.08 has unknown impact and attack vectors, aka PSE02." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA07-108A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-108A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html" + }, + { + "name": "23532", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23532" + }, + { + "name": "1017927", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017927" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/466329/100/200/threaded" + }, + { + "name": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/466329/100/200/threaded" + }, + { + "name": "ADV-2007-1426", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1426" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2222.json b/2007/2xxx/CVE-2007-2222.json index 85efa9eba11..886d6987d93 100644 --- a/2007/2xxx/CVE-2007-2222.json +++ b/2007/2xxx/CVE-2007-2222.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2007-2222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4065", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/4065" - }, - { - "name" : "http://retrogod.altervista.org/win_speech_2k_sp4.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/win_speech_2k_sp4.html" - }, - { - "name" : "http://retrogod.altervista.org/win_speech_xp_sp2.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/win_speech_xp_sp2.html" - }, - { - "name" : "HPSBST02231", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/471947/100/0/threaded" - }, - { - "name" : "SSRT071438", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/471947/100/0/threaded" - }, - { - "name" : "MS07-033", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033" - }, - { - "name" : "TA07-163A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-163A.html" - }, - { - "name" : "VU#507433", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/507433" - }, - { - "name" : "24426", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24426" - }, - { - "name" : "35353", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35353" - }, - { - "name" : "ADV-2007-2153", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2153" - }, - { - "name" : "oval:org.mitre.oval:def:2031", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2031" - }, - { - "name" : "1018235", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018235" - }, - { - "name" : "25627", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25627" - }, - { - "name" : "ie-speech-code-execution(34630)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34630" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ie-speech-code-execution(34630)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34630" + }, + { + "name": "35353", + "refsource": "OSVDB", + "url": "http://osvdb.org/35353" + }, + { + "name": "VU#507433", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/507433" + }, + { + "name": "25627", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25627" + }, + { + "name": "4065", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/4065" + }, + { + "name": "SSRT071438", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded" + }, + { + "name": "24426", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24426" + }, + { + "name": "1018235", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018235" + }, + { + "name": "http://retrogod.altervista.org/win_speech_2k_sp4.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/win_speech_2k_sp4.html" + }, + { + "name": "ADV-2007-2153", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2153" + }, + { + "name": "TA07-163A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html" + }, + { + "name": "oval:org.mitre.oval:def:2031", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2031" + }, + { + "name": "http://retrogod.altervista.org/win_speech_xp_sp2.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/win_speech_xp_sp2.html" + }, + { + "name": "MS07-033", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033" + }, + { + "name": "HPSBST02231", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2382.json b/2007/2xxx/CVE-2007-2382.json index e6fee0d445a..df03265493c 100644 --- a/2007/2xxx/CVE-2007-2382.json +++ b/2007/2xxx/CVE-2007-2382.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2382", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Moo.fx framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka \"JavaScript Hijacking.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2382", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf", - "refsource" : "MISC", - "url" : "http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf" - }, - { - "name" : "43327", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/43327" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Moo.fx framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka \"JavaScript Hijacking.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf", + "refsource": "MISC", + "url": "http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf" + }, + { + "name": "43327", + "refsource": "OSVDB", + "url": "http://osvdb.org/43327" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2494.json b/2007/2xxx/CVE-2007-2494.json index 34bd7a8dee7..cc094691507 100644 --- a/2007/2xxx/CVE-2007-2494.json +++ b/2007/2xxx/CVE-2007-2494.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2494", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in the PowerPointOCX ActiveX control in PowerPointViewer.ocx 3.1.0.3 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) Save, (6) SaveWebFile, (7) HttpDownloadFile, (8) Open, or (9) OpenWebFile property value. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2494", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3826", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3826" - }, - { - "name" : "http://moaxb.blogspot.com/2007/05/moaxb-01-powerpointviewerocx-31.html", - "refsource" : "MISC", - "url" : "http://moaxb.blogspot.com/2007/05/moaxb-01-powerpointviewerocx-31.html" - }, - { - "name" : "23733", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23733" - }, - { - "name" : "ADV-2007-1612", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1612" - }, - { - "name" : "34332", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34332" - }, - { - "name" : "25092", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25092" - }, - { - "name" : "office-powerpoint-ocx-bo(34013)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34013" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in the PowerPointOCX ActiveX control in PowerPointViewer.ocx 3.1.0.3 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) Save, (6) SaveWebFile, (7) HttpDownloadFile, (8) Open, or (9) OpenWebFile property value. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://moaxb.blogspot.com/2007/05/moaxb-01-powerpointviewerocx-31.html", + "refsource": "MISC", + "url": "http://moaxb.blogspot.com/2007/05/moaxb-01-powerpointviewerocx-31.html" + }, + { + "name": "3826", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3826" + }, + { + "name": "office-powerpoint-ocx-bo(34013)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34013" + }, + { + "name": "34332", + "refsource": "OSVDB", + "url": "http://osvdb.org/34332" + }, + { + "name": "23733", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23733" + }, + { + "name": "25092", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25092" + }, + { + "name": "ADV-2007-1612", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1612" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2566.json b/2007/2xxx/CVE-2007-2566.json index 473ecb0564b..4e579d0beca 100644 --- a/2007/2xxx/CVE-2007-2566.json +++ b/2007/2xxx/CVE-2007-2566.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2566", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SaveBarCode function in the Taltech Tal Bar Code ActiveX control allows remote attackers to cause a denial of service (disk consumption) by uploading multiple bar codes, as demonstrated by a WSF package." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2566", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070505 Taltech Tal Bar Code ActiveX Control Memory Corruption Vulnerability(-ies)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/467822/100/0/threaded" - }, - { - "name" : "25180", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25180" - }, - { - "name" : "2683", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2683" - }, - { - "name" : "ttbc-savebarcode-file-upload(34130)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34130" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SaveBarCode function in the Taltech Tal Bar Code ActiveX control allows remote attackers to cause a denial of service (disk consumption) by uploading multiple bar codes, as demonstrated by a WSF package." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070505 Taltech Tal Bar Code ActiveX Control Memory Corruption Vulnerability(-ies)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/467822/100/0/threaded" + }, + { + "name": "2683", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2683" + }, + { + "name": "ttbc-savebarcode-file-upload(34130)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34130" + }, + { + "name": "25180", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25180" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2685.json b/2007/2xxx/CVE-2007-2685.json index 067e177a4f6..baa99806614 100644 --- a/2007/2xxx/CVE-2007-2685.json +++ b/2007/2xxx/CVE-2007-2685.