From 3a4049d859a5af6c0a4eda118363473151dd79ea Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:15:41 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/5xxx/CVE-2006-5014.json | 160 +++++----- 2006/5xxx/CVE-2006-5037.json | 150 ++++----- 2006/5xxx/CVE-2006-5376.json | 200 ++++++------ 2006/5xxx/CVE-2006-5512.json | 160 +++++----- 2006/5xxx/CVE-2006-5615.json | 140 ++++----- 2006/5xxx/CVE-2006-5779.json | 340 ++++++++++---------- 2007/2xxx/CVE-2007-2233.json | 150 ++++----- 2007/2xxx/CVE-2007-2357.json | 180 +++++------ 2007/2xxx/CVE-2007-2400.json | 200 ++++++------ 2007/2xxx/CVE-2007-2876.json | 410 ++++++++++++------------- 2007/6xxx/CVE-2007-6438.json | 310 +++++++++---------- 2007/6xxx/CVE-2007-6507.json | 180 +++++------ 2007/6xxx/CVE-2007-6518.json | 170 +++++----- 2010/0xxx/CVE-2010-0570.json | 170 +++++----- 2010/0xxx/CVE-2010-0758.json | 150 ++++----- 2010/1xxx/CVE-2010-1057.json | 180 +++++------ 2010/1xxx/CVE-2010-1700.json | 34 +- 2010/1xxx/CVE-2010-1855.json | 190 ++++++------ 2010/1xxx/CVE-2010-1970.json | 160 +++++----- 2010/4xxx/CVE-2010-4431.json | 170 +++++----- 2010/5xxx/CVE-2010-5237.json | 130 ++++---- 2010/5xxx/CVE-2010-5310.json | 150 ++++----- 2014/0xxx/CVE-2014-0618.json | 160 +++++----- 2014/0xxx/CVE-2014-0798.json | 34 +- 2014/1xxx/CVE-2014-1533.json | 580 +++++++++++++++++------------------ 2014/1xxx/CVE-2014-1751.json | 120 ++++---- 2014/1xxx/CVE-2014-1889.json | 150 ++++----- 2014/4xxx/CVE-2014-4103.json | 150 ++++----- 2014/4xxx/CVE-2014-4383.json | 190 ++++++------ 2014/5xxx/CVE-2014-5041.json | 34 +- 2014/5xxx/CVE-2014-5207.json | 230 +++++++------- 2014/9xxx/CVE-2014-9124.json | 34 +- 2014/9xxx/CVE-2014-9646.json | 160 +++++----- 2016/3xxx/CVE-2016-3092.json | 540 ++++++++++++++++---------------- 2016/3xxx/CVE-2016-3100.json | 190 ++++++------ 2016/3xxx/CVE-2016-3853.json | 130 ++++---- 2016/7xxx/CVE-2016-7017.json | 140 ++++----- 2016/7xxx/CVE-2016-7877.json | 190 ++++++------ 2016/8xxx/CVE-2016-8069.json | 34 +- 2016/8xxx/CVE-2016-8385.json | 130 ++++---- 2016/8xxx/CVE-2016-8644.json | 130 ++++---- 2016/8xxx/CVE-2016-8723.json | 120 ++++---- 2016/8xxx/CVE-2016-8991.json | 34 +- 2016/9xxx/CVE-2016-9611.json | 34 +- 2016/9xxx/CVE-2016-9679.json | 140 ++++----- 2016/9xxx/CVE-2016-9725.json | 172 +++++------ 2016/9xxx/CVE-2016-9769.json | 34 +- 2019/2xxx/CVE-2019-2534.json | 168 +++++----- 2019/2xxx/CVE-2019-2546.json | 196 ++++++------ 2019/2xxx/CVE-2019-2608.json | 34 +- 2019/2xxx/CVE-2019-2873.json | 34 +- 51 files changed, 4188 insertions(+), 4188 deletions(-) diff --git a/2006/5xxx/CVE-2006-5014.json b/2006/5xxx/CVE-2006-5014.json index 44c5a1b94af..7c1e275b008 100644 --- a/2006/5xxx/CVE-2006-5014.json +++ b/2006/5xxx/CVE-2006-5014.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5014", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to gain privileges via unspecified vectors in (1) mysqladmin and (2) hooksadmin." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5014", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://changelog.cpanel.net/?build=&showall=1", - "refsource" : "CONFIRM", - "url" : "http://changelog.cpanel.net/?build=&showall=1" - }, - { - "name" : "http://forums.cpanel.net/showthread.php?t=58134", - "refsource" : "CONFIRM", - "url" : "http://forums.cpanel.net/showthread.php?t=58134" - }, - { - "name" : "20163", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20163" - }, - { - "name" : "1016913", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016913" - }, - { - "name" : "22072", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22072" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to gain privileges via unspecified vectors in (1) mysqladmin and (2) hooksadmin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://forums.cpanel.net/showthread.php?t=58134", + "refsource": "CONFIRM", + "url": "http://forums.cpanel.net/showthread.php?t=58134" + }, + { + "name": "1016913", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016913" + }, + { + "name": "22072", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22072" + }, + { + "name": "http://changelog.cpanel.net/?build=&showall=1", + "refsource": "CONFIRM", + "url": "http://changelog.cpanel.net/?build=&showall=1" + }, + { + "name": "20163", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20163" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5037.json b/2006/5xxx/CVE-2006-5037.json index 26f8bb880ca..e5f6b5f9d4b 100644 --- a/2006/5xxx/CVE-2006-5037.json +++ b/2006/5xxx/CVE-2006-5037.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5037", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** MySource Matrix after 3.8 allows remote attackers to use the application as an HTTP proxy server via a MIME encoded URL in the sq_content_src parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting (XSS) attacks. NOTE: the researcher reports that \"The vendor does not consider this a vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5037", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060922 Squiz MySource Matrix Unauthorised Proxy and Cross Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/446722/100/0/threaded" - }, - { - "name" : "http://www.aushack.com/advisories/200607-mysourcematrix.txt", - "refsource" : "MISC", - "url" : "http://www.aushack.com/advisories/200607-mysourcematrix.txt" - }, - { - "name" : "22060", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22060" - }, - { - "name" : "1635", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1635" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** MySource Matrix after 3.8 allows remote attackers to use the application as an HTTP