diff --git a/2006/1xxx/CVE-2006-1698.json b/2006/1xxx/CVE-2006-1698.json index a79de985fc8..ddd0a99bf2b 100644 --- a/2006/1xxx/CVE-2006-1698.json +++ b/2006/1xxx/CVE-2006-1698.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1698", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) url, (2) city, (3) state, or (4) country parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it is likely that they are the result of post-disclosure analysis." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1698", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ADV-2006-1287", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1287" - }, - { - "name" : "19586", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19586" - }, - { - "name" : "guestbook-guestbook-parameters-xss(25697)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25697" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) url, (2) city, (3) state, or (4) country parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it is likely that they are the result of post-disclosure analysis." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19586", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19586" + }, + { + "name": "guestbook-guestbook-parameters-xss(25697)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25697" + }, + { + "name": "ADV-2006-1287", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1287" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1826.json b/2006/1xxx/CVE-2006-1826.json index c6054b8fb98..c916ecc7dc8 100644 --- a/2006/1xxx/CVE-2006-1826.json +++ b/2006/1xxx/CVE-2006-1826.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1826", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Snipe Gallery 3.1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gallery_id parameter in view.php, (2) keyword parameter in search.php, and (3) image_id parameter in image.php. NOTE: it is possible that vectors 1 and 3 are resultant from SQL injection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1826", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060415 Snipe Gallery <= 3.1.4 Multiple XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431074/100/0/threaded" - }, - { - "name" : "20060416 Re: Snipe Gallery <= 3.1.4 Multiple XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431123/100/0/threaded" - }, - { - "name" : "17543", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17543" - }, - { - "name" : "1015947", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015947" - }, - { - "name" : "snipe-view-image-xss(25803)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25803" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Snipe Gallery 3.1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gallery_id parameter in view.php, (2) keyword parameter in search.php, and (3) image_id parameter in image.php. NOTE: it is possible that vectors 1 and 3 are resultant from SQL injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060416 Re: Snipe Gallery <= 3.1.4 Multiple XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431123/100/0/threaded" + }, + { + "name": "20060415 Snipe Gallery <= 3.1.4 Multiple XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431074/100/0/threaded" + }, + { + "name": "17543", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17543" + }, + { + "name": "1015947", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015947" + }, + { + "name": "snipe-view-image-xss(25803)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25803" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1846.json b/2006/1xxx/CVE-2006-1846.json index c1fd2bddf79..ed930488bf2 100644 --- a/2006/1xxx/CVE-2006-1846.json +++ b/2006/1xxx/CVE-2006-1846.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1846", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to inject arbitrary HTML and web script via the ublock parameter, which is saved in the user's personal menu. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. In addition, it is unclear whether this issue is a vulnerability, since it is related to the user's personal menu, which presumably is not modifiable by others." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1846", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "16774", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16774" - }, - { - "name" : "ADV-2006-0687", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0687" - }, - { - "name" : "23431", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23431" - }, - { - "name" : "18972", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18972" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to inject arbitrary HTML and web script via the ublock parameter, which is saved in the user's personal menu. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. In addition, it is unclear whether this issue is a vulnerability, since it is related to the user's personal menu, which presumably is not modifiable by others." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18972", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18972" + }, + { + "name": "ADV-2006-0687", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0687" + }, + { + "name": "23431", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23431" + }, + { + "name": "16774", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16774" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5651.json b/2006/5xxx/CVE-2006-5651.json index 897cce9e477..f5cfa5015e2 100644 --- a/2006/5xxx/CVE-2006-5651.json +++ b/2006/5xxx/CVE-2006-5651.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5651", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "list.php in DigiOz Guestbook before 1.7.1 allows remote attackers to obtain sensitive information via a non-numeric page parameter, which displays the installation path in the resulting error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5651", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061107 DigiOz Guestbook version 1.7 Path Disclosure", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=116288079420333&w=2" - }, - { - "name" : "20061107 DigiOz Guestbook version 1.7 Path Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/450826/30/0/threaded" - }, - { - "name" : "http://www.netvigilance.com/advisory0006", - "refsource" : "MISC", - "url" : "http://www.netvigilance.com/advisory0006" - }, - { - "name" : "29985", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29985" - }, - { - "name" : "1829", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1829" - }, - { - "name" : "digiozguestbook-list-path-disclosure(30067)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30067" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "list.php in DigiOz Guestbook before 1.7.1 allows remote attackers to obtain sensitive information via a non-numeric page parameter, which displays the installation path in the resulting error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.netvigilance.com/advisory0006", + "refsource": "MISC", + "url": "http://www.netvigilance.com/advisory0006" + }, + { + "name": "1829", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1829" + }, + { + "name": "digiozguestbook-list-path-disclosure(30067)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30067" + }, + { + "name": "20061107 DigiOz Guestbook version 1.7 Path Disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/450826/30/0/threaded" + }, + { + "name": "29985", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29985" + }, + { + "name": "20061107 DigiOz Guestbook version 1.7 Path Disclosure", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=116288079420333&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5735.json b/2006/5xxx/CVE-2006-5735.json index 1c5bbb7102e..c9b5914d9cd 100644 --- a/2006/5xxx/CVE-2006-5735.json +++ b/2006/5xxx/CVE-2006-5735.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5735", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in include/common.php in PunBB before 1.2.14 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the language parameter, related to register.php storing a language value in the users table." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5735", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061030 Punbb <= 1.2.13 Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/450055/100/0/threaded" - }, - { - "name" : "http://www.wargan.org/index.php/2006/10/29/4-punbb-1213-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "http://www.wargan.org/index.php/2006/10/29/4-punbb-1213-multiple-vulnerabilities" - }, - { - "name" : "http://www.punbb.org/changelogs/1.2.13_to_1.2.14.txt", - "refsource" : "CONFIRM", - "url" : "http://www.punbb.org/changelogs/1.2.13_to_1.2.14.txt" - }, - { - "name" : "ADV-2006-4256", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4256" - }, - { - "name" : "30132", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30132" - }, - { - "name" : "1017131", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017131" - }, - { - "name" : "22622", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22622" - }, - { - "name" : "1824", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1824" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in include/common.php in PunBB before 1.2.14 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the language parameter, related to register.php storing a language value in the users table." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1017131", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017131" + }, + { + "name": "1824", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1824" + }, + { + "name": "30132", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30132" + }, + { + "name": "20061030 Punbb <= 1.2.13 Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/450055/100/0/threaded" + }, + { + "name": "ADV-2006-4256", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4256" + }, + { + "name": "http://www.wargan.org/index.php/2006/10/29/4-punbb-1213-multiple-vulnerabilities", + "refsource": "MISC", + "url": "http://www.wargan.org/index.php/2006/10/29/4-punbb-1213-multiple-vulnerabilities" + }, + { + "name": "22622", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22622" + }, + { + "name": "http://www.punbb.org/changelogs/1.2.13_to_1.2.14.txt", + "refsource": "CONFIRM", + "url": "http://www.punbb.org/changelogs/1.2.13_to_1.2.14.txt" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5812.json b/2006/5xxx/CVE-2006-5812.json index f3580bd322c..2c009ac5d86 100644 --- a/2006/5xxx/CVE-2006-5812.json +++ b/2006/5xxx/CVE-2006-5812.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5812", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Kerio MailServer allows attackers to cause a denial of service, as demonstrated by vd_kms4.pm, a \"Kerio MailServer DoS.\" NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5812", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://gleg.net/vulndisco_meta.shtml", - "refsource" : "MISC", - "url" : "http://gleg.net/vulndisco_meta.shtml" - }, - { - "name" : "1017171", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017171" - }, - { - "name" : "22861", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22861" - }, - { - "name" : "kerio-mailserver-dos(30145)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30145" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Kerio MailServer allows attackers to cause a denial of service, as demonstrated by vd_kms4.pm, a \"Kerio MailServer DoS.\" NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://gleg.net/vulndisco_meta.shtml", + "refsource": "MISC", + "url": "http://gleg.net/vulndisco_meta.shtml" + }, + { + "name": "22861", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22861" + }, + { + "name": "1017171", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017171" + }, + { + "name": "kerio-mailserver-dos(30145)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30145" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2684.json b/2007/2xxx/CVE-2007-2684.json index 27d9a7279ce..6ab7dc4365b 100644 --- a/2007/2xxx/CVE-2007-2684.json +++ b/2007/2xxx/CVE-2007-2684.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2684", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Jetbox CMS 2.1 allows remote attackers to obtain sensitive information via (1) a direct request to (a) main_page.php, (b) open_tree.php, and (c) outputs.php; (2) a malformed view parameter to index.php, as demonstrated with an SQL injection manipulation; or (3) the id[] parameter to admin/cms/opentree.php, which reveals the installation path in the resulting error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2684", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070521 Jetbox CMS version 2.1 Multiple Path Disclosure Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/469222/100/0/threaded" - }, - { - "name" : "20070521 Jetbox CMS version 2.1 Multiple Path Disclosure Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=117974375029054&w=2" - }, - { - "name" : "http://www.netvigilance.com/advisory0027", - "refsource" : "MISC", - "url" : "http://www.netvigilance.com/advisory0027" - }, - { - "name" : "34783", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/34783" - }, - { - "name" : "34787", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34787" - }, - { - "name" : "34788", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34788" - }, - { - "name" : "34789", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34789" - }, - { - "name" : "34790", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34790" - }, - { - "name" : "jetboxcms-multiple-path-disclosure(34385)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34385" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jetbox CMS 2.1 allows remote attackers to obtain sensitive information via (1) a direct request to (a) main_page.php, (b) open_tree.php, and (c) outputs.php; (2) a malformed view parameter to index.php, as demonstrated with an SQL injection manipulation; or (3) the id[] parameter to admin/cms/opentree.php, which reveals the installation path in the resulting error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34789", + "refsource": "OSVDB", + "url": "http://osvdb.org/34789" + }, + { + "name": "34790", + "refsource": "OSVDB", + "url": "http://osvdb.org/34790" + }, + { + "name": "http://www.netvigilance.com/advisory0027", + "refsource": "MISC", + "url": "http://www.netvigilance.com/advisory0027" + }, + { + "name": "jetboxcms-multiple-path-disclosure(34385)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34385" + }, + { + "name": "34788", + "refsource": "OSVDB", + "url": "http://osvdb.org/34788" + }, + { + "name": "20070521 Jetbox CMS version 2.1 Multiple Path Disclosure Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=117974375029054&w=2" + }, + { + "name": "20070521 Jetbox CMS version 2.1 Multiple Path Disclosure Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/469222/100/0/threaded" + }, + { + "name": "34787", + "refsource": "OSVDB", + "url": "http://osvdb.org/34787" + }, + { + "name": "34783", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/34783" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6168.json b/2007/6xxx/CVE-2007-6168.json index e4a208ab171..1bf32938562 100644 --- a/2007/6xxx/CVE-2007-6168.json +++ b/2007/6xxx/CVE-2007-6168.