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2685", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in index.php in Jetbox CMS 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) view or (2) login parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2685", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070521 Jetbox CMS version 2.1 Multiple SQL Injection Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/469223/100/0/threaded" - }, - { - "name" : "20070521 Jetbox CMS version 2.1 Multiple SQL Injection Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=117974433216496&w=2" - }, - { - "name" : "http://www.netvigilance.com/advisory0028", - "refsource" : "MISC", - "url" : "http://www.netvigilance.com/advisory0028" - }, - { - "name" : "24077", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24077" - }, - { - "name" : "34784", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/34784" - }, - { - "name" : "jetbox-index-sql-injection(34387)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34387" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in index.php in Jetbox CMS 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) view or (2) login parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24077", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24077" + }, + { + "name": "20070521 Jetbox CMS version 2.1 Multiple SQL Injection Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/469223/100/0/threaded" + }, + { + "name": "20070521 Jetbox CMS version 2.1 Multiple SQL Injection Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=117974433216496&w=2" + }, + { + "name": "http://www.netvigilance.com/advisory0028", + "refsource": "MISC", + "url": "http://www.netvigilance.com/advisory0028" + }, + { + "name": "jetbox-index-sql-injection(34387)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34387" + }, + { + "name": "34784", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/34784" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2704.json b/2007/2xxx/CVE-2007-2704.json index c6b83627795..4a4fc1a8ef2 100644 --- a/2007/2xxx/CVE-2007-2704.json +++ b/2007/2xxx/CVE-2007-2704.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2704", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BEA WebLogic Server 9.0 through 9.2 allows remote attackers to cause a denial of service (SSL port unavailability) by accessing a half-closed SSL socket." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2704", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "BEA07-168.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/237" - }, - { - "name" : "ADV-2007-1815", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1815" - }, - { - "name" : "36064", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36064" - }, - { - "name" : "1018057", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018057" - }, - { - "name" : "25284", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25284" - }, - { - "name" : "weblogic-ssl-port-dos(34278)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34278" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BEA WebLogic Server 9.0 through 9.2 allows remote attackers to cause a denial of service (SSL port unavailability) by accessing a half-closed SSL socket." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "weblogic-ssl-port-dos(34278)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34278" + }, + { + "name": "1018057", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018057" + }, + { + "name": "25284", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25284" + }, + { + "name": "BEA07-168.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/237" + }, + { + "name": "ADV-2007-1815", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1815" + }, + { + "name": "36064", + "refsource": "OSVDB", + "url": "http://osvdb.org/36064" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3119.json b/2007/3xxx/CVE-2007-3119.json index 6c38c80f211..b68bfdbd9f5 100644 --- a/2007/3xxx/CVE-2007-3119.json +++ b/2007/3xxx/CVE-2007-3119.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3119", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in news.asp in Kartli Alisveris Sistemi (aka Free-PayPal-Shopping-Cart) 1.0 allows remote attackers to execute arbitrary SQL commands via the news_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3119", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4040", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4040" - }, - { - "name" : "24362", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24362" - }, - { - "name" : "ADV-2007-2098", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2098" - }, - { - "name" : "37170", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37170" - }, - { - "name" : "25565", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25565" - }, - { - "name" : "kartlialisveris-news-sql-injection(34756)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34756" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in news.asp in Kartli Alisveris Sistemi (aka Free-PayPal-Shopping-Cart) 1.0 allows remote attackers to execute arbitrary SQL commands via the news_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "kartlialisveris-news-sql-injection(34756)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34756" + }, + { + "name": "4040", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4040" + }, + { + "name": "25565", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25565" + }, + { + "name": "24362", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24362" + }, + { + "name": "37170", + "refsource": "OSVDB", + "url": "http://osvdb.org/37170" + }, + { + "name": "ADV-2007-2098", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2098" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3535.json b/2007/3xxx/CVE-2007-3535.json index 4353938bef9..e05eda3b63e 100644 --- a/2007/3xxx/CVE-2007-3535.json +++ b/2007/3xxx/CVE-2007-3535.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3535", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in GL-SH Deaf Forum 6.4.4 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) FORUM_LANGUAGE parameter to functions.php or the (2) style parameter to bottom.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3535", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4124", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4124" - }, - { - "name" : "37110", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37110" - }, - { - "name" : "37111", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37111" - }, - { - "name" : "25893", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25893" - }, - { - "name" : "glshdeaf-functionsbottom-file-include(35160)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35160" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in GL-SH Deaf Forum 6.4.4 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) FORUM_LANGUAGE parameter to functions.php or the (2) style parameter to bottom.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25893", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25893" + }, + { + "name": "glshdeaf-functionsbottom-file-include(35160)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35160" + }, + { + "name": "4124", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4124" + }, + { + "name": "37111", + "refsource": "OSVDB", + "url": "http://osvdb.org/37111" + }, + { + "name": "37110", + "refsource": "OSVDB", + "url": "http://osvdb.org/37110" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3547.json b/2007/3xxx/CVE-2007-3547.json index 2b8b8b8f389..80944009079 100644 --- a/2007/3xxx/CVE-2007-3547.json +++ b/2007/3xxx/CVE-2007-3547.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3547", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in qti_checkname.php in QuickTicket 1.2 allows remote attackers to include and execute arbitrary local files a .. (dot dot) in the lang parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3547", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4116", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4116" - }, - { - "name" : "24670", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24670" - }, - { - "name" : "37605", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37605" - }, - { - "name" : "25852", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25852/" - }, - { - "name" : "quickticket-checkname-file-include(35115)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35115" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in qti_checkname.php in QuickTicket 1.2 allows remote attackers to include and execute arbitrary local files a .. (dot dot) in the lang parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24670", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24670" + }, + { + "name": "37605", + "refsource": "OSVDB", + "url": "http://osvdb.org/37605" + }, + { + "name": "25852", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25852/" + }, + { + "name": "quickticket-checkname-file-include(35115)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35115" + }, + { + "name": "4116", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4116" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3760.json b/2007/3xxx/CVE-2007-3760.json index eae4098c775..d99fd849465 100644 --- a/2007/3xxx/CVE-2007-3760.json +++ b/2007/3xxx/CVE-2007-3760.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3760", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to inject arbitrary web script or HTML via frame tags." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3760", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=306586", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=306586" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=307041", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=307041" - }, - { - "name" : "APPLE-SA-2007-09-27", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2007-11-14", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html" - }, - { - "name" : "TA07-319A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-319A.html" - }, - { - "name" : "25850", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25850" - }, - { - "name" : "26444", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26444" - }, - { - "name" : "ADV-2007-3287", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3287" - }, - { - "name" : "ADV-2007-3868", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3868" - }, - { - "name" : "1018752", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018752" - }, - { - "name" : "26983", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26983" - }, - { - "name" : "27643", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27643" - }, - { - "name" : "iphone-frametags-security-bypass(36859)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36859" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to inject arbitrary web script or HTML via frame tags." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2007-09-27", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=306586", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=306586" + }, + { + "name": "iphone-frametags-security-bypass(36859)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36859" + }, + { + "name": "26444", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26444" + }, + { + "name": "APPLE-SA-2007-11-14", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=307041", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=307041" + }, + { + "name": "26983", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26983" + }, + { + "name": "ADV-2007-3868", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3868" + }, + { + "name": "ADV-2007-3287", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3287" + }, + { + "name": "27643", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27643" + }, + { + "name": "25850", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25850" + }, + { + "name": "TA07-319A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html" + }, + { + "name": "1018752", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018752" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6093.json b/2007/6xxx/CVE-2007-6093.json index 62768d1aa52..9c804e27d14 100644 --- a/2007/6xxx/CVE-2007-6093.json +++ b/2007/6xxx/CVE-2007-6093.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6093", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SRTP implementation in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (kernel crash) via an RTCP index that is \"much more than expected.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6093", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ingate.com/relnote-460.php", - "refsource" : "CONFIRM", - "url" : "http://www.ingate.com/relnote-460.php" - }, - { - "name" : "26486", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26486" - }, - { - "name" : "42174", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42174" - }, - { - "name" : "27688", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27688" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SRTP implementation in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (kernel crash) via an RTCP index that is \"much more than expected.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27688", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27688" + }, + { + "name": "26486", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26486" + }, + { + "name": "42174", + "refsource": "OSVDB", + "url": "http://osvdb.org/42174" + }, + { + "name": "http://www.ingate.com/relnote-460.php", + "refsource": "CONFIRM", + "url": "http://www.ingate.com/relnote-460.php" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0148.json b/2010/0xxx/CVE-2010-0148.json index 9c21f18fd9e..51a7a799874 100644 --- a/2010/0xxx/CVE-2010-0148.json +++ b/2010/0xxx/CVE-2010-0148.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0148", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Cisco Security Agent 5.2 before 5.2.0.285, when running on Linux, allows remote attackers to cause a denial of service (kernel panic) via \"a series of TCP packets.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2010-0148", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100217 Multiple Vulnerabilities in Cisco Security Agent", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml" - }, - { - "name" : "38273", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38273" - }, - { - "name" : "62445", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/62445" - }, - { - "name" : "1023607", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023607" - }, - { - "name" : "38619", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38619" - }, - { - "name" : "ADV-2010-0416", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0416" - }, - { - "name" : "cisco-securityagent-tcp-dos(56347)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56347" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Cisco Security Agent 5.2 before 5.2.0.285, when running on Linux, allows remote attackers to cause a denial of service (kernel panic) via \"a series of TCP packets.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-securityagent-tcp-dos(56347)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56347" + }, + { + "name": "1023607", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023607" + }, + { + "name": "38619", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38619" + }, + { + "name": "ADV-2010-0416", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0416" + }, + { + "name": "38273", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38273" + }, + { + "name": "20100217 Multiple Vulnerabilities in Cisco Security Agent", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml" + }, + { + "name": "62445", + "refsource": "OSVDB", + "url": "http://osvdb.org/62445" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0606.json b/2010/0xxx/CVE-2010-0606.json index dcf2a325030..b29f35986e4 100644 --- a/2010/0xxx/CVE-2010-0606.json +++ b/2010/0xxx/CVE-2010-0606.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0606", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users to inject arbitrary web script or HTML via the f parameter, possibly related to an error message generated by scp/admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0606", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1002-exploits/osTicket-1.6-RC5-ReflectedXSS.pdf", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1002-exploits/osTicket-1.6-RC5-ReflectedXSS.pdf" - }, - { - "name" : "http://osticket.com/forums/project.php?issueid=176", - "refsource" : "CONFIRM", - "url" : "http://osticket.com/forums/project.php?issueid=176" - }, - { - "name" : "38166", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38166" - }, - { - "name" : "38515", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38515" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users to inject arbitrary web script or HTML via the f parameter, possibly related to an error message generated by scp/admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38166", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38166" + }, + { + "name": "http://osticket.com/forums/project.php?issueid=176", + "refsource": "CONFIRM", + "url": "http://osticket.com/forums/project.php?issueid=176" + }, + { + "name": "38515", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38515" + }, + { + "name": "http://packetstormsecurity.org/1002-exploits/osTicket-1.6-RC5-ReflectedXSS.pdf", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1002-exploits/osTicket-1.6-RC5-ReflectedXSS.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0818.json b/2010/0xxx/CVE-2010-0818.json index 58a32144e62..2817a47ea7b 100644 --- a/2010/0xxx/CVE-2010-0818.json +++ b/2010/0xxx/CVE-2010-0818.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0818", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attackers to execute arbitrary code via a file in an unspecified \"supported format,\" aka \"MPEG-4 Codec Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-0818", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-062", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-062" - }, - { - "name" : "oval:org.mitre.oval:def:7318", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attackers to execute arbitrary code via a file in an unspecified \"supported format,\" aka \"MPEG-4 Codec Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:7318", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7318" + }, + { + "name": "MS10-062", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-062" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1178.json b/2010/1xxx/CVE-2010-1178.json index 6cc4a60a99e..c65d318a27d 100644 --- a/2010/1xxx/CVE-2010-1178.json +++ b/2010/1xxx/CVE-2010-1178.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) via a JavaScript loop that attempts to construct an infinitely long string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://nishantdaspatnaik.yolasite.com/ipodpoc3.php", - "refsource" : "MISC", - "url" : "http://nishantdaspatnaik.yolasite.com/ipodpoc3.php" - }, - { - "name" : "safari-iphone-javascript-dos(57993)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57993" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) via a JavaScript loop that attempts to construct an infinitely long string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://nishantdaspatnaik.yolasite.com/ipodpoc3.php", + "refsource": "MISC", + "url": "http://nishantdaspatnaik.yolasite.com/ipodpoc3.php" + }, + { + "name": "safari-iphone-javascript-dos(57993)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57993" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1183.json b/2010/1xxx/CVE-2010-1183.json index 493ad584f47..1cc45e26e38 100644 --- a/2010/1xxx/CVE-2010-1183.json +++ b/2010/1xxx/CVE-2010-1183.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1183", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Certain patch-installation scripts in Oracle Solaris allow local users to append data to arbitrary files via a symlink attack on the /tmp/CLEANUP temporary file, related to use of Update Manager." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1183", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100324 Symlink attack with Solaris Update manager", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/510305/100/0/threaded" - }, - { - "name" : "20100324 Symlink attack with Solaris Update manager and Sun Patch Cluster", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/510311/100/0/threaded" - }, - { - "name" : "38928", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38928" - }, - { - "name" : "solaris-update-manager-multiple-symlink(57149)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57149" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Certain patch-installation scripts in Oracle Solaris allow local users to append data to arbitrary files via a symlink attack on the /tmp/CLEANUP temporary file, related to use of Update Manager." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100324 Symlink attack with Solaris Update manager and Sun Patch Cluster", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/510311/100/0/threaded" + }, + { + "name": "38928", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38928" + }, + { + "name": "solaris-update-manager-multiple-symlink(57149)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57149" + }, + { + "name": "20100324 Symlink attack with Solaris Update manager", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/510305/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1227.json b/2010/1xxx/CVE-2010-1227.json index 875ccdb58d7..e1e5448b466 100644 --- a/2010/1xxx/CVE-2010-1227.json +++ b/2010/1xxx/CVE-2010-1227.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1227", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via the subject field of a message, as demonstrated by a subject containing an IMG element with a SRC attribute that performs a cross-site request forgery (CSRF) attack involving the cmd and argv parameters to cmd.msc." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1227", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100313 Sun Java System Communication Express CSRF via HPP", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/510154/100/0/threaded" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" - }, - { - "name" : "42990", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42990" - }, - { - "name" : "ADV-2011-0157", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0157" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via the subject field of a message, as demonstrated by a subject containing an IMG element with a SRC attribute that performs a cross-site request forgery (CSRF) attack involving the cmd and argv parameters to cmd.msc." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100313 Sun Java System Communication Express CSRF via HPP", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/510154/100/0/threaded" + }, + { + "name": "ADV-2011-0157", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0157" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" + }, + { + "name": "42990", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42990" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5064.json b/2010/5xxx/CVE-2010-5064.json index cb6d64cd885..b6845ee95d0 100644 --- a/2010/5xxx/CVE-2010-5064.json +++ b/2010/5xxx/CVE-2010-5064.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5064", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Virtual War (aka VWar) 1.6.1 R2 allow remote attackers to inject arbitrary web script or HTML via (1) the Additional Information field to challenge.php, the (2) Additional Information or (3) Contact information field to joinus.php, (4) the War Report field to admin/admin.php in a finishwar action, or (5) the Nick field to profile.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5064", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2010/Aug/235" - }, - { - "name" : "http://dmcdonald.net/vwar.txt", - "refsource" : "MISC", - "url" : "http://dmcdonald.net/vwar.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Virtual War (aka VWar) 1.6.1 R2 allow remote attackers to inject arbitrary web script or HTML via (1) the Additional Information field to challenge.php, the (2) Additional Information or (3) Contact information field to joinus.php, (4) the War Report field to admin/admin.php in a finishwar action, or (5) the Nick field to profile.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://dmcdonald.net/vwar.txt", + "refsource": "MISC", + "url": "http://dmcdonald.net/vwar.txt" + }, + { + "name": "20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2010/Aug/235" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5130.json b/2010/5xxx/CVE-2010-5130.json index 252d49de268..21f87c60aef 100644 --- a/2010/5xxx/CVE-2010-5130.json +++ b/2010/5xxx/CVE-2010-5130.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5130", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-5130", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0257.json b/2014/0xxx/CVE-2014-0257.json index 9649874abf4..2740cd8ad82 100644 --- a/2014/0xxx/CVE-2014-0257.json +++ b/2014/0xxx/CVE-2014-0257.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0257", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via (1) a crafted web site or (2) a crafted .NET Framework application that exposes a COM server endpoint, aka \"Type Traversal Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-0257", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "33892", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/33892" - }, - { - "name" : "http://packetstormsecurity.com/files/127246/MS14-009-.NET-Deployment-Service-IE-Sandbox-Escape.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127246/MS14-009-.NET-Deployment-Service-IE-Sandbox-Escape.html" - }, - { - "name" : "MS14-009", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-009" - }, - { - "name" : "65417", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65417" - }, - { - "name" : "103163", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/103163" - }, - { - "name" : "1029745", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029745" - }, - { - "name" : "56793", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via (1) a crafted web site or (2) a crafted .NET Framework application that exposes a COM server endpoint, aka \"Type Traversal Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1029745", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029745" + }, + { + "name": "33892", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/33892" + }, + { + "name": "65417", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65417" + }, + { + "name": "http://packetstormsecurity.com/files/127246/MS14-009-.NET-Deployment-Service-IE-Sandbox-Escape.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127246/MS14-009-.NET-Deployment-Service-IE-Sandbox-Escape.html" + }, + { + "name": "103163", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/103163" + }, + { + "name": "56793", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56793" + }, + { + "name": "MS14-009", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-009" + } + ] + } +} \ No newline at end of file diff --git a/2014/100xxx/CVE-2014-100005.json b/2014/100xxx/CVE-2014-100005.json index 462bb371230..c20e4e1abc9 100644 --- a/2014/100xxx/CVE-2014-100005.json +++ b/2014/100xxx/CVE-2014-100005.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-100005", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-100005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/", - "refsource" : "MISC", - "url" : "http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/" - }, - { - "name" : "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10018", - "refsource" : "CONFIRM", - "url" : "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10018" - }, - { - "name" : "57304", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57304" - }, - { - "name" : "dir600-settings-csrf(91794)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91794" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "57304", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57304" + }, + { + "name": "dir600-settings-csrf(91794)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91794" + }, + { + "name": "http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/", + "refsource": "MISC", + "url": "http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/" + }, + { + "name": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10018", + "refsource": "CONFIRM", + "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10018" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1642.json b/2014/1xxx/CVE-2014-1642.json index a0c7bc85b19..ca25ff34820 100644 --- a/2014/1xxx/CVE-2014-1642.json +++ b/2014/1xxx/CVE-2014-1642.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1642", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory that may still be intended for use, which allows local guest administrators to cause a denial of service (memory corruption and hypervisor crash) and possibly execute arbitrary code via vectors related to an out-of-memory error that triggers a (1) use-after-free or (2) double free." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140123 Xen Security Advisory 83 (CVE-2014-1642) - Out-of-memory condition yielding memory corruption during IRQ setup", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/01/23/4" - }, - { - "name" : "http://xenbits.xen.org/xsa/advisory-83.html", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/advisory-83.html" - }, - { - "name" : "FEDORA-2014-1552", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127607.html" - }, - { - "name" : "FEDORA-2014-1559", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127580.html" - }, - { - "name" : "GLSA-201407-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201407-03.xml" - }, - { - "name" : "SUSE-SU-2014:0373", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html" - }, - { - "name" : "65097", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65097" - }, - { - "name" : "102406", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102406" - }, - { - "name" : "1029679", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029679" - }, - { - "name" : "56557", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56557" - }, - { - "name" : "xen-irq-cve20141642-code-exec(90649)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90649" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory that may still be intended for use, which allows local guest administrators to cause a denial of service (memory corruption and hypervisor crash) and possibly execute arbitrary code via vectors related to an out-of-memory error that triggers a (1) use-after-free or (2) double free." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2014:0373", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html" + }, + { + "name": "FEDORA-2014-1552", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127607.html" + }, + { + "name": "xen-irq-cve20141642-code-exec(90649)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90649" + }, + { + "name": "56557", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56557" + }, + { + "name": "GLSA-201407-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201407-03.xml" + }, + { + "name": "FEDORA-2014-1559", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127580.html" + }, + { + "name": "[oss-security] 20140123 Xen Security Advisory 83 (CVE-2014-1642) - Out-of-memory condition yielding memory corruption during IRQ setup", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/01/23/4" + }, + { + "name": "102406", + "refsource": "OSVDB", + "url": "http://osvdb.org/102406" + }, + { + "name": "1029679", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029679" + }, + { + "name": "65097", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65097" + }, + { + "name": "http://xenbits.xen.org/xsa/advisory-83.html", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/advisory-83.