proxy server via a MIME encoded URL in the sq_content_src parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting (XSS) attacks. NOTE: the researcher reports that \"The vendor does not consider this a vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.aushack.com/advisories/200607-mysourcematrix.txt", + "refsource": "MISC", + "url": "http://www.aushack.com/advisories/200607-mysourcematrix.txt" + }, + { + "name": "20060922 Squiz MySource Matrix Unauthorised Proxy and Cross Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/446722/100/0/threaded" + }, + { + "name": "1635", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1635" + }, + { + "name": "22060", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22060" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5376.json b/2006/5xxx/CVE-2006-5376.json index bee9fd68af9..ab4c0af51ea 100644 --- a/2006/5xxx/CVE-2006-5376.json +++ b/2006/5xxx/CVE-2006-5376.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5376", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in PeopleTools component in Oracle PeopleSoft Enterprise 8.22 GA, 8.46 GA, 8.47 GA, 8.48 GA, 8.22.11, 8.46.15, 8.47.09, and 8.48.03 have unknown impact and remote authenticated attack vectors, aka Vuln# (1) PSE04, (2) PSE06, (3) PSE07, and (4) PSE08." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5376", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded" - }, - { - "name" : "TA06-291A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-291A.html" - }, - { - "name" : "20588", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20588" - }, - { - "name" : "ADV-2006-4065", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4065" - }, - { - "name" : "1017077", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017077" - }, - { - "name" : "22396", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22396" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in PeopleTools component in Oracle PeopleSoft Enterprise 8.22 GA, 8.46 GA, 8.47 GA, 8.48 GA, 8.22.11, 8.46.15, 8.47.09, and 8.48.03 have unknown impact and remote authenticated attack vectors, aka Vuln# (1) PSE04, (2) PSE06, (3) PSE07, and (4) PSE08." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html" + }, + { + "name": "20588", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20588" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded" + }, + { + "name": "ADV-2006-4065", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4065" + }, + { + "name": "22396", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22396" + }, + { + "name": "1017077", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017077" + }, + { + "name": "TA06-291A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-291A.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5512.json b/2006/5xxx/CVE-2006-5512.json index bab1532417d..9f65016a1e1 100644 --- a/2006/5xxx/CVE-2006-5512.json +++ b/2006/5xxx/CVE-2006-5512.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5512", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in article.htm in Zwahlen Online Shop allows remote attackers to inject arbitrary web script or HTML via the cat parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5512", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061022 XSS in Zwahlen Online Shop", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/449467/100/0/threaded" - }, - { - "name" : "20061103 Zwahlen Online Shop", - "refsource" : "VIM", - "url" : "http://attrition.org/pipermail/vim/2006-November/001106.html" - }, - { - "name" : "20682", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20682" - }, - { - "name" : "1773", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1773" - }, - { - "name" : "zwahlen-article-xss(29753)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29753" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in article.htm in Zwahlen Online Shop allows remote attackers to inject arbitrary web script or HTML via the cat parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061022 XSS in Zwahlen Online Shop", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/449467/100/0/threaded" + }, + { + "name": "zwahlen-article-xss(29753)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29753" + }, + { + "name": "1773", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1773" + }, + { + "name": "20682", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20682" + }, + { + "name": "20061103 Zwahlen Online Shop", + "refsource": "VIM", + "url": "http://attrition.org/pipermail/vim/2006-November/001106.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5615.json b/2006/5xxx/CVE-2006-5615.json index acfe21e6e8d..58010eb9a7e 100644 --- a/2006/5xxx/CVE-2006-5615.json +++ b/2006/5xxx/CVE-2006-5615.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5615", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in publish.php in Textpattern 1.19, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the txpcfg[txpath] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5615", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061027 TextPattern <=1.19 Remote File Inclusion Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/449907/100/0/threaded" - }, - { - "name" : "20769", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20769" - }, - { - "name" : "1794", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1794" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in publish.php in Textpattern 1.19, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the txpcfg[txpath] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1794", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1794" + }, + { + "name": "20769", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20769" + }, + { + "name": "20061027 TextPattern <=1.19 Remote File Inclusion Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/449907/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5779.json b/2006/5xxx/CVE-2006-5779.json index 9e143d24380..c1ef32c82d2 100644 --- a/2006/5xxx/CVE-2006-5779.json +++ b/2006/5xxx/CVE-2006-5779.