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6168", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in default.asp in VU Case Manager allows remote attackers to execute arbitrary SQL commands via the username parameter, a different vector than CVE-2007-6143. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6168", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071121 [Aria-Security.Net] VU Case Manager \"Username/Password\" SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/484019" - }, - { - "name" : "26643", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26643" - }, - { - "name" : "ADV-2007-3967", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3967" - }, - { - "name" : "27779", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27779" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in default.asp in VU Case Manager allows remote attackers to execute arbitrary SQL commands via the username parameter, a different vector than CVE-2007-6143. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-3967", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3967" + }, + { + "name": "20071121 [Aria-Security.Net] VU Case Manager \"Username/Password\" SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/484019" + }, + { + "name": "26643", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26643" + }, + { + "name": "27779", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27779" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6381.json b/2007/6xxx/CVE-2007-6381.json index a870db4afe1..5217c5c05c0 100644 --- a/2007/6xxx/CVE-2007-6381.json +++ b/2007/6xxx/CVE-2007-6381.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6381", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6381", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457446", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457446" - }, - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-20071210-1/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-20071210-1/" - }, - { - "name" : "DSA-1439", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1439" - }, - { - "name" : "26871", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26871" - }, - { - "name" : "ADV-2007-4205", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4205" - }, - { - "name" : "39506", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39506" - }, - { - "name" : "1019146", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1019146" - }, - { - "name" : "27969", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27969" - }, - { - "name" : "28243", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28243" - }, - { - "name" : "typo3-indexedsearch-sql-injection(39017)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39017" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28243", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28243" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-20071210-1/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-20071210-1/" + }, + { + "name": "ADV-2007-4205", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4205" + }, + { + "name": "39506", + "refsource": "OSVDB", + "url": "http://osvdb.org/39506" + }, + { + "name": "1019146", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1019146" + }, + { + "name": "26871", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26871" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457446", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457446" + }, + { + "name": "typo3-indexedsearch-sql-injection(39017)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39017" + }, + { + "name": "27969", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27969" + }, + { + "name": "DSA-1439", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1439" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6567.json b/2007/6xxx/CVE-2007-6567.json index 4cb7f3323fa..084f2dd4cf5 100644 --- a/2007/6xxx/CVE-2007-6567.json +++ b/2007/6xxx/CVE-2007-6567.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6567", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagename parameter in a page view action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6567", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071227 XZero Community Classifieds <= v4.95.11 LFI & SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485545/100/0/threaded" - }, - { - "name" : "4794", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4794" - }, - { - "name" : "http://en.rstzone.org/xzero-community-classifieds-v4-95-11-lfi-sql-in-t9394.rst", - "refsource" : "MISC", - "url" : "http://en.rstzone.org/xzero-community-classifieds-v4-95-11-lfi-sql-in-t9394.rst" - }, - { - "name" : "27041", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27041" - }, - { - "name" : "39741", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39741" - }, - { - "name" : "xzero-index-file-include(39260)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39260" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagename parameter in a page view action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39741", + "refsource": "OSVDB", + "url": "http://osvdb.org/39741" + }, + { + "name": "http://en.rstzone.org/xzero-community-classifieds-v4-95-11-lfi-sql-in-t9394.rst", + "refsource": "MISC", + "url": "http://en.rstzone.org/xzero-community-classifieds-v4-95-11-lfi-sql-in-t9394.rst" + }, + { + "name": "20071227 XZero Community Classifieds <= v4.95.11 LFI & SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485545/100/0/threaded" + }, + { + "name": "xzero-index-file-include(39260)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39260" + }, + { + "name": "4794", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4794" + }, + { + "name": "27041", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27041" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6744.json b/2007/6xxx/CVE-2007-6744.json index 262d5cea27d..d623cd752b7 100644 --- a/2007/6xxx/CVE-2007-6744.json +++ b/2007/6xxx/CVE-2007-6744.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6744", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Flexera Macrovision InstallShield before 2008 sends a digital-signature password to an unintended application during certain signature operations involving .spc and .pvk files, which might allow local users to obtain sensitive information via unspecified vectors, related to an incorrect interaction between InstallShield and Signcode.exe." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6744", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Installation-InstallShield-InstallShield2008Premier-Public-ProductInfo-IS2008PremProReleaseNotes2pdf&sliceId=pdfPage_42", - "refsource" : "CONFIRM", - "url" : "http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Installation-InstallShield-InstallShield2008Premier-Public-ProductInfo-IS2008PremProReleaseNotes2pdf&sliceId=pdfPage_42" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Flexera Macrovision InstallShield before 2008 sends a digital-signature password to an unintended application during certain signature operations involving .spc and .pvk files, which might allow local users to obtain sensitive information via unspecified vectors, related to an incorrect interaction between InstallShield and Signcode.exe." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Installation-InstallShield-InstallShield2008Premier-Public-ProductInfo-IS2008PremProReleaseNotes2pdf&sliceId=pdfPage_42", + "refsource": "CONFIRM", + "url": "http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Installation-InstallShield-InstallShield2008Premier-Public-ProductInfo-IS2008PremProReleaseNotes2pdf&sliceId=pdfPage_42" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0213.json b/2010/0xxx/CVE-2010-0213.json index cd55c476647..a27641adf06 100644 --- a/2010/0xxx/CVE-2010-0213.json +++ b/2010/0xxx/CVE-2010-0213.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0213", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trust anchor that is configured statically or via DNSSEC Lookaside Validation (DLV), allows remote attackers to cause a denial of service (infinite loop) via a query for an RRSIG record whose answer is not in the cache, which causes BIND to repeatedly send RRSIG queries to the authoritative servers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2010-0213", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.isc.org/software/bind/advisories/cve-2010-0213", - "refsource" : "CONFIRM", - "url" : "http://www.isc.org/software/bind/advisories/cve-2010-0213" - }, - { - "name" : "FEDORA-2010-11344", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044445.html" - }, - { - "name" : "SUSE-SR:2010:020", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html" - }, - { - "name" : "VU#211905", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/211905" - }, - { - "name" : "41730", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41730" - }, - { - "name" : "1024217", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024217" - }, - { - "name" : "40652", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40652" - }, - { - "name" : "40709", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40709" - }, - { - "name" : "ADV-2010-1884", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1884" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trust anchor that is configured statically or via DNSSEC Lookaside Validation (DLV), allows remote attackers to cause a denial of service (infinite loop) via a query for an RRSIG record whose answer is not in the cache, which causes BIND to repeatedly send RRSIG queries to the authoritative servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SR:2010:020", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html" + }, + { + "name": "41730", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41730" + }, + { + "name": "1024217", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024217" + }, + { + "name": "VU#211905", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/211905" + }, + { + "name": "40709", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40709" + }, + { + "name": "FEDORA-2010-11344", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044445.html" + }, + { + "name": "40652", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40652" + }, + { + "name": "ADV-2010-1884", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1884" + }, + { + "name": "http://www.isc.org/software/bind/advisories/cve-2010-0213", + "refsource": "CONFIRM", + "url": "http://www.isc.org/software/bind/advisories/cve-2010-0213" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0270.json b/2010/0xxx/CVE-2010-0270.json index 5a34d7af818..fa96b075535 100644 --- a/2010/0xxx/CVE-2010-0270.json +++ b/2010/0xxx/CVE-2010-0270.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0270", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka \"SMB Client Transaction Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-0270", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-020", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-020" - }, - { - "name" : "TA10-103A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-103A.html" - }, - { - "name" : "oval:org.mitre.oval:def:7164", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7164" - }, - { - "name" : "39372", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39372" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka \"SMB Client Transaction Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:7164", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7164" + }, + { + "name": "39372", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39372" + }, + { + "name": "MS10-020", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-020" + }, + { + "name": "TA10-103A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-103A.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0795.json b/2010/0xxx/CVE-2010-0795.json index 0f6dba9183a..a4bb7a6c0ee 100644 --- a/2010/0xxx/CVE-2010-0795.json +++ b/2010/0xxx/CVE-2010-0795.