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1835.json b/2014/1xxx/CVE-2014-1835.json index 361e8522371..f539d0fc4e1 100644 --- a/2014/1xxx/CVE-2014-1835.json +++ b/2014/1xxx/CVE-2014-1835.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1835", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to steal the login credentials by watching the process table." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1835", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140131 Re: echor 0.1.6 Ruby Gem exposes login credentials", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/01/31/10" - }, - { - "name" : "echor-ruby-system-process-info-disc(90858)", - "refsource" : "XF", - "url" : "http://xforce.iss.net/xforce/xfdb/90858" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to steal the login credentials by watching the process table." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140131 Re: echor 0.1.6 Ruby Gem exposes login credentials", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/01/31/10" + }, + { + "name": "echor-ruby-system-process-info-disc(90858)", + "refsource": "XF", + "url": "http://xforce.iss.net/xforce/xfdb/90858" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1885.json b/2014/1xxx/CVE-2014-1885.json index 6abaa064909..df6145c49b9 100644 --- a/2014/1xxx/CVE-2014-1885.json +++ b/2014/1xxx/CVE-2014-1885.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1885", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ForzeArmate application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain write access to external-storage resources, by leveraging control over any Google syndication advertising domain." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1885", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140207 Re: CVE request: multiple issues in Apache Cordova/PhoneGap", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/02/07/9" - }, - { - "name" : "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf", - "refsource" : "MISC", - "url" : "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf" - }, - { - "name" : "http://www.internetsociety.org/ndss2014/programme#session3", - "refsource" : "MISC", - "url" : "http://www.internetsociety.org/ndss2014/programme#session3" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ForzeArmate application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain write access to external-storage resources, by leveraging control over any Google syndication advertising domain." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf", + "refsource": "MISC", + "url": "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf" + }, + { + "name": "http://www.internetsociety.org/ndss2014/programme#session3", + "refsource": "MISC", + "url": "http://www.internetsociety.org/ndss2014/programme#session3" + }, + { + "name": "[oss-security] 20140207 Re: CVE request: multiple issues in Apache Cordova/PhoneGap", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/02/07/9" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1941.json b/2014/1xxx/CVE-2014-1941.json index 5a1893cbd5f..5adafd45700 100644 --- a/2014/1xxx/CVE-2014-1941.json +++ b/2014/1xxx/CVE-2014-1941.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1941", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1941", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4043.json b/2014/4xxx/CVE-2014-4043.json index 0d1a50c6571..7071ab01b57 100644 --- a/2014/4xxx/CVE-2014-4043.json +++ b/2014/4xxx/CVE-2014-4043.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4043", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4043", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1109263", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1109263" - }, - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=17048", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=17048" - }, - { - "name" : "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=ChangeLog;h=3020b9ac232315df362521aeaf85f21cb9926db8;hp=d86e73963dd9fb5e21b1a28326630337226812aa;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=ChangeLog;h=3020b9ac232315df362521aeaf85f21cb9926db8;hp=d86e73963dd9fb5e21b1a28326630337226812aa;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845" - }, - { - "name" : "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=posix/spawn_faction_addopen.c;h=40800b8e6e81341501c0fb8a91009529e2048dec;hp=47f62425b696a4fdd511b2a057746322eb6518db;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=posix/spawn_faction_addopen.c;h=40800b8e6e81341501c0fb8a91009529e2048dec;hp=47f62425b696a4fdd511b2a057746322eb6518db;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845" - }, - { - "name" : "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=89e435f3559c53084498e9baad22172b64429362", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=89e435f3559c53084498e9baad22172b64429362" - }, - { - "name" : "GLSA-201503-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201503-04" - }, - { - "name" : "MDVSA-2014:152", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:152" - }, - { - "name" : "openSUSE-SU-2015:1387", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html" - }, - { - "name" : "68006", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68006" - }, - { - "name" : "gnuclibrary-cve20144043-code-exec(93784)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93784" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=ChangeLog;h=3020b9ac232315df362521aeaf85f21cb9926db8;hp=d86e73963dd9fb5e21b1a28326630337226812aa;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845", + "refsource": "CONFIRM", + "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=ChangeLog;h=3020b9ac232315df362521aeaf85f21cb9926db8;hp=d86e73963dd9fb5e21b1a28326630337226812aa;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845" + }, + { + "name": "68006", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68006" + }, + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=17048", + "refsource": "CONFIRM", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=17048" + }, + { + "name": "gnuclibrary-cve20144043-code-exec(93784)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93784" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1109263", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1109263" + }, + { + "name": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=89e435f3559c53084498e9baad22172b64429362", + "refsource": "CONFIRM", + "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=89e435f3559c53084498e9baad22172b64429362" + }, + { + "name": "GLSA-201503-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201503-04" + }, + { + "name": "MDVSA-2014:152", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:152" + }, + { + "name": "openSUSE-SU-2015:1387", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html" + }, + { + "name": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=posix/spawn_faction_addopen.c;h=40800b8e6e81341501c0fb8a91009529e2048dec;hp=47f62425b696a4fdd511b2a057746322eb6518db;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845", + "refsource": "CONFIRM", + "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=posix/spawn_faction_addopen.c;h=40800b8e6e81341501c0fb8a91009529e2048dec;hp=47f62425b696a4fdd511b2a057746322eb6518db;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4593.json b/2014/4xxx/CVE-2014-4593.json index 5f501a4340f..a8e99b19f12 100644 --- a/2014/4xxx/CVE-2014-4593.json +++ b/2014/4xxx/CVE-2014-4593.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4593", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in wp-plugins-net/index.php in the WP Plugin Manager (wppm) plugin 1.6.4.b and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filter parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4593", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://codevigilant.com/disclosure/wp-plugin-wppm-a3-cross-site-scripting-xss", - "refsource" : "MISC", - "url" : "http://codevigilant.com/disclosure/wp-plugin-wppm-a3-cross-site-scripting-xss" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in wp-plugins-net/index.php in the WP Plugin Manager (wppm) plugin 1.6.4.b and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filter parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://codevigilant.com/disclosure/wp-plugin-wppm-a3-cross-site-scripting-xss", + "refsource": "MISC", + "url": "http://codevigilant.com/disclosure/wp-plugin-wppm-a3-cross-site-scripting-xss" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4704.json b/2014/4xxx/CVE-2014-4704.json index 4220eec3c53..481d9ff5b6a 100644 --- a/2014/4xxx/CVE-2014-4704.json +++ b/2014/4xxx/CVE-2014-4704.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4704", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4704", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5443.json b/2014/5xxx/CVE-2014-5443.json index 995381b25c4..633f885c777 100644 --- a/2014/5xxx/CVE-2014-5443.json +++ b/2014/5xxx/CVE-2014-5443.