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5779", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5779", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061106 VulnDisco Pack for Metasploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/450728/100/0/threaded" - }, - { - "name" : "http://gleg.net/downloads/VULNDISCO_META_FREE.tar.gz", - "refsource" : "MISC", - "url" : "http://gleg.net/downloads/VULNDISCO_META_FREE.tar.gz" - }, - { - "name" : "http://gleg.net/vulndisco_meta.shtml", - "refsource" : "MISC", - "url" : "http://gleg.net/vulndisco_meta.shtml" - }, - { - "name" : "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4740", - "refsource" : "CONFIRM", - "url" : "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4740" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-820", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-820" - }, - { - "name" : "GLSA-200611-25", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200611-25.xml" - }, - { - "name" : "MDKSA-2006:208", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:208" - }, - { - "name" : "OpenPKG-SA-2006.033", - "refsource" : "OPENPKG", - "url" : "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.033-openldap.html" - }, - { - "name" : "SUSE-SA:2006:072", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_72_openldap2.html" - }, - { - "name" : "2006-0066", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2006/0066/" - }, - { - "name" : "USN-384-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-384-1" - }, - { - "name" : "20939", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20939" - }, - { - "name" : "ADV-2006-4379", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4379" - }, - { - "name" : "1017166", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017166" - }, - { - "name" : "22750", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22750" - }, - { - "name" : "22953", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22953" - }, - { - "name" : "22996", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22996" - }, - { - "name" : "23133", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23133" - }, - { - "name" : "23125", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23125" - }, - { - "name" : "23152", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23152" - }, - { - "name" : "23170", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23170" - }, - { - "name" : "1831", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1831" - }, - { - "name" : "openldap-bind-dos(30076)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30076" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23133", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23133" + }, + { + "name": "SUSE-SA:2006:072", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_72_openldap2.html" + }, + { + "name": "http://gleg.net/vulndisco_meta.shtml", + "refsource": "MISC", + "url": "http://gleg.net/vulndisco_meta.shtml" + }, + { + "name": "https://issues.rpath.com/browse/RPL-820", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-820" + }, + { + "name": "23170", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23170" + }, + { + "name": "1017166", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017166" + }, + { + "name": "2006-0066", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2006/0066/" + }, + { + "name": "MDKSA-2006:208", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:208" + }, + { + "name": "ADV-2006-4379", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4379" + }, + { + "name": "20939", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20939" + }, + { + "name": "USN-384-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-384-1" + }, + { + "name": "openldap-bind-dos(30076)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30076" + }, + { + "name": "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4740", + "refsource": "CONFIRM", + "url": "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4740" + }, + { + "name": "23152", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23152" + }, + { + "name": "http://gleg.net/downloads/VULNDISCO_META_FREE.tar.gz", + "refsource": "MISC", + "url": "http://gleg.net/downloads/VULNDISCO_META_FREE.tar.gz" + }, + { + "name": "22996", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22996" + }, + { + "name": "OpenPKG-SA-2006.033", + "refsource": "OPENPKG", + "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.033-openldap.html" + }, + { + "name": "22953", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22953" + }, + { + "name": "23125", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23125" + }, + { + "name": "20061106 VulnDisco Pack for Metasploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/450728/100/0/threaded" + }, + { + "name": "1831", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1831" + }, + { + "name": "GLSA-200611-25", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200611-25.xml" + }, + { + "name": "22750", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22750" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2233.json b/2007/2xxx/CVE-2007-2233.json index 36fd3220a06..b17b1470bf9 100644 --- a/2007/2xxx/CVE-2007-2233.json +++ b/2007/2xxx/CVE-2007-2233.