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0795", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the JE Event Calendars (com_jeeventcalendar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an event action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0795", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "11292", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11292" - }, - { - "name" : "38012", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38012" - }, - { - "name" : "62038", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/62038" - }, - { - "name" : "38408", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38408" - }, - { - "name" : "jeeventcalendars-index-sql-injection(56008)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56008" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the JE Event Calendars (com_jeeventcalendar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an event action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62038", + "refsource": "OSVDB", + "url": "http://osvdb.org/62038" + }, + { + "name": "11292", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11292" + }, + { + "name": "38408", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38408" + }, + { + "name": "38012", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38012" + }, + { + "name": "jeeventcalendars-index-sql-injection(56008)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56008" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1634.json b/2010/1xxx/CVE-2010-1634.json index 233c7157a07..ef95c511de0 100644 --- a/2010/1xxx/CVE-2010-1634.json +++ b/2010/1xxx/CVE-2010-1634.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1634", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-1634", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.python.org/issue8674", - "refsource" : "CONFIRM", - "url" : "http://bugs.python.org/issue8674" - }, - { - "name" : "http://svn.python.org/view?rev=81045&view=rev", - "refsource" : "CONFIRM", - "url" : "http://svn.python.org/view?rev=81045&view=rev" - }, - { - "name" : "http://svn.python.org/view?rev=81079&view=rev", - "refsource" : "CONFIRM", - "url" : "http://svn.python.org/view?rev=81079&view=rev" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=590690", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=590690" - }, - { - "name" : "http://support.apple.com/kb/HT5002", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5002" - }, - { - "name" : "APPLE-SA-2011-10-12-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" - }, - { - "name" : "FEDORA-2010-9652", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.html" - }, - { - "name" : "RHSA-2011:0027", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0027.html" - }, - { - "name" : "SUSE-SR:2010:024", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "USN-1596-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1596-1" - }, - { - "name" : "USN-1613-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1613-2" - }, - { - "name" : "USN-1613-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1613-1" - }, - { - "name" : "USN-1616-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1616-1" - }, - { - "name" : "40370", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40370" - }, - { - "name" : "39937", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39937" - }, - { - "name" : "40194", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40194" - }, - { - "name" : "42888", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42888" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "50858", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50858" - }, - { - "name" : "51024", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51024" - }, - { - "name" : "51040", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51040" - }, - { - "name" : "51087", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51087" - }, - { - "name" : "ADV-2010-1448", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1448" - }, - { - "name" : "ADV-2011-0122", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0122" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.python.org/issue8674", + "refsource": "CONFIRM", + "url": "http://bugs.python.org/issue8674" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "FEDORA-2010-9652", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.html" + }, + { + "name": "51087", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51087" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "USN-1616-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1616-1" + }, + { + "name": "51040", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51040" + }, + { + "name": "ADV-2010-1448", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1448" + }, + { + "name": "50858", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50858" + }, + { + "name": "APPLE-SA-2011-10-12-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" + }, + { + "name": "ADV-2011-0122", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0122" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=590690", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=590690" + }, + { + "name": "42888", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42888" + }, + { + "name": "http://svn.python.org/view?rev=81045&view=rev", + "refsource": "CONFIRM", + "url": "http://svn.python.org/view?rev=81045&view=rev" + }, + { + "name": "39937", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39937" + }, + { + "name": "USN-1596-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1596-1" + }, + { + "name": "40194", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40194" + }, + { + "name": "RHSA-2011:0027", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0027.html" + }, + { + "name": "USN-1613-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1613-2" + }, + { + "name": "http://support.apple.com/kb/HT5002", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5002" + }, + { + "name": "SUSE-SR:2010:024", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html" + }, + { + "name": "40370", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40370" + }, + { + "name": "51024", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51024" + }, + { + "name": "USN-1613-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1613-1" + }, + { + "name": "http://svn.python.org/view?rev=81079&view=rev", + "refsource": "CONFIRM", + "url": "http://svn.python.org/view?rev=81079&view=rev" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1636.json b/2010/1xxx/CVE-2010-1636.json index 54c252a7125..9e9f35512a2 100644 --- a/2010/1xxx/CVE-2010-1636.json +++ b/2010/1xxx/CVE-2010-1636.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1636", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the btrfs functionality in the Linux kernel 2.6.29 through 2.6.32, and possibly other versions, does not ensure that a cloned file descriptor has been opened for reading, which allows local users to read sensitive information from a write-only file descriptor." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-1636", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100518 Re: kernel: btrfs: check for read permission on src file in the clone ioctl", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/05/18/10" - }, - { - "name" : "[oss-security] 20100518 kernel: btrfs: check for read permission on src file in the clone ioctl", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/05/18/2" - }, - { - "name" : "[oss-security] 20100525 Re: kernel: btrfs: check for read permission on src file in the clone ioctl", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/05/25/8" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/579585", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/579585" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=5dc6416414fb3ec6e2825fd4d20c8bf1d7fe0395", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=5dc6416414fb3ec6e2825fd4d20c8bf1d7fe0395" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=593226", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=593226" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the btrfs functionality in the Linux kernel 2.6.29 through 2.6.32, and possibly other versions, does not ensure that a cloned file descriptor has been opened for reading, which allows local users to read sensitive information from a write-only file descriptor." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/579585", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/579585" + }, + { + "name": "[oss-security] 20100518 Re: kernel: btrfs: check for read permission on src file in the clone ioctl", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/05/18/10" + }, + { + "name": "[oss-security] 20100518 kernel: btrfs: check for read permission on src file in the clone ioctl", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/05/18/2" + }, + { + "name": "[oss-security] 20100525 Re: kernel: btrfs: check for read permission on src file in the clone ioctl", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/05/25/8" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=593226", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=593226" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=5dc6416414fb3ec6e2825fd4d20c8bf1d7fe0395", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=5dc6416414fb3ec6e2825fd4d20c8bf1d7fe0395" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1975.json b/2010/1xxx/CVE-2010-1975.json index d354328676a..b80587bb527 100644 --- a/2010/1xxx/CVE-2010-1975.json +++ b/2010/1xxx/CVE-2010-1975.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1975", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1975", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.postgresql.org/docs/current/static/release-7-4-29.html", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/docs/current/static/release-7-4-29.html" - }, - { - "name" : "http://www.postgresql.org/docs/current/static/release-8-0-25.html", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/docs/current/static/release-8-0-25.html" - }, - { - "name" : "http://www.postgresql.org/docs/current/static/release-8-1-21.html", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/docs/current/static/release-8-1-21.html" - }, - { - "name" : "http://www.postgresql.org/docs/current/static/release-8-2-17.html", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/docs/current/static/release-8-2-17.html" - }, - { - "name" : "http://www.postgresql.org/docs/current/static/release-8-3-11.html", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/docs/current/static/release-8-3-11.html" - }, - { - "name" : "http://www.postgresql.org/docs/current/static/release-8-4-4.html", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/docs/current/static/release-8-4-4.html" - }, - { - "name" : "DSA-2051", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2051" - }, - { - "name" : "HPSBMU02781", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134124585221119&w=2" - }, - { - "name" : "SSRT100617", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134124585221119&w=2" - }, - { - "name" : "MDVSA-2010:103", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:103" - }, - { - "name" : "SUSE-SR:2010:014", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" - }, - { - "name" : "40304", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40304" - }, - { - "name" : "oval:org.mitre.oval:def:11004", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11004" - }, - { - "name" : "39939", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39939" - }, - { - "name" : "ADV-2010-1207", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1207" - }, - { - "name" : "ADV-2010-1221", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1221" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.postgresql.org/docs/current/static/release-8-1-21.html", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/docs/current/static/release-8-1-21.html" + }, + { + "name": "HPSBMU02781", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134124585221119&w=2" + }, + { + "name": "DSA-2051", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2051" + }, + { + "name": "http://www.postgresql.org/docs/current/static/release-7-4-29.html", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/docs/current/static/release-7-4-29.html" + }, + { + "name": "http://www.postgresql.org/docs/current/static/release-8-0-25.html", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/docs/current/static/release-8-0-25.html" + }, + { + "name": "oval:org.mitre.oval:def:11004", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11004" + }, + { + "name": "ADV-2010-1221", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1221" + }, + { + "name": "http://www.postgresql.org/docs/current/static/release-8-3-11.html", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/docs/current/static/release-8-3-11.html" + }, + { + "name": "ADV-2010-1207", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1207" + }, + { + "name": "http://www.postgresql.org/docs/current/static/release-8-2-17.html", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/docs/current/static/release-8-2-17.html" + }, + { + "name": "http://www.postgresql.org/docs/current/static/release-8-4-4.html", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/docs/current/static/release-8-4-4.html" + }, + { + "name": "SUSE-SR:2010:014", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" + }, + { + "name": "40304", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40304" + }, + { + "name": "MDVSA-2010:103", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:103" + }, + { + "name": "39939", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39939" + }, + { + "name": "SSRT100617", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134124585221119&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4015.json b/2010/4xxx/CVE-2010-4015.json index 0d689088917..3e290dd4b09 100644 --- a/2010/4xxx/CVE-2010-4015.json +++ b/2010/4xxx/CVE-2010-4015.json @@ -1,207 +1,207 