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5443", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Seafile Server before 3.1.2 and Server Professional Edition before 3.1.0 allow local users to gain privileges via vectors related to ccnet handling user accounts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5443", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140824 CVE-2014-5443: Seafile local horizontal privilege escalation vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/08/24/3" - }, - { - "name" : "https://manual.seafile.com/changelog/changelog-for-seafile-professional-server.html", - "refsource" : "CONFIRM", - "url" : "https://manual.seafile.com/changelog/changelog-for-seafile-professional-server.html" - }, - { - "name" : "https://manual.seafile.com/changelog/server-changelog.html", - "refsource" : "CONFIRM", - "url" : "https://manual.seafile.com/changelog/server-changelog.html" - }, - { - "name" : "69360", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69360" - }, - { - "name" : "seafile-cve20145443-priv-esc(95458)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95458" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Seafile Server before 3.1.2 and Server Professional Edition before 3.1.0 allow local users to gain privileges via vectors related to ccnet handling user accounts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "seafile-cve20145443-priv-esc(95458)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95458" + }, + { + "name": "https://manual.seafile.com/changelog/changelog-for-seafile-professional-server.html", + "refsource": "CONFIRM", + "url": "https://manual.seafile.com/changelog/changelog-for-seafile-professional-server.html" + }, + { + "name": "https://manual.seafile.com/changelog/server-changelog.html", + "refsource": "CONFIRM", + "url": "https://manual.seafile.com/changelog/server-changelog.html" + }, + { + "name": "[oss-security] 20140824 CVE-2014-5443: Seafile local horizontal privilege escalation vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/08/24/3" + }, + { + "name": "69360", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69360" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5694.json b/2014/5xxx/CVE-2014-5694.json index 3b4ff7e01ba..95eaf309733 100644 --- a/2014/5xxx/CVE-2014-5694.json +++ b/2014/5xxx/CVE-2014-5694.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5694", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Scoutmob local deals & events (aka com.scoutmob.ile) application 3.0.18 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5694", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#182449", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/182449" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Scoutmob local deals & events (aka com.scoutmob.ile) application 3.0.18 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#182449", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/182449" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5759.json b/2014/5xxx/CVE-2014-5759.json index bfb23255a6b..c0f687d916b 100644 --- a/2014/5xxx/CVE-2014-5759.json +++ b/2014/5xxx/CVE-2014-5759.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5759", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Awesome Antivirus 2014 (aka com.yoursite.top5antivirus2014) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5759", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#862689", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/862689" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Awesome Antivirus 2014 (aka com.yoursite.top5antivirus2014) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#862689", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/862689" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5927.json b/2014/5xxx/CVE-2014-5927.json index 363b24d005c..646121d49a6 100644 --- a/2014/5xxx/CVE-2014-5927.json +++ b/2014/5xxx/CVE-2014-5927.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5927", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FastCustomer -- Fast Customer (aka www.fastcustomer.com) application 3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5927", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#317705", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/317705" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FastCustomer -- Fast Customer (aka www.fastcustomer.com) application 3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#317705", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/317705" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5953.json b/2014/5xxx/CVE-2014-5953.json index 75ef9e7bf9e..6e2e99a983f 100644 --- a/2014/5xxx/CVE-2014-5953.json +++ b/2014/5xxx/CVE-2014-5953.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5953", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The KASKUS (aka com.kaskus.android) application 2.13.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5953", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#618929", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/618929" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The KASKUS (aka com.kaskus.android) application 2.13.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#618929", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/618929" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10249.json b/2016/10xxx/CVE-2016-10249.json index a59a5439a08..17479ecee12 100644 --- a/2016/10xxx/CVE-2016-10249.json +++ b/2016/10xxx/CVE-2016-10249.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10249", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.12 allows remote attackers to have unspecified impact via a crafted image file, which triggers a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10249", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2016/10/23/jasper-heap-based-buffer-overflow-in-jpc_dec_tiledecode-jpc_dec-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2016/10/23/jasper-heap-based-buffer-overflow-in-jpc_dec_tiledecode-jpc_dec-c/" - }, - { - "name" : "https://github.com/mdadams/jasper/commit/988f8365f7d8ad8073b6786e433d34c553ecf568", - "refsource" : "CONFIRM", - "url" : "https://github.com/mdadams/jasper/commit/988f8365f7d8ad8073b6786e433d34c553ecf568" - }, - { - "name" : "DSA-3827", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3827" - }, - { - "name" : "RHSA-2017:1208", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1208" - }, - { - "name" : "93838", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93838" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.12 allows remote attackers to have unspecified impact via a crafted image file, which triggers a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2016/10/23/jasper-heap-based-buffer-overflow-in-jpc_dec_tiledecode-jpc_dec-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2016/10/23/jasper-heap-based-buffer-overflow-in-jpc_dec_tiledecode-jpc_dec-c/" + }, + { + "name": "https://github.com/mdadams/jasper/commit/988f8365f7d8ad8073b6786e433d34c553ecf568", + "refsource": "CONFIRM", + "url": "https://github.com/mdadams/jasper/commit/988f8365f7d8ad8073b6786e433d34c553ecf568" + }, + { + "name": "RHSA-2017:1208", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1208" + }, + { + "name": "DSA-3827", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3827" + }, + { + "name": "93838", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93838" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10337.json b/2016/10xxx/CVE-2016-10337.json index 1a8b8d7a957..d6157f28078 100644 --- a/2016/10xxx/CVE-2016-10337.json +++ b/2016/10xxx/CVE-2016-10337.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2016-10337", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "All Qualcomm products", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all Android releases from CAF using the Linux kernel, some validation of secure applications was not being performed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Input Validation in TrustZone" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2016-10337", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All Qualcomm products", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-06-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-06-01" - }, - { - "name" : "98874", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98874" - }, - { - "name" : "1038623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all Android releases from CAF using the Linux kernel, some validation of secure applications was not being performed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation in TrustZone" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-06-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-06-01" + }, + { + "name": "98874", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98874" + }, + { + "name": "1038623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038623" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10448.json b/2016/10xxx/CVE-2016-10448.json index 7217e28148c..894fb536872 100644 --- a/2016/10xxx/CVE-2016-10448.json +++ b/2016/10xxx/CVE-2016-10448.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2016-10448", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, SDX20" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, a simultaneous command post for addSA or updateSA on same SA leads to memory corruption. APIs addSA and updateSA APIs access the global variable ipsec_sa_list[] outside of mutex protection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Time-of-check Time-of-use (TOCTOU) Race Condition in SEC." - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2016-10448", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, SDX20" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, a simultaneous command post for addSA or updateSA on same SA leads to memory corruption. APIs addSA and updateSA APIs access the global variable ipsec_sa_list[] outside of mutex protection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Time-of-check Time-of-use (TOCTOU) Race Condition in SEC." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10512.json b/2016/10xxx/CVE-2016-10512.json index 81042eb2d28..bdceef1db3f 100644 --- a/2016/10xxx/CVE-2016-10512.json +++ b/2016/10xxx/CVE-2016-10512.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10512", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MultiTech FaxFinder before 4.1.2 stores Passwords unencrypted for maintaining the test connectivity function of its LDAP configuration. These credentials are retrieved by the system when the LDAP configuration page is opened and are embedded directly into the HTML source code in cleartext." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10512", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://packetstormsecurity.com/files/139844/Multitech-RightFax-Faxfinder-Credential-Disclosure.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/139844/Multitech-RightFax-Faxfinder-Credential-Disclosure.