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2233", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "cosign-bin/cosign.cgi in Cosign 2.0.2 and earlier allows remote authenticated users to perform unauthorized actions as an arbitrary user by using CR (\\r) sequences in the service parameter to inject LOGIN and REGISTER commands with the desired username." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2233", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070411 Cosign SSO Authentication Bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/465386/100/100/threaded" - }, - { - "name" : "http://www.umich.edu/~umweb/software/cosign/cosign-vuln-2007-002.txt", - "refsource" : "CONFIRM", - "url" : "http://www.umich.edu/~umweb/software/cosign/cosign-vuln-2007-002.txt" - }, - { - "name" : "ADV-2007-1359", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1359" - }, - { - "name" : "24845", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24845" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cosign-bin/cosign.cgi in Cosign 2.0.2 and earlier allows remote authenticated users to perform unauthorized actions as an arbitrary user by using CR (\\r) sequences in the service parameter to inject LOGIN and REGISTER commands with the desired username." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070411 Cosign SSO Authentication Bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/465386/100/100/threaded" + }, + { + "name": "24845", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24845" + }, + { + "name": "ADV-2007-1359", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1359" + }, + { + "name": "http://www.umich.edu/~umweb/software/cosign/cosign-vuln-2007-002.txt", + "refsource": "CONFIRM", + "url": "http://www.umich.edu/~umweb/software/cosign/cosign-vuln-2007-002.txt" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2357.json b/2007/2xxx/CVE-2007-2357.json index 754c7299689..a168e0e4c26 100644 --- a/2007/2xxx/CVE-2007-2357.json +++ b/2007/2xxx/CVE-2007-2357.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2357", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in mods/Core/result.php in SineCms 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the stringa parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2357", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070426 SineCMS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/466965/100/0/threaded" - }, - { - "name" : "23682", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23682" - }, - { - "name" : "ADV-2007-1559", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1559" - }, - { - "name" : "34172", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34172" - }, - { - "name" : "25014", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25014" - }, - { - "name" : "2649", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2649" - }, - { - "name" : "sinecms-result-xss(33919)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33919" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in mods/Core/result.php in SineCms 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the stringa parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34172", + "refsource": "OSVDB", + "url": "http://osvdb.org/34172" + }, + { + "name": "25014", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25014" + }, + { + "name": "sinecms-result-xss(33919)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33919" + }, + { + "name": "23682", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23682" + }, + { + "name": "2649", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2649" + }, + { + "name": "20070426 SineCMS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/466965/100/0/threaded" + }, + { + "name": "ADV-2007-1559", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1559" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2400.json b/2007/2xxx/CVE-2007-2400.json index 44a5930d5db..18681c2f25a 100644 --- a/2007/2xxx/CVE-2007-2400.json +++ b/2007/2xxx/CVE-2007-2400.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2400", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2400", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=306173", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=306173" - }, - { - "name" : "APPLE-SA-2007-06-22", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html" - }, - { - "name" : "VU#289988", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/289988" - }, - { - "name" : "24599", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24599" - }, - { - "name" : "ADV-2007-2316", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2316" - }, - { - "name" : "ADV-2007-2731", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2731" - }, - { - "name" : "36452", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36452" - }, - { - "name" : "1018282", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018282" - }, - { - "name" : "26287", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26287" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36452", + "refsource": "OSVDB", + "url": "http://osvdb.org/36452" + }, + { + "name": "ADV-2007-2316", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2316" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=306173", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=306173" + }, + { + "name": "APPLE-SA-2007-06-22", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html" + }, + { + "name": "1018282", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018282" + }, + { + "name": "24599", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24599" + }, + { + "name": "26287", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26287" + }, + { + "name": "VU#289988", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/289988" + }, + { + "name": "ADV-2007-2731", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2731" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2876.json