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4015", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-4015", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=7ccb6dc2d3e266a551827bb99179708580f72431", - "refsource" : "CONFIRM", - "url" : "http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=7ccb6dc2d3e266a551827bb99179708580f72431" - }, - { - "name" : "http://www.postgresql.org/about/news.1289", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/about/news.1289" - }, - { - "name" : "http://www.postgresql.org/support/security", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/support/security" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" - }, - { - "name" : "DSA-2157", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2157" - }, - { - "name" : "FEDORA-2011-0990", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053817.html" - }, - { - "name" : "FEDORA-2011-0963", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053888.html" - }, - { - "name" : "HPSBMU02781", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134124585221119&w=2" - }, - { - "name" : "SSRT100617", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134124585221119&w=2" - }, - { - "name" : "MDVSA-2011:021", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:021" - }, - { - "name" : "RHSA-2011:0198", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0198.html" - }, - { - "name" : "RHSA-2011:0197", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0197.html" - }, - { - "name" : "SUSE-SR:2011:005", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html" - }, - { - "name" : "USN-1058-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1058-1" - }, - { - "name" : "46084", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46084" - }, - { - "name" : "70740", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70740" - }, - { - "name" : "43144", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43144" - }, - { - "name" : "43154", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43154" - }, - { - "name" : "43155", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43155" - }, - { - "name" : "43187", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43187" - }, - { - "name" : "43188", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43188" - }, - { - "name" : "43240", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43240" - }, - { - "name" : "ADV-2011-0262", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0262" - }, - { - "name" : "ADV-2011-0278", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0278" - }, - { - "name" : "ADV-2011-0283", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0283" - }, - { - "name" : "ADV-2011-0287", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0287" - }, - { - "name" : "ADV-2011-0299", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0299" - }, - { - "name" : "ADV-2011-0303", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0303" - }, - { - "name" : "ADV-2011-0349", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0349" - }, - { - "name" : "postgresql-gettoken-buffer-overflow(65060)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65060" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0283", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0283" + }, + { + "name": "70740", + "refsource": "OSVDB", + "url": "http://osvdb.org/70740" + }, + { + "name": "43144", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43144" + }, + { + "name": "HPSBMU02781", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134124585221119&w=2" + }, + { + "name": "RHSA-2011:0198", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0198.html" + }, + { + "name": "FEDORA-2011-0990", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053817.html" + }, + { + "name": "RHSA-2011:0197", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0197.html" + }, + { + "name": "http://www.postgresql.org/about/news.1289", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/about/news.1289" + }, + { + "name": "ADV-2011-0349", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0349" + }, + { + "name": "43187", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43187" + }, + { + "name": "SUSE-SR:2011:005", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html" + }, + { + "name": "USN-1058-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1058-1" + }, + { + "name": "MDVSA-2011:021", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:021" + }, + { + "name": "ADV-2011-0262", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0262" + }, + { + "name": "ADV-2011-0303", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0303" + }, + { + "name": "DSA-2157", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2157" + }, + { + "name": "ADV-2011-0287", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0287" + }, + { + "name": "43155", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43155" + }, + { + "name": "43154", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43154" + }, + { + "name": "43188", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43188" + }, + { + "name": "http://www.postgresql.org/support/security", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/support/security" + }, + { + "name": "46084", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46084" + }, + { + "name": "postgresql-gettoken-buffer-overflow(65060)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65060" + }, + { + "name": "43240", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43240" + }, + { + "name": "http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=7ccb6dc2d3e266a551827bb99179708580f72431", + "refsource": "CONFIRM", + "url": "http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=7ccb6dc2d3e266a551827bb99179708580f72431" + }, + { + "name": "FEDORA-2011-0963", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053888.html" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" + }, + { + "name": "ADV-2011-0278", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0278" + }, + { + "name": "ADV-2011-0299", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0299" + }, + { + "name": "SSRT100617", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134124585221119&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4292.json b/2010/4xxx/CVE-2010-4292.json index 6842a78dd54..f1fa77e45df 100644 --- a/2010/4xxx/CVE-2010-4292.json +++ b/2010/4xxx/CVE-2010-4292.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4292", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-4292", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5070.json b/2010/5xxx/CVE-2010-5070.json index 055f7134751..b566ff79e3f 100644 --- a/2010/5xxx/CVE-2010-5070.json +++ b/2010/5xxx/CVE-2010-5070.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5070", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The JavaScript implementation in Apple Safari 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method, a different vulnerability than CVE-2010-2264. NOTE: this may overlap CVE-2010-5073." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5070", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://w2spconf.com/2010/papers/p26.pdf", - "refsource" : "MISC", - "url" : "http://w2spconf.com/2010/papers/p26.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The JavaScript implementation in Apple Safari 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method, a different vulnerability than CVE-2010-2264. NOTE: this may overlap CVE-2010-5073." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://w2spconf.com/2010/papers/p26.pdf", + "refsource": "MISC", + "url": "http://w2spconf.com/2010/papers/p26.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0114.json b/2014/0xxx/CVE-2014-0114.json index cb732aa4529..f5c2c2e6501 100644 --- a/2014/0xxx/CVE-2014-0114.json +++ b/2014/0xxx/CVE-2014-0114.json @@ -1,387 +1,387 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0114", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0114", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded" - }, - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/23" - }, - { - "name" : "[oss-security] 20140616 CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/06/15/10" - }, - { - "name" : "[oss-security] 20140707 Re: CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/07/08/1" - }, - { - "name" : "[apache-ignite-developers] 20180601 [CVE-2014-0114]: Apache Ignite is vulnerable to existing CVE-2014-0114", - "refsource" : "MLIST", - "url" : "http://apache-ignite-developers.2346864.n4.nabble.com/CVE-2014-0114-Apache-Ignite-is-vulnerable-to-existing-CVE-2014-0114-td31205.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1091938", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1091938" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676375", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676375" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676931", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676931" - }, - { - "name" : "http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt", - "refsource" : "CONFIRM", - "url" : "http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt" - }, - { - "name" : "https://access.redhat.com/solutions/869353", - "refsource" : "CONFIRM", - "url" : "https://access.redhat.com/solutions/869353" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1116665", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1116665" - }, - { - "name" : "https://issues.apache.org/jira/browse/BEANUTILS-463", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/BEANUTILS-463" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676303", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676303" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676091", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676091" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2014-0008.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2014-0008.html" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0219.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0219.html" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21675496", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21675496" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21674128", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21674128" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21674812", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21674812" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675266", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675266" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675387", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675387" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675689", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675689" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675898", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675898" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676110", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676110" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27042296", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27042296" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675972", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675972" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21677110", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21677110" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20140911-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20140911-0001/" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180629-0006/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180629-0006/" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "DSA-2940", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2940" - }, - { - "name" : "FEDORA-2014-9380", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136958.html" - }, - { - "name" : "GLSA-201607-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201607-09" - }, - { - "name" : "HPSBST03160", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141451023707502&w=2" - }, - { - "name" : "HPSBGN03041", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140119284401582&w=2" - }, - { - "name" : "HPSBMU03090", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140801096002766&w=2" - }, - { - "name" : "MDVSA-2014:095", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:095" - }, - { - "name" : "RHSA-2018:2669", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2669" - }, - { - "name" : "67121", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67121" - }, - { - "name" : "58851", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58851" - }, - { - "name" : "59014", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59014" - }, - { - "name" : "59704", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59704" - }, - { - "name" : "60177", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60177" - }, - { - "name" : "60703", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60703" - }, - { - "name" : "57477", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57477" - }, - { - "name" : "59245", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59245" - }, - { - "name" : "58947", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58947" - }, - { - "name" : "59118", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59118" - }, - { - "name" : "59228", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59228" - }, - { - "name" : "59246", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59246" - }, - { - "name" : "59430", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59430" - }, - { - "name" : "59464", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59464" - }, - { - "name" : "59479", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59479" - }, - { - "name" : "59480", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59480" - }, - { - "name" : "58710", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58710" - }, - { - "name" : "59718", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59718" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[apache-ignite-developers] 20180601 [CVE-2014-0114]: Apache Ignite is vulnerable to existing CVE-2014-0114", + "refsource": "MLIST", + "url": "http://apache-ignite-developers.2346864.n4.nabble.com/CVE-2014-0114-Apache-Ignite-is-vulnerable-to-existing-CVE-2014-0114-td31205.html" + }, + { + "name": "57477", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57477" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2014-0008.