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MultiTech FaxFinder before 4.1.2 stores Passwords unencrypted for maintaining the test connectivity function of its LDAP configuration. These credentials are retrieved by the system when the LDAP configuration page is opened and are embedded directly into the HTML source code in cleartext." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://packetstormsecurity.com/files/139844/Multitech-RightFax-Faxfinder-Credential-Disclosure.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/139844/Multitech-RightFax-Faxfinder-Credential-Disclosure.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10667.json b/2016/10xxx/CVE-2016-10667.json index 246336e3663..52fa90e842d 100644 --- a/2016/10xxx/CVE-2016-10667.json +++ b/2016/10xxx/CVE-2016-10667.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2016-10667", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "selenium-portal node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "selenium-portal is a Selenium Testing Framework selenium-portal downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Missing Encryption of Sensitive Data (CWE-311)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2016-10667", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "selenium-portal node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodesecurity.io/advisories/260", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/260" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "selenium-portal is a Selenium Testing Framework selenium-portal downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Encryption of Sensitive Data (CWE-311)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/260", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/260" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3006.json b/2016/3xxx/CVE-2016-3006.json index 23dd0d61b69..fd22486176b 100644 --- a/2016/3xxx/CVE-2016-3006.json +++ b/2016/3xxx/CVE-2016-3006.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3006", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-3001 and CVE-2016-3003." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-3006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www-01.ibm.com/support/docview.wss?uid=swg21989067", - "refsource" : "CONFIRM", - "url" : "https://www-01.ibm.com/support/docview.wss?uid=swg21989067" - }, - { - "name" : "LO89962", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1LO89962" - }, - { - "name" : "93167", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93167" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-3001 and CVE-2016-3003." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "LO89962", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LO89962" + }, + { + "name": "93167", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93167" + }, + { + "name": "https://www-01.ibm.com/support/docview.wss?uid=swg21989067", + "refsource": "CONFIRM", + "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21989067" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3734.json b/2016/3xxx/CVE-2016-3734.json index 2093156363d..c4b61a9aa2f 100644 --- a/2016/3xxx/CVE-2016-3734.json +++ b/2016/3xxx/CVE-2016-3734.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3734", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-3734", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160517 Moodle security release 3.0.4, 2.9.6, 2.8.12, 2.7.14", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/05/17/4" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53755", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53755" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1335933", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1335933" - }, - { - "name" : "91281", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91281" - }, - { - "name" : "1035902", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035902" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160517 Moodle security release 3.0.4, 2.9.6, 2.8.12, 2.7.14", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/05/17/4" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53755", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53755" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1335933", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335933" + }, + { + "name": "1035902", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035902" + }, + { + "name": "91281", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91281" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3771.json b/2016/3xxx/CVE-2016-3771.json index 933dd870df4..57cf5ecc4e7 100644 --- a/2016/3xxx/CVE-2016-3771.json +++ b/2016/3xxx/CVE-2016-3771.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3771", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29007611 and MediaTek internal bug ALPS02703102." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3771", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-07-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-07-01.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29007611 and MediaTek internal bug ALPS02703102." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-07-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-07-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8401.json b/2016/8xxx/CVE-2016-8401.json index afe478158bb..6546ef60cb5 100644 --- a/2016/8xxx/CVE-2016-8401.json +++ b/2016/8xxx/CVE-2016-8401.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-8401", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - }, - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31494725." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-8401", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + }, + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2016-12-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2016-12-01.html" - }, - { - "name" : "94686", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94686" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31494725." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2016-12-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2016-12-01.html" + }, + { + "name": "94686", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94686" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8743.json b/2016/8xxx/CVE-2016-8743.json index 0b3e7a7ebb7..e32416012fb 100644 --- a/2016/8xxx/CVE-2016-8743.json +++ b/2016/8xxx/CVE-2016-8743.json @@ -1,138 +1,138 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2016-12-20T00:00:00", - "ID" : "CVE-2016-8743", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache HTTP Server", - "version" : { - "version_data" : [ - { - "version_value" : "2.2.0 to 2.2.31, 2.4.1 to 2.4.23" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Request Smuggling, Response Splitting" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2016-12-20T00:00:00", + "ID": "CVE-2016-8743", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache HTTP Server", + "version": { + "version_data": [ + { + "version_value": "2.2.0 to 2.2.31, 2.4.1 to 2.4.23" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-8743", - "refsource" : "CONFIRM", - "url" : "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-8743" - }, - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us" - }, - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03753en_us", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03753en_us" - }, - { - "name" : "https://www.tenable.com/security/tns-2017-04", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2017-04" - }, - { - "name" : "https://support.apple.com/HT208221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208221" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180423-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180423-0001/" - }, - { - "name" : "DSA-3796", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3796" - }, - { - "name" : "GLSA-201701-36", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-36" - }, - { - "name" : "RHSA-2017:0906", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0906" - }, - { - "name" : "RHSA-2017:1161", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1161" - }, - { - "name" : "RHSA-2017:1413", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1413" - }, - { - "name" : "RHSA-2017:1414", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1414" - }, - { - "name" : "RHSA-2017:1415", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-1415.html" - }, - { - "name" : "RHSA-2017:1721", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1721" - }, - { - "name" : "95077", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95077" - }, - { - "name" : "1037508", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037508" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Request Smuggling, Response Splitting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208221" + }, + { + "name": "DSA-3796", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3796" + }, + { + "name": "RHSA-2017:1721", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1721" + }, + { + "name": "1037508", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037508" + }, + { + "name": "RHSA-2017:1413", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1413" + }, + { + "name": "RHSA-2017:1161", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1161" + }, + { + "name": "https://www.tenable.com/security/tns-2017-04", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2017-04" + }, + { + "name": "RHSA-2017:1414", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1414" + }, + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03753en_us", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03753en_us" + }, + { + "name": "95077", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95077" + }, + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us" + }, + { + "name": "RHSA-2017:1415", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html" + }, + { + "name": "RHSA-2017:0906", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0906" + }, + { + "name": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-8743", + "refsource": "CONFIRM", + "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-8743" + }, + { + "name": "GLSA-201701-36", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-36" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180423-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180423-0001/" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9642.json b/2016/9xxx/CVE-2016-9642.json index c11293d205c..3ccc0f9097a 100644 --- a/2016/9xxx/CVE-2016-9642.json +++ b/2016/9xxx/CVE-2016-9642.