b/2007/2xxx/CVE-2007-2876.json index 85c5f54a1a8..8eb431f416d 100644 --- a/2007/2xxx/CVE-2007-2876.json +++ b/2007/2xxx/CVE-2007-2876.json @@ -1,207 +1,207 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2876", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2) nf_conntrack_proto_sctp.c in Netfilter in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, allows remote attackers to cause a denial of service by causing certain invalid states that trigger a NULL pointer dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-2876", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20070608 Linux 2.6.20.13", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=linux-kernel&m=118128610219959&w=2" - }, - { - "name" : "[linux-kernel] 20070608 Linux 2.6.21.4", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=linux-kernel&m=118128622431272&w=2" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.4", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.4" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-287.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-287.htm" - }, - { - "name" : "DSA-1356", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1356" - }, - { - "name" : "MDKSA-2007:171", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:171" - }, - { - "name" : "MDKSA-2007:196", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:196" - }, - { - "name" : "RHSA-2007:0488", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2007-0488.html" - }, - { - "name" : "RHSA-2007:0705", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0705.html" - }, - { - "name" : "SUSE-SA:2007:043", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_43_kernel.html" - }, - { - "name" : "SUSE-SA:2007:051", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_51_kernel.html" - }, - { - "name" : "SUSE-SA:2007:053", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_53_kernel.html" - }, - { - "name" : "USN-486-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-486-1" - }, - { - "name" : "USN-489-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-489-1" - }, - { - "name" : "USN-510-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-510-1" - }, - { - "name" : "24376", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24376" - }, - { - "name" : "37112", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37112" - }, - { - "name" : "oval:org.mitre.oval:def:10116", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10116" - }, - { - "name" : "ADV-2007-2105", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2105" - }, - { - "name" : "25838", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25838" - }, - { - "name" : "25961", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25961" - }, - { - "name" : "26133", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26133" - }, - { - "name" : "26139", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26139" - }, - { - "name" : "26289", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26289" - }, - { - "name" : "26450", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26450" - }, - { - "name" : "26760", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26760" - }, - { - "name" : "26620", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26620" - }, - { - "name" : "26664", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26664" - }, - { - "name" : "27227", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27227" - }, - { - "name" : "kernel-sctpnew-dos(34777)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34777" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2) nf_conntrack_proto_sctp.c in Netfilter in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, allows remote attackers to cause a denial of service by causing certain invalid states that trigger a NULL pointer dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24376", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24376" + }, + { + "name": "27227", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27227" + }, + { + "name": "26664", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26664" + }, + { + "name": "SUSE-SA:2007:051", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_51_kernel.html" + }, + { + "name": "ADV-2007-2105", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2105" + }, + { + "name": "SUSE-SA:2007:053", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_53_kernel.html" + }, + { + "name": "SUSE-SA:2007:043", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_43_kernel.html" + }, + { + "name": "26289", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26289" + }, + { + "name": "25838", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25838" + }, + { + "name": "MDKSA-2007:171", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:171" + }, + { + "name": "USN-510-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-510-1" + }, + { + "name": "DSA-1356", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1356" + }, + { + "name": "26760", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26760" + }, + { + "name": "RHSA-2007:0705", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0705.html" + }, + { + "name": "26620", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26620" + }, + { + "name": "USN-489-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-489-1" + }, + { + "name": "MDKSA-2007:196", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:196" + }, + { + "name": "kernel-sctpnew-dos(34777)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34777" + }, + { + "name": "[linux-kernel] 20070608 Linux 2.6.21.4", + "refsource": "MLIST", + "url": "http://marc.info/?l=linux-kernel&m=118128622431272&w=2" + }, + { + "name": "25961", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25961" + }, + { + "name": "oval:org.mitre.oval:def:10116", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10116" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-287.