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2014-0008.html" + }, + { + "name": "https://issues.apache.org/jira/browse/BEANUTILS-463", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/BEANUTILS-463" + }, + { + "name": "58710", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58710" + }, + { + "name": "MDVSA-2014:095", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:095" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675689", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675689" + }, + { + "name": "FEDORA-2014-9380", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136958.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21674812", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674812" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20140911-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20140911-0001/" + }, + { + "name": "59464", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59464" + }, + { + "name": "59118", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59118" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180629-0006/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180629-0006/" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675387", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675387" + }, + { + "name": "https://access.redhat.com/solutions/869353", + "refsource": "CONFIRM", + "url": "https://access.redhat.com/solutions/869353" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1091938", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091938" + }, + { + "name": "http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt", + "refsource": "CONFIRM", + "url": "http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0219.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0219.html" + }, + { + "name": "60703", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60703" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675972", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675972" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676375", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676375" + }, + { + "name": "[oss-security] 20140707 Re: CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/07/08/1" + }, + { + "name": "RHSA-2018:2669", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2669" + }, + { + "name": "GLSA-201607-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201607-09" + }, + { + "name": "HPSBST03160", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141451023707502&w=2" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675898", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675898" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676110", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676110" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27042296", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27042296" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676303", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676303" + }, + { + "name": "59228", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59228" + }, + { + "name": "59246", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59246" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1116665", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1116665" + }, + { + "name": "[oss-security] 20140616 CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/06/15/10" + }, + { + "name": "59245", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59245" + }, + { + "name": "HPSBMU03090", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140801096002766&w=2" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21674128", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674128" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676931", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676931" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" + }, + { + "name": "60177", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60177" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/23" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21675496", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21675496" + }, + { + "name": "DSA-2940", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2940" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675266", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675266" + }, + { + "name": "59014", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59014" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677110", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677110" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091" + }, + { + "name": "67121", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67121" + }, + { + "name": "59480", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59480" + }, + { + "name": "HPSBGN03041", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140119284401582&w=2" + }, + { + "name": "59479", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59479" + }, + { + "name": "59704", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59704" + }, + { + "name": "58947", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58947" + }, + { + "name": "59718", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59718" + }, + { + "name": "59430", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59430" + }, + { + "name": "58851", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58851" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0330.json b/2014/0xxx/CVE-2014-0330.json index 8bbaaeb9f2a..eb9a9f22cf3 100644 --- a/2014/0xxx/CVE-2014-0330.json +++ b/2014/0xxx/CVE-2014-0330.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0330", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in adminui/user_list.php on the Dell KACE K1000 management appliance 5.5.90545 allows remote attackers to inject arbitrary web script or HTML via the LABEL_ID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-0330", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#813382", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/813382" - }, - { - "name" : "65333", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65333" - }, - { - "name" : "102855", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102855" - }, - { - "name" : "kace-cve20140330-xss(90954)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90954" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in adminui/user_list.php on the Dell KACE K1000 management appliance 5.5.90545 allows remote attackers to inject arbitrary web script or HTML via the LABEL_ID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "65333", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65333" + }, + { + "name": "102855", + "refsource": "OSVDB", + "url": "http://osvdb.org/102855" + }, + { + "name": "kace-cve20140330-xss(90954)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90954" + }, + { + "name": "VU#813382", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/813382" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0346.json b/2014/0xxx/CVE-2014-0346.json index f47150ca25a..6049fe5ff43 100644 --- a/2014/0xxx/CVE-2014-0346.json +++ b/2014/0xxx/CVE-2014-0346.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0346", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0160. Reason: This candidate is a reservation duplicate of CVE-2014-0160. Notes: All CVE users should reference CVE-2014-0160 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-0346", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0160. Reason: This candidate is a reservation duplicate of CVE-2014-0160. Notes: All CVE users should reference CVE-2014-0160 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0580.json b/2014/0xxx/CVE-2014-0580.json index 2c77f4b481b..35c6627234a 100644 --- a/2014/0xxx/CVE-2014-0580.json +++ b/2014/0xxx/CVE-2014-0580.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0580", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2014-0580", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://helpx.adobe.com/security/products/flash-player/apsb14-27.html", - "refsource" : "CONFIRM", - "url" : "http://helpx.adobe.com/security/products/flash-player/apsb14-27.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://helpx.adobe.com/security/products/flash-player/apsb14-27.html", + "refsource": "CONFIRM", + "url": "http://helpx.adobe.com/security/products/flash-player/apsb14-27.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0788.json b/2014/0xxx/CVE-2014-0788.json index f3c12d870d1..3dec4c46eae 100644 --- a/2014/0xxx/CVE-2014-0788.json +++ b/2014/0xxx/CVE-2014-0788.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0788", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-0788", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0791.json b/2014/0xxx/CVE-2014-0791.json index 7a9d4602f64..e886640c742 100644 --- a/2014/0xxx/CVE-2014-0791.json +++ b/2014/0xxx/CVE-2014-0791.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0791", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP through 1.0.2 allows remote RDP servers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ScopeCount value in a Scope List in a Server License Request packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-0791", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140102 CVE for freerdp int overflow?", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/01/02/5" - }, - { - "name" : "[oss-security] 20140103 Re: CVE for freerdp int overflow?", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/01/03/4" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=998941", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=998941" - }, - { - "name" : "https://github.com/FreeRDP/FreeRDP/pull/1649", - "refsource" : "MISC", - "url" : "https://github.com/FreeRDP/FreeRDP/pull/1649" - }, - { - "name" : "https://github.com/sidhpurwala-huzaifa/FreeRDP/commit/e2745807c4c3e0a590c0f69a9b655dc74ebaa03e", - "refsource" : "MISC", - "url" : "https://github.com/sidhpurwala-huzaifa/FreeRDP/commit/e2745807c4c3e0a590c0f69a9b655dc74ebaa03e" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0287.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0287.html" - }, - { - "name" : "MDVSA-2015:171", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:171" - }, - { - "name" : "openSUSE-SU-2016:2400", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-09/msg00101.html" - }, - { - "name" : "openSUSE-SU-2016:2402", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-09/msg00102.html" - }, - { - "name" : "openSUSE-SU-2014:0862", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-07/msg00008.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP through 1.0.2 allows remote RDP servers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ScopeCount value in a Scope List in a Server License Request packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140102 CVE for freerdp int overflow?", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/01/02/5" + }, + { + "name": "openSUSE-SU-2016:2400", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00101.html" + }, + { + "name": "openSUSE-SU-2014:0862", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00008.html" + }, + { + "name": "[oss-security] 20140103 Re: CVE for freerdp int overflow?", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/01/03/4" + }, + { + "name": "openSUSE-SU-2016:2402", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00102.html" + }, + { + "name": "MDVSA-2015:171", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:171" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=998941", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=998941" + }, + { + "name": "https://github.com/sidhpurwala-huzaifa/FreeRDP/commit/e2745807c4c3e0a590c0f69a9b655dc74ebaa03e", + "refsource": "MISC", + "url": "https://github.com/sidhpurwala-huzaifa/FreeRDP/commit/e2745807c4c3e0a590c0f69a9b655dc74ebaa03e" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0287.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0287.html" + }, + { + "name": "https://github.com/FreeRDP/FreeRDP/pull/1649", + "refsource": "MISC", + "url": "https://github.com/FreeRDP/FreeRDP/pull/1649" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1201.json b/2014/1xxx/CVE-2014-1201.json index 530a67f48c8..5b83cd82450 100644 --- a/2014/1xxx/CVE-2014-1201.json +++ b/2014/1xxx/CVE-2014-1201.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1201", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the INetViewX ActiveX control in the Lorex Edge LH310 and Edge+ LH320 series with firmware 7-35-28-1B26E, Edge2 LH330 series with firmware 11.17.38-33_1D97A, and Edge3 LH340 series with firmware 11.19.85_1FE3A allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the HTTP_PORT parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1201", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140110 [CVE -2014-1201] Lorex security DVR ActiveX control buffer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/530739/100/0/threaded" - }, - { - "name" : "https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-report.txt", - "refsource" : "MISC", - "url" : "https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-report.txt" - }, - { - "name" : "https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-testcase.html", - "refsource" : "MISC", - "url" : "https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-testcase.html" - }, - { - "name" : "101903", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/101903" - }, - { - "name" : "lorex-cve20141201-bo(90223)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90223" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the INetViewX ActiveX control in the Lorex Edge LH310 and Edge+ LH320 series with firmware 7-35-28-1B26E, Edge2 LH330 series with firmware 11.17.38-33_1D97A, and Edge3 LH340 series with firmware 11.19.85_1FE3A allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the HTTP_PORT parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140110 [CVE -2014-1201] Lorex security DVR ActiveX control buffer overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/530739/100/0/threaded" + }, + { + "name": "https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-testcase.html", + "refsource": "MISC", + "url": "https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-testcase.html" + }, + { + "name": "https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-report.txt", + "refsource": "MISC", + "url": "https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-report.txt" + }, + { + "name": "lorex-cve20141201-bo(90223)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90223" + }, + { + "name": "101903", + "refsource": "OSVDB", + "url": "http://osvdb.org/101903" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1479.json b/2014/1xxx/CVE-2014-1479.json index fbd7654a8eb..2000787ef05 100644 --- a/2014/1xxx/CVE-2014-1479.json +++ b/2014/1xxx/CVE-2014-1479.json @@ -1,222 +1,222 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1479", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involving XBL content scopes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2014-1479", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-02.