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9642", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "JavaScriptCore in WebKit allows attackers to cause a denial of service (out-of-bounds heap read) via a crafted Javascript file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161126 Re: CVE request: Heap read out-of-bounds parsing a Javascript file with the last revision of JavaScript Core", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/11/26/4" - }, - { - "name" : "GLSA-201706-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-15" - }, - { - "name" : "94554", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94554" - }, - { - "name" : "1038137", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038137" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "JavaScriptCore in WebKit allows attackers to cause a denial of service (out-of-bounds heap read) via a crafted Javascript file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038137", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038137" + }, + { + "name": "[oss-security] 20161126 Re: CVE request: Heap read out-of-bounds parsing a Javascript file with the last revision of JavaScript Core", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/11/26/4" + }, + { + "name": "GLSA-201706-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-15" + }, + { + "name": "94554", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94554" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9791.json b/2016/9xxx/CVE-2016-9791.json index aa68ccb81d9..4c1ced93dd1 100644 --- a/2016/9xxx/CVE-2016-9791.json +++ b/2016/9xxx/CVE-2016-9791.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9791", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-9791", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9933.json b/2016/9xxx/CVE-2016-9933.json index e82d63909c8..8d802ef6109 100644 --- a/2016/9xxx/CVE-2016-9933.json +++ b/2016/9xxx/CVE-2016-9933.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9933", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9933", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161212 CVE assignment for PHP 5.6.28, 5.6.29, 7.0.13, 7.0.14 and 7.1.0", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/12/12/2" - }, - { - "name" : "http://www.php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php" - }, - { - "name" : "http://www.php.net/ChangeLog-7.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-7.php" - }, - { - "name" : "https://bugs.php.net/bug.php?id=72696", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=72696" - }, - { - "name" : "https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e", - "refsource" : "CONFIRM", - "url" : "https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e" - }, - { - "name" : "https://github.com/libgd/libgd/issues/215", - "refsource" : "CONFIRM", - "url" : "https://github.com/libgd/libgd/issues/215" - }, - { - "name" : "https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1", - "refsource" : "CONFIRM", - "url" : "https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1" - }, - { - "name" : "DSA-3751", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3751" - }, - { - "name" : "RHSA-2018:1296", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1296" - }, - { - "name" : "openSUSE-SU-2016:3228", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00133.html" - }, - { - "name" : "openSUSE-SU-2016:3239", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html" - }, - { - "name" : "openSUSE-SU-2017:0006", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2017-01/msg00002.html" - }, - { - "name" : "openSUSE-SU-2017:0061", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html" - }, - { - "name" : "openSUSE-SU-2017:0081", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html" - }, - { - "name" : "94865", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94865" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20161212 CVE assignment for PHP 5.6.28, 5.6.29, 7.0.13, 7.0.14 and 7.1.0", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/12/12/2" + }, + { + "name": "openSUSE-SU-2016:3228", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00133.html" + }, + { + "name": "openSUSE-SU-2017:0081", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html" + }, + { + "name": "http://www.php.net/ChangeLog-7.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-7.php" + }, + { + "name": "openSUSE-SU-2017:0006", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00002.html" + }, + { + "name": "https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1", + "refsource": "CONFIRM", + "url": "https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1" + }, + { + "name": "DSA-3751", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3751" + }, + { + "name": "94865", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94865" + }, + { + "name": "RHSA-2018:1296", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1296" + }, + { + "name": "http://www.php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php" + }, + { + "name": "https://bugs.php.net/bug.php?id=72696", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=72696" + }, + { + "name": "openSUSE-SU-2017:0061", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html" + }, + { + "name": "openSUSE-SU-2016:3239", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html" + }, + { + "name": "https://github.com/libgd/libgd/issues/215", + "refsource": "CONFIRM", + "url": "https://github.com/libgd/libgd/issues/215" + }, + { + "name": "https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e", + "refsource": "CONFIRM", + "url": "https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2568.json b/2019/2xxx/CVE-2019-2568.json index 646ed097b29..1bc33dd413e 100644 --- a/2019/2xxx/CVE-2019-2568.json +++ b/2019/2xxx/CVE-2019-2568.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2568", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2568", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2844.json b/2019/2xxx/CVE-2019-2844.json index adf823dc94c..6d95c0bc960 100644 --- a/2019/2xxx/CVE-2019-2844.json +++ b/2019/2xxx/CVE-2019-2844.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2844", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2844", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2858.json b/2019/2xxx/CVE-2019-2858.json index 5c8e43025f4..a83af3e8cdc 100644 --- a/2019/2xxx/CVE-2019-2858.json +++ b/2019/2xxx/CVE-2019-2858.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2858", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2858", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2942.json b/2019/2xxx/CVE-2019-2942.json index 3318f6fd1db..e8380c8adf5 100644 --- a/2019/2xxx/CVE-2019-2942.json +++ b/2019/2xxx/CVE-2019-2942.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2942", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2942", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6354.json b/2019/6xxx/CVE-2019-6354.json index 8a5d3b41299..0d35d02348a 100644 --- a/2019/6xxx/CVE-2019-6354.json +++ b/2019/6xxx/CVE-2019-6354.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6354", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6354", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6384.json b/2019/6xxx/CVE-2019-6384.json index dd501c9fd18..2865d787d81 100644 --- a/2019/6xxx/CVE-2019-6384.json +++ b/2019/6xxx/CVE-2019-6384.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6384", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6384", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6754.json b/2019/6xxx/CVE-2019-6754.json index 27b5a434f85..75d6784ea11 100644 --- a/2019/6xxx/CVE-2019-6754.json +++ b/2019/6xxx/CVE-2019-6754.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6754", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6754", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6862.json b/2019/6xxx/CVE-2019-6862.json index 873297af6e0..23b0183c21f 100644 --- a/2019/6xxx/CVE-2019-6862.json +++ b/2019/6xxx/CVE-2019-6862.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6862", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6862", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6986.json b/2019/6xxx/CVE-2019-6986.json index 5650043f2b2..2e7ddfa25fb 100644 --- a/2019/6xxx/CVE-2019-6986.json +++ b/2019/6xxx/CVE-2019-6986.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6986", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SPARQL Injection in VIVO Vitro v1.10.0 allows a remote attacker to execute arbitrary SPARQL via the uri parameter, leading to a regular expression denial of service (ReDoS), as demonstrated by crafted use of FILTER%20regex in a /individual?uri= request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6986", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/kevinbackhouse/SecurityExploits/tree/0ec74459ac53685a7959ed58d580ef8abece3685/vivo-project", - "refsource" : "MISC", - "url" : "https://github.com/kevinbackhouse/SecurityExploits/tree/0ec74459ac53685a7959ed58d580ef8abece3685/vivo-project" - }, - { - "name" : "https://github.com/vivo-project/Vitro/pull/111", - "refsource" : "MISC", - "url" : "https://github.com/vivo-project/Vitro/pull/111" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SPARQL Injection in VIVO Vitro v1.10.0 allows a remote attacker to execute arbitrary SPARQL via the uri parameter, leading to a regular expression denial of service (ReDoS), as demonstrated by crafted use of FILTER%20regex in a /individual?uri= request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/kevinbackhouse/SecurityExploits/tree/0ec74459ac53685a7959ed58d580ef8abece3685/vivo-project", + "refsource": "MISC", + "url": "https://github.com/kevinbackhouse/SecurityExploits/tree/0ec74459ac53685a7959ed58d580ef8abece3685/vivo-project" + }, + { + "name": "https://github.com/vivo-project/Vitro/pull/111", + "refsource": "MISC", + "url": "https://github.com/vivo-project/Vitro/pull/111" + } + ] + } +} \ No newline at end of file