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-287.htm" + }, + { + "name": "USN-486-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-486-1" + }, + { + "name": "26450", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26450" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.4", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.4" + }, + { + "name": "37112", + "refsource": "OSVDB", + "url": "http://osvdb.org/37112" + }, + { + "name": "[linux-kernel] 20070608 Linux 2.6.20.13", + "refsource": "MLIST", + "url": "http://marc.info/?l=linux-kernel&m=118128610219959&w=2" + }, + { + "name": "26139", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26139" + }, + { + "name": "RHSA-2007:0488", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2007-0488.html" + }, + { + "name": "26133", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26133" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6438.json b/2007/6xxx/CVE-2007-6438.json index 9726d8d3275..c1ce1435fa1 100644 --- a/2007/6xxx/CVE-2007-6438.json +++ b/2007/6xxx/CVE-2007-6438.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6438", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the SMB dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service via unknown vectors. NOTE: this identifier originally included MP3 and NCP, but those issues are already covered by CVE-2007-6111." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-6438", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080103 rPSA-2008-0004-1 tshark wireshark", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485792/100/0/threaded" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=199958", - "refsource" : "MISC", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=199958" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2007-03.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2007-03.html" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0004", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0004" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1975", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1975" - }, - { - "name" : "GLSA-200712-23", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200712-23.xml" - }, - { - "name" : "MDVSA-2008:001", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:001" - }, - { - "name" : "MDVSA-2008:1", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:1" - }, - { - "name" : "RHSA-2008:0058", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0058.html" - }, - { - "name" : "SUSE-SR:2008:004", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html" - }, - { - "name" : "27071", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27071" - }, - { - "name" : "oval:org.mitre.oval:def:11785", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11785" - }, - { - "name" : "oval:org.mitre.oval:def:14734", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14734" - }, - { - "name" : "28288", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28288" - }, - { - "name" : "27777", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27777" - }, - { - "name" : "28304", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28304" - }, - { - "name" : "28325", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28325" - }, - { - "name" : "28564", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28564" - }, - { - "name" : "29048", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29048" - }, - { - "name" : "wireshark-smb-dissector-dos(39178)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39178" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the SMB dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service via unknown vectors. NOTE: this identifier originally included MP3 and NCP, but those issues are already covered by CVE-2007-6111." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "wireshark-smb-dissector-dos(39178)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39178" + }, + { + "name": "27777", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27777" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1975", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1975" + }, + { + "name": "oval:org.mitre.oval:def:11785", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11785" + }, + { + "name": "29048", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29048" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2007-03.