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-02.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=911864", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=911864" - }, - { - "name" : "https://8pecxstudios.com/?page_id=44080", - "refsource" : "CONFIRM", - "url" : "https://8pecxstudios.com/?page_id=44080" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "http://download.novell.com/Download?buildid=VYQsgaFpQ2k", - "refsource" : "CONFIRM", - "url" : "http://download.novell.com/Download?buildid=VYQsgaFpQ2k" - }, - { - "name" : "http://download.novell.com/Download?buildid=Y2fux-JW1Qc", - "refsource" : "CONFIRM", - "url" : "http://download.novell.com/Download?buildid=Y2fux-JW1Qc" - }, - { - "name" : "DSA-2858", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2858" - }, - { - "name" : "FEDORA-2014-2041", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" - }, - { - "name" : "FEDORA-2014-2083", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" - }, - { - "name" : "GLSA-201504-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-01" - }, - { - "name" : "RHSA-2014:0132", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0132.html" - }, - { - "name" : "RHSA-2014:0133", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0133.html" - }, - { - "name" : "SUSE-SU-2014:0248", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" - }, - { - "name" : "openSUSE-SU-2014:0212", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" - }, - { - "name" : "openSUSE-SU-2014:0213", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" - }, - { - "name" : "openSUSE-SU-2014:0419", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" - }, - { - "name" : "USN-2102-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2102-1" - }, - { - "name" : "USN-2102-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2102-2" - }, - { - "name" : "USN-2119-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2119-1" - }, - { - "name" : "65320", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65320" - }, - { - "name" : "102866", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102866" - }, - { - "name" : "1029717", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029717" - }, - { - "name" : "1029720", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029720" - }, - { - "name" : "1029721", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029721" - }, - { - "name" : "56706", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56706" - }, - { - "name" : "56761", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56761" - }, - { - "name" : "56763", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56763" - }, - { - "name" : "56767", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56767" - }, - { - "name" : "56787", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56787" - }, - { - "name" : "56858", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56858" - }, - { - "name" : "56888", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56888" - }, - { - "name" : "56922", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56922" - }, - { - "name" : "firefox-cve20141479-sec-bypass(90898)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90898" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involving XBL content scopes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2119-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2119-1" + }, + { + "name": "http://download.novell.com/Download?buildid=Y2fux-JW1Qc", + "refsource": "CONFIRM", + "url": "http://download.novell.com/Download?buildid=Y2fux-JW1Qc" + }, + { + "name": "1029721", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029721" + }, + { + "name": "openSUSE-SU-2014:0212", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" + }, + { + "name": "1029717", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029717" + }, + { + "name": "https://8pecxstudios.com/?page_id=44080", + "refsource": "CONFIRM", + "url": "https://8pecxstudios.com/?page_id=44080" + }, + { + "name": "RHSA-2014:0132", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0132.html" + }, + { + "name": "56922", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56922" + }, + { + "name": "56787", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56787" + }, + { + "name": "1029720", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029720" + }, + { + "name": "56858", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56858" + }, + { + "name": "firefox-cve20141479-sec-bypass(90898)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90898" + }, + { + "name": "102866", + "refsource": "OSVDB", + "url": "http://osvdb.org/102866" + }, + { + "name": "DSA-2858", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2858" + }, + { + "name": "56763", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56763" + }, + { + "name": "USN-2102-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2102-2" + }, + { + "name": "RHSA-2014:0133", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0133.html" + }, + { + "name": "GLSA-201504-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-01" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "65320", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65320" + }, + { + "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-02.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-02.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=911864", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=911864" + }, + { + "name": "http://download.novell.com/Download?buildid=VYQsgaFpQ2k", + "refsource": "CONFIRM", + "url": "http://download.novell.com/Download?buildid=VYQsgaFpQ2k" + }, + { + "name": "56888", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56888" + }, + { + "name": "FEDORA-2014-2083", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" + }, + { + "name": "openSUSE-SU-2014:0419", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" + }, + { + "name": "56761", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56761" + }, + { + "name": "FEDORA-2014-2041", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" + }, + { + "name": "SUSE-SU-2014:0248", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" + }, + { + "name": "openSUSE-SU-2014:0213", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" + }, + { + "name": "USN-2102-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2102-1" + }, + { + "name": "56767", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56767" + }, + { + "name": "56706", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56706" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1733.json b/2014/1xxx/CVE-2014-1733.json index 1172ce62c14..9846451f294 100644 --- a/2014/1xxx/CVE-2014-1733.json +++ b/2014/1xxx/CVE-2014-1733.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1733", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PointerCompare function in codegen.cc in Seccomp-BPF, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly merge blocks, which might allow remote attackers to bypass intended sandbox restrictions by leveraging renderer access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-1733", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=351103", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=351103" - }, - { - "name" : "https://src.chromium.org/viewvc/chrome?revision=260157&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/chrome?revision=260157&view=revision" - }, - { - "name" : "DSA-2920", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2920" - }, - { - "name" : "GLSA-201408-16", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201408-16.xml" - }, - { - "name" : "openSUSE-SU-2014:0668", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html" - }, - { - "name" : "openSUSE-SU-2014:0669", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html" - }, - { - "name" : "58301", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58301" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PointerCompare function in codegen.cc in Seccomp-BPF, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly merge blocks, which might allow remote attackers to bypass intended sandbox restrictions by leveraging renderer access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "58301", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58301" + }, + { + "name": "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html" + }, + { + "name": "openSUSE-SU-2014:0669", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=351103", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=351103" + }, + { + "name": "GLSA-201408-16", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201408-16.xml" + }, + { + "name": "openSUSE-SU-2014:0668", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html" + }, + { + "name": "DSA-2920", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2920" + }, + { + "name": "https://src.chromium.org/viewvc/chrome?revision=260157&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/chrome?revision=260157&view=revision" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4160.json b/2014/4xxx/CVE-2014-4160.json index ff52f54aa2f..682933314a8 100644 --- a/2014/4xxx/CVE-2014-4160.json +++ b/2014/4xxx/CVE-2014-4160.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4160", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the testcanvas node in SAP NetWeaver Business Client (NWBC) allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) sap-accessibility parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4160", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.emaze.net/2014/05/sap-multiple-vulnerabilities.html", - "refsource" : "MISC", - "url" : "http://blog.emaze.net/2014/05/sap-multiple-vulnerabilities.html" - }, - { - "name" : "http://scn.sap.com/docs/DOC-8218", - "refsource" : "CONFIRM", - "url" : "http://scn.sap.com/docs/DOC-8218" - }, - { - "name" : "https://service.sap.com/sap/support/notes/1932505", - "refsource" : "CONFIRM", - "url" : "https://service.sap.com/sap/support/notes/1932505" - }, - { - "name" : "67995", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67995" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the testcanvas node in SAP NetWeaver Business Client (NWBC) allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) sap-accessibility parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "67995", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67995" + }, + { + "name": "http://blog.emaze.net/2014/05/sap-multiple-vulnerabilities.html", + "refsource": "MISC", + "url": "http://blog.emaze.net/2014/05/sap-multiple-vulnerabilities.html" + }, + { + "name": "http://scn.sap.com/docs/DOC-8218", + "refsource": "CONFIRM", + "url": "http://scn.sap.com/docs/DOC-8218" + }, + { + "name": "https://service.sap.com/sap/support/notes/1932505", + "refsource": "CONFIRM", + "url": "https://service.sap.com/sap/support/notes/1932505" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4444.json b/2014/4xxx/CVE-2014-4444.json index 1519a93e054..37a10ea4f31 100644 --- a/2014/4xxx/CVE-2014-4444.json +++ b/2014/4xxx/CVE-2014-4444.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4444", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SecurityAgent in Apple OS X before 10.10 does not ensure that a Kerberos ticket is in the cache for the correct user, which allows local users to gain privileges in opportunistic circumstances by leveraging a Fast User Switching login." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4444", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/kb/HT6535", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT6535" - }, - { - "name" : "APPLE-SA-2014-10-16-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" - }, - { - "name" : "1031063", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031063" - }, - { - "name" : "macosx-cve20144444-sec-bypass(97623)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SecurityAgent in Apple OS X before 10.10 does not ensure that a Kerberos ticket is in the cache for the correct user, which allows local users to gain privileges in opportunistic circumstances by leveraging a Fast User Switching login." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "macosx-cve20144444-sec-bypass(97623)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97623" + }, + { + "name": "APPLE-SA-2014-10-16-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" + }, + { + "name": "1031063", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031063" + }, + { + "name": "https://support.apple.com/kb/HT6535", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT6535" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4614.json b/2014/4xxx/CVE-2014-4614.json index 3773ce41a84..3686bbb618e 100644 --- a/2014/4xxx/CVE-2014-4614.json +++ b/2014/4xxx/CVE-2014-4614.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4614", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Piwigo before 2.6.2 allow remote attackers to hijack the authentication of administrators for requests that use the (1) pwg.groups.addUser, (2) pwg.groups.deleteUser, (3) pwg.groups.setInfo, (4) pwg.users.setInfo, (5) pwg.permissions.add, or (6) pwg.permissions.remove method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4614", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140624 Re: CVE request: Piwigo before 2.6.2 ws.php Arbitrary User Creation CSRF", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q2/623" - }, - { - "name" : "http://piwigo.org/bugs/view.php?id=0003055", - "refsource" : "CONFIRM", - "url" : "http://piwigo.org/bugs/view.php?id=0003055" - }, - { - "name" : "http://piwigo.org/releases/2.6.2", - "refsource" : "CONFIRM", - "url" : "http://piwigo.org/releases/2.6.2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Piwigo before 2.6.2 allow remote attackers to hijack the authentication of administrators for requests that use the (1) pwg.groups.addUser, (2) pwg.groups.deleteUser, (3) pwg.groups.setInfo, (4) pwg.users.setInfo, (5) pwg.permissions.add, or (6) pwg.permissions.remove method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140624 Re: CVE request: Piwigo before 2.6.2 ws.php Arbitrary User Creation CSRF", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q2/623" + }, + { + "name": "http://piwigo.org/bugs/view.php?id=0003055", + "refsource": "CONFIRM", + "url": "http://piwigo.org/bugs/view.php?id=0003055" + }, + { + "name": "http://piwigo.org/releases/2.6.2", + "refsource": "CONFIRM", + "url": "http://piwigo.org/releases/2.6.2" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4617.json b/2014/4xxx/CVE-2014-4617.json index 74ac89e60b5..64272e23aef 100644 --- a/2014/4xxx/CVE-2014-4617.json +++ b/2014/4xxx/CVE-2014-4617.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4617", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4617", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[gnupg-announce] 20140623 [security fix] GnuPG 1.4.17 released", - "refsource" : "MLIST", - "url" : "http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html" - }, - { - "name" : "[gnupg-announce] 20140624 [security fix] GnuPG 2.0.24 released", - "refsource" : "MLIST", - "url" : "http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html" - }, - { - "name" : "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=014b2103fcb12f261135e3954f26e9e07b39e342", - "refsource" : "CONFIRM", - "url" : "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=014b2103fcb12f261135e3954f26e9e07b39e342" - }, - { - "name" : "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a", - "refsource" : "CONFIRM", - "url" : "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" - }, - { - "name" : "DSA-2968", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2968" - }, - { - "name" : "DSA-2967", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2967" - }, - { - "name" : "openSUSE-SU-2014:0866", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-07/msg00010.html" - }, - { - "name" : "USN-2258-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2258-1" - }, - { - "name" : "59213", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59213" - }, - { - "name" : "59534", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59534" - }, - { - "name" : "59578", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59578" - }, - { - "name" : "59351", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59351" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "59351", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59351" + }, + { + "name": "59578", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59578" + }, + { + "name": "[gnupg-announce] 20140624 [security fix] GnuPG 2.0.24 released", + "refsource": "MLIST", + "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html" + }, + { + "name": "DSA-2967", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2967" + }, + { + "name": "openSUSE-SU-2014:0866", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00010.html" + }, + { + "name": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=014b2103fcb12f261135e3954f26e9e07b39e342", + "refsource": "CONFIRM", + "url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=014b2103fcb12f261135e3954f26e9e07b39e342" + }, + { + "name": "USN-2258-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2258-1" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" + }, + { + "name": "DSA-2968", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2968" + }, + { + "name": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a", + "refsource": "CONFIRM", + "url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a" + }, + { + "name": "59534", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59534" + }, + { + "name": "59213", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59213" + }, + { + "name": "[gnupg-announce] 20140623 [security fix] GnuPG 1.4.17 released", + "refsource": "MLIST", + "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4997.json b/2014/4xxx/CVE-2014-4997.json index 02ecc4a5165..b5b89fca40e 100644 --- a/2014/4xxx/CVE-2014-4997.json +++ b/2014/4xxx/CVE-2014-4997.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4997", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4997", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140707 Vulnerability Report for Ruby Gem point-cli-0.0.1", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/07/07/16" - }, - { - "name" : "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/07/17/5" - }, - { - "name" : "http://www.vapid.dhs.org/advisories/point-cli-0.0.1.html", - "refsource" : "MISC", - "url" : "http://www.vapid.dhs.org/advisories/point-cli-0.0.1.html" - }, - { - "name" : "68735", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68735" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/07/17/5" + }, + { + "name": "[oss-security] 20140707 Vulnerability Report for Ruby Gem point-cli-0.0.1", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/07/07/16" + }, + { + "name": "http://www.vapid.dhs.org/advisories/point-cli-0.0.1.html", + "refsource": "MISC", + "url": "http://www.vapid.dhs.org/advisories/point-cli-0.0.1.html" + }, + { + "name": "68735", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68735" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5113.json b/2014/5xxx/CVE-2014-5113.json index 80f25ebc4a0..a99e0f112b8 100644 --- a/2014/5xxx/CVE-2014-5113.json +++ b/2014/5xxx/CVE-2014-5113.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5113", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in test.php in Visualware MyConnection Server 9.7i allow remote attackers to inject arbitrary web script or HTML via the (1) testtype, (2) ver, (3) cm, (4) map, (5) lines, (6) pps, (7) bpp, (8) codec, (9) provtext, (10) provtextextra, (11) provlink, or (12) duration parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5113", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/127545/MyConnection-Server-MCS-9.7i-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127545/MyConnection-Server-MCS-9.7i-Cross-Site-Scripting.html" - }, - { - "name" : "http://treadstonesecurity.blogspot.ca/2014/07/myconnection-server-mcs-reflective-xss.html", - "refsource" : "MISC", - "url" : "http://treadstonesecurity.blogspot.ca/2014/07/myconnection-server-mcs-reflective-xss.html" - }, - { - "name" : "68793", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in test.php in Visualware MyConnection Server 9.7i allow remote attackers to inject arbitrary web script or HTML via the (1) testtype, (2) ver, (3) cm, (4) map, (5) lines, (6) pps, (7) bpp, (8) codec, (9) provtext, (10) provtextextra, (11) provlink, or (12) duration parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/127545/MyConnection-Server-MCS-9.7i-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127545/MyConnection-Server-MCS-9.7i-Cross-Site-Scripting.html" + }, + { + "name": "68793", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68793" + }, + { + "name": "http://treadstonesecurity.blogspot.ca/2014/07/myconnection-server-mcs-reflective-xss.html", + "refsource": "MISC", + "url": "http://treadstonesecurity.blogspot.ca/2014/07/myconnection-server-mcs-reflective-xss.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9914.json b/2014/9xxx/CVE-2014-9914.json index 183c8861986..93b33c8c735 100644 --- a/2014/9xxx/CVE-2014-9914.json +++ b/2014/9xxx/CVE-2014-9914.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9914", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations about locking during multithreaded access to internal data structures for IPv4 UDP sockets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2014-9914", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9709674e68646cee5a24e3000b3558d25412203a", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9709674e68646cee5a24e3000b3558d25412203a" - }, - { - "name" : "http://source.android.com/security/bulletin/2017-02-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2017-02-01.html" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2" - }, - { - "name" : "https://github.com/torvalds/linux/commit/9709674e68646cee5a24e3000b3558d25412203a", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/9709674e68646cee5a24e3000b3558d25412203a" - }, - { - "name" : "96100", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96100" - }, - { - "name" : "1037798", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037798" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations about locking during multithreaded access to internal data structures for IPv4 UDP sockets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037798", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037798" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9709674e68646cee5a24e3000b3558d25412203a", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9709674e68646cee5a24e3000b3558d25412203a" + }, + { + "name": "http://source.android.com/security/bulletin/2017-02-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2017-02-01.html" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2" + }, + { + "name": "96100", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96100" + }, + { + "name": "https://github.com/torvalds/linux/commit/9709674e68646cee5a24e3000b3558d25412203a", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/9709674e68646cee5a24e3000b3558d25412203a" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3028.json b/2016/3xxx/CVE-2016-3028.json index 1cb14b6f0cd..9573042a0d2 100644 --- a/2016/3xxx/CVE-2016-3028.json +++ b/2016/3xxx/CVE-2016-3028.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3028", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-3028", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21990317", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21990317" - }, - { - "name" : "IV89257", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89257" - }, - { - "name" : "IV89322", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89322" - }, - { - "name" : "IV89326", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89326" - }, - { - "name" : "93176", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93176" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IV89257", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89257" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21990317", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990317" + }, + { + "name": "93176", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93176" + }, + { + "name": "IV89322", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89322" + }, + { + "name": "IV89326", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89326" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3479.json b/2016/3xxx/CVE-2016-3479.json index c6b034e8724..7fbe2274b97 100644 --- a/2016/3xxx/CVE-2016-3479.json +++ b/2016/3xxx/CVE-2016-3479.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3479", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Portable Clusterware component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote attackers to affect availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3479", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "91898", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91898" - }, - { - "name" : "1036363", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036363" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Portable Clusterware component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote attackers to affect availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "91898", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91898" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "1036363", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036363" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3748.json b/2016/3xxx/CVE-2016-3748.json index 052baf133f7..0fb46c1dc34 100644 --- a/2016/3xxx/CVE-2016-3748.json +++ b/2016/3xxx/CVE-2016-3748.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3748", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sockets subsystem in Android 6.x before 2016-07-01 allows attackers to bypass intended system-call restrictions via a crafted application that makes an ioctl call, aka internal bug 28171804." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3748", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-07-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-07-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/external/sepolicy/+/556bb0f55324e8839d7b735a0de9bc31028e839e", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/external/sepolicy/+/556bb0f55324e8839d7b735a0de9bc31028e839e" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sockets subsystem in Android 6.x before 2016-07-01 allows attackers to bypass intended system-call restrictions via a crafted application that makes an ioctl call, aka internal bug 28171804." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://android.googlesource.com/platform/external/sepolicy/+/556bb0f55324e8839d7b735a0de9bc31028e839e", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/external/sepolicy/+/556bb0f55324e8839d7b735a0de9bc31028e839e" + }, + { + "name": "http://source.android.com/security/bulletin/2016-07-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-07-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7118.json b/2016/7xxx/CVE-2016-7118.json index 1e8721b5f1f..9e945c30fcf 100644 --- a/2016/7xxx/CVE-2016-7118.json +++ b/2016/7xxx/CVE-2016-7118.