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2007-03.html" + }, + { + "name": "28564", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28564" + }, + { + "name": "20080103 rPSA-2008-0004-1 tshark wireshark", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485792/100/0/threaded" + }, + { + "name": "GLSA-200712-23", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200712-23.xml" + }, + { + "name": "28304", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28304" + }, + { + "name": "oval:org.mitre.oval:def:14734", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14734" + }, + { + "name": "28325", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28325" + }, + { + "name": "MDVSA-2008:1", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:1" + }, + { + "name": "MDVSA-2008:001", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:001" + }, + { + "name": "RHSA-2008:0058", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0058.html" + }, + { + "name": "SUSE-SR:2008:004", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=199958", + "refsource": "MISC", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=199958" + }, + { + "name": "27071", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27071" + }, + { + "name": "28288", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28288" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0004", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0004" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6507.json b/2007/6xxx/CVE-2007-6507.json index 91b57911a6a..c90c65bbc26 100644 --- a/2007/6xxx/CVE-2007-6507.json +++ b/2007/6xxx/CVE-2007-6507.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6507", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, before Security Patch 4, exposes unspecified dangerous sub-functions from StRpcSrv.dll in the DCE/RPC interface, which allows remote attackers to obtain \"full file system access\" and execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6507", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071217 ZDI-07-077: Trend Micro ServerProtect StRpcSrv.dll Insecure Method Exposure Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485250/100/0/threaded" - }, - { - "name" : "http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch4_readme.txt", - "refsource" : "MISC", - "url" : "http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch4_readme.txt" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-07-077.html", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-07-077.html" - }, - { - "name" : "26912", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26912" - }, - { - "name" : "44318", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/44318" - }, - { - "name" : "26523", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26523" - }, - { - "name" : "3475", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3475" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, before Security Patch 4, exposes unspecified dangerous sub-functions from StRpcSrv.dll in the DCE/RPC interface, which allows remote attackers to obtain \"full file system access\" and execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44318", + "refsource": "OSVDB", + "url": "http://osvdb.org/44318" + }, + { + "name": "26912", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26912" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-077.html", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-077.html" + }, + { + "name": "http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch4_readme.txt", + "refsource": "MISC", + "url": "http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch4_readme.txt" + }, + { + "name": "20071217 ZDI-07-077: Trend Micro ServerProtect StRpcSrv.dll Insecure Method Exposure Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485250/100/0/threaded" + }, + { + "name": "3475", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3475" + }, + { + "name": "26523", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26523" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6518.json b/2007/6xxx/CVE-2007-6518.json index 48bde6cbe04..90597a0e0e0 100644 --- a/2007/6xxx/CVE-2007-6518.json +++ b/2007/6xxx/CVE-2007-6518.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6518", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in search.php in WoltLab Burning Board (wBB) Lite 1.0.2 pl3e allow remote attackers to execute arbitrary SQL commands via the (1) showposts, (2) sortby, and (3) sortorder parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6518", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071220 Woltlab Burning Board 1.0.2 SQL-Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485408/100/0/threaded" - }, - { - "name" : "26973", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26973" - }, - { - "name" : "ADV-2007-4300", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4300" - }, - { - "name" : "39497", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/39497" - }, - { - "name" : "28188", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28188" - }, - { - "name" : "woltlab-search-sql-injection(39174)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39174" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in search.php in WoltLab Burning Board (wBB) Lite 1.0.2 pl3e allow remote attackers to execute arbitrary SQL commands via the (1) showposts, (2) sortby, and (3) sortorder parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "woltlab-search-sql-injection(39174)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39174" + }, + { + "name": "20071220 Woltlab Burning Board 1.0.2 SQL-Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485408/100/0/threaded" + }, + { + "name": "ADV-2007-4300", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4300" + }, + { + "name": "28188", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28188" + }, + { + "name": "26973", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26973" + }, + { + "name": "39497", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/39497" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0570.json b/2010/0xxx/CVE-2010-0570.json index 1f4d652d8e5..5a6ed48c7b9 100644 --- a/2010/0xxx/CVE-2010-0570.json +++ b/2010/0xxx/CVE-2010-0570.