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7118", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "fs/fcntl.c in the \"aufs 3.2.x+setfl-debian\" patch in the linux-image package 3.2.0-4 (kernel 3.2.81-1) in Debian wheezy mishandles F_SETFL fcntl calls on directories, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via standard filesystem operations, as demonstrated by scp from an AUFS filesystem." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7118", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160831 Re: CVE request: Kernel Oops when issuing fcntl on an AUFS directory", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/08/31/3" - }, - { - "name" : "[oss-security] 20160831 CVE request: Kernel Oops when issuing fcntl on an AUFS directory", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2016/q3/395" - }, - { - "name" : "92697", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92697" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "fs/fcntl.c in the \"aufs 3.2.x+setfl-debian\" patch in the linux-image package 3.2.0-4 (kernel 3.2.81-1) in Debian wheezy mishandles F_SETFL fcntl calls on directories, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via standard filesystem operations, as demonstrated by scp from an AUFS filesystem." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92697", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92697" + }, + { + "name": "[oss-security] 20160831 Re: CVE request: Kernel Oops when issuing fcntl on an AUFS directory", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/08/31/3" + }, + { + "name": "[oss-security] 20160831 CVE request: Kernel Oops when issuing fcntl on an AUFS directory", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2016/q3/395" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7373.json b/2016/7xxx/CVE-2016-7373.json index 551f7dfb329..e2306ceed56 100644 --- a/2016/7xxx/CVE-2016-7373.json +++ b/2016/7xxx/CVE-2016-7373.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7373", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7373", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7706.json b/2016/7xxx/CVE-2016-7706.json index 3a39af91853..08f5db63d13 100644 --- a/2016/7xxx/CVE-2016-7706.json +++ b/2016/7xxx/CVE-2016-7706.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7706", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7706", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8059.json b/2016/8xxx/CVE-2016-8059.json index 6e6c12ca875..1f1041efee1 100644 --- a/2016/8xxx/CVE-2016-8059.json +++ b/2016/8xxx/CVE-2016-8059.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8059", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8059", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8143.json b/2016/8xxx/CVE-2016-8143.json index dd7bcf1bf5b..eb0aec746ac 100644 --- a/2016/8xxx/CVE-2016-8143.json +++ b/2016/8xxx/CVE-2016-8143.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8143", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8143", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8426.json b/2016/8xxx/CVE-2016-8426.json index 85ce42851c7..35d55d098b6 100644 --- a/2016/8xxx/CVE-2016-8426.json +++ b/2016/8xxx/CVE-2016-8426.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-8426", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31799206. References: N-CVE-2016-8426." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-8426", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-01-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-01-01.html" - }, - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" - }, - { - "name" : "95231", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95231" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31799206. References: N-CVE-2016-8426." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-01-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-01-01.html" + }, + { + "name": "95231", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95231" + }, + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8651.json b/2016/8xxx/CVE-2016-8651.json index cca7a9924a3..3023464af21 100644 --- a/2016/8xxx/CVE-2016-8651.json +++ b/2016/8xxx/CVE-2016-8651.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psampaio@redhat.com", - "ID" : "CVE-2016-8651", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "OpenShift Enterprise", - "version" : { - "version_data" : [ - { - "version_value" : "3" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "3.1/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", - "version" : "3.0" - } - ], - [ - { - "vectorString" : "2.3/AV:A/AC:M/Au:S/C:P/I:N/A:N", - "version" : "2.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-8651", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OpenShift Enterprise", + "version": { + "version_data": [ + { + "version_value": "3" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8651", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8651" - }, - { - "name" : "RHSA-2016:2915", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:2915" - }, - { - "name" : "94935", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94935" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "3.1/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + } + ], + [ + { + "vectorString": "2.3/AV:A/AC:M/Au:S/C:P/I:N/A:N", + "version": "2.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94935", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94935" + }, + { + "name": "RHSA-2016:2915", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:2915" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8651", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8651" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9565.json b/2016/9xxx/CVE-2016-9565.json index b72fc5f0113..c274d7e0aee 100644 --- a/2016/9xxx/CVE-2016-9565.json +++ b/2016/9xxx/CVE-2016-9565.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9565", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9565", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20161215 Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/539925/100/0/threaded" - }, - { - "name" : "40920", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40920/" - }, - { - "name" : "20161215 Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Dec/57" - }, - { - "name" : "http://packetstormsecurity.com/files/140169/Nagios-Core-Curl-Command-Injection-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/140169/Nagios-Core-Curl-Command-Injection-Code-Execution.html" - }, - { - "name" : "https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html", - "refsource" : "MISC", - "url" : "https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html" - }, - { - "name" : "https://www.nagios.org/projects/nagios-core/history/4x/", - "refsource" : "CONFIRM", - "url" : "https://www.nagios.org/projects/nagios-core/history/4x/" - }, - { - "name" : "GLSA-201702-26", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-26" - }, - { - "name" : "GLSA-201710-20", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201710-20" - }, - { - "name" : "RHSA-2017:0211", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0211.html" - }, - { - "name" : "RHSA-2017:0212", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0212.html" - }, - { - "name" : "RHSA-2017:0213", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0213.html" - }, - { - "name" : "RHSA-2017:0214", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0214.html" - }, - { - "name" : "RHSA-2017:0258", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0258.html" - }, - { - "name" : "RHSA-2017:0259", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0259.html" - }, - { - "name" : "94922", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94922" - }, - { - "name" : "1037488", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037488" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201710-20", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201710-20" + }, + { + "name": "20161215 Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/539925/100/0/threaded" + }, + { + "name": "1037488", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037488" + }, + { + "name": "94922", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94922" + }, + { + "name": "RHSA-2017:0258", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0258.html" + }, + { + "name": "RHSA-2017:0212", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html" + }, + { + "name": "RHSA-2017:0213", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html" + }, + { + "name": "http://packetstormsecurity.com/files/140169/Nagios-Core-Curl-Command-Injection-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/140169/Nagios-Core-Curl-Command-Injection-Code-Execution.html" + }, + { + "name": "20161215 Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Dec/57" + }, + { + "name": "40920", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40920/" + }, + { + "name": "https://www.nagios.org/projects/nagios-core/history/4x/", + "refsource": "CONFIRM", + "url": "https://www.nagios.org/projects/nagios-core/history/4x/" + }, + { + "name": "GLSA-201702-26", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-26" + }, + { + "name": "RHSA-2017:0259", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0259.html" + }, + { + "name": "https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html", + "refsource": "MISC", + "url": "https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html" + }, + { + "name": "RHSA-2017:0214", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html" + }, + { + "name": "RHSA-2017:0211", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9674.json b/2016/9xxx/CVE-2016-9674.json index a27afa3cf81..a9c94dc8fd0 100644 --- a/2016/9xxx/CVE-2016-9674.json +++ b/2016/9xxx/CVE-2016-9674.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9674", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-9674", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9809.json b/2016/9xxx/CVE-2016-9809.json index b06d0a78549..d927daeaec4 100644 --- a/2016/9xxx/CVE-2016-9809.json +++ b/2016/9xxx/CVE-2016-9809.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9809", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9809", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161201 gstreamer multiple issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/12/01/2" - }, - { - "name" : "[oss-security] 20161204 Re: gstreamer multiple issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/12/05/8" - }, - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=774896", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=774896" - }, - { - "name" : "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2", - "refsource" : "CONFIRM", - "url" : "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2" - }, - { - "name" : "DSA-3818", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3818" - }, - { - "name" : "GLSA-201705-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-10" - }, - { - "name" : "RHSA-2017:0018", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0018.html" - }, - { - "name" : "RHSA-2017:0021", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0021.html" - }, - { - "name" : "95147", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95147" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3818", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3818" + }, + { + "name": "RHSA-2017:0021", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0021.html" + }, + { + "name": "95147", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95147" + }, + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=774896", + "refsource": "CONFIRM", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=774896" + }, + { + "name": "RHSA-2017:0018", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0018.html" + }, + { + "name": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2", + "refsource": "CONFIRM", + "url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2" + }, + { + "name": "[oss-security] 20161204 Re: gstreamer multiple issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/12/05/8" + }, + { + "name": "GLSA-201705-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-10" + }, + { + "name": "[oss-security] 20161201 gstreamer multiple issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/12/01/2" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2307.json b/2019/2xxx/CVE-2019-2307.json index 18f311d05e4..725728360c4 100644 --- a/2019/2xxx/CVE-2019-2307.json +++ b/2019/2xxx/CVE-2019-2307.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2307", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2307", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2348.json b/2019/2xxx/CVE-2019-2348.json index 910e7e67a83..a3ddd68d3a9 100644 --- a/2019/2xxx/CVE-2019-2348.json +++ b/2019/2xxx/CVE-2019-2348.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2348", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2348", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2458.json b/2019/2xxx/CVE-2019-2458.json index f6554415ff5..ba6da1681a0 100644 --- a/2019/2xxx/CVE-2019-2458.json +++ b/2019/2xxx/CVE-2019-2458.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2458", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Outside In Technology", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.5.3" - }, - { - "version_affected" : "=", - "version_value" : "8.5.4" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2458", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.5.3" + }, + { + "version_affected": "=", + "version_value": "8.5.4" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "106579", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106579" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106579", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106579" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + } + ] + } +} \ No newline at end of file