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0570", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Digital Media Manager (DMM) 5.0.x and 5.1.x has a default password for the Tomcat administration account, which makes it easier for remote attackers to execute arbitrary code via a crafted web application, aka Bug ID CSCta03378." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2010-0570", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100303 Multiple Vulnerabilities in Cisco Digital Media Manager", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b923.shtml" - }, - { - "name" : "38503", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38503" - }, - { - "name" : "1023671", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023671" - }, - { - "name" : "38800", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38800" - }, - { - "name" : "ADV-2010-0531", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0531" - }, - { - "name" : "cisco-ddm-default-credentials(56634)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56634" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Digital Media Manager (DMM) 5.0.x and 5.1.x has a default password for the Tomcat administration account, which makes it easier for remote attackers to execute arbitrary code via a crafted web application, aka Bug ID CSCta03378." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1023671", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023671" + }, + { + "name": "38800", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38800" + }, + { + "name": "20100303 Multiple Vulnerabilities in Cisco Digital Media Manager", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b923.shtml" + }, + { + "name": "38503", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38503" + }, + { + "name": "cisco-ddm-default-credentials(56634)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56634" + }, + { + "name": "ADV-2010-0531", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0531" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0758.json b/2010/0xxx/CVE-2010-0758.json index c789396dac1..56a0353e41b 100644 --- a/2010/0xxx/CVE-2010-0758.json +++ b/2010/0xxx/CVE-2010-0758.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0758", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in news_desc.php in Softbiz Jobs allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0758", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1002-exploits/softbizjobs-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1002-exploits/softbizjobs-sql.txt" - }, - { - "name" : "11518", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11518" - }, - { - "name" : "38344", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38344" - }, - { - "name" : "jobboard-newsdesc-sql-injection(56453)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56453" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in news_desc.php in Softbiz Jobs allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/1002-exploits/softbizjobs-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1002-exploits/softbizjobs-sql.txt" + }, + { + "name": "11518", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11518" + }, + { + "name": "jobboard-newsdesc-sql-injection(56453)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56453" + }, + { + "name": "38344", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38344" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1057.json b/2010/1xxx/CVE-2010-1057.json index 885f3f524f6..2c77fac436e 100644 --- a/2010/1xxx/CVE-2010-1057.json +++ b/2010/1xxx/CVE-2010-1057.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1057", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in Phpkobo AdFreely (aka Ad Board Script) 1.01, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a ..// (dot dot slash slash) in the LANG_CODE parameter to common.inc.php in (1) codelib/cfg/, (2) codelib/sys/, (3) staff/, and (4) staff/app/; and (5) staff/file.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1057", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "11722", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11722" - }, - { - "name" : "38731", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38731" - }, - { - "name" : "62926", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/62926" - }, - { - "name" : "38947", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38947" - }, - { - "name" : "ADV-2010-0611", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0611" - }, - { - "name" : "adboardscript-common-file-include(56865)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56865" - }, - { - "name" : "adfreely-commoninc-file-include(56858)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56858" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in Phpkobo AdFreely (aka Ad Board Script) 1.01, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a ..// (dot dot slash slash) in the LANG_CODE parameter to common.inc.php in (1) codelib/cfg/, (2) codelib/sys/, (3) staff/, and (4) staff/app/; and (5) staff/file.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "adfreely-commoninc-file-include(56858)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56858" + }, + { + "name": "62926", + "refsource": "OSVDB", + "url": "http://osvdb.org/62926" + }, + { + "name": "38947", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38947" + }, + { + "name": "11722", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11722" + }, + { + "name": "adboardscript-common-file-include(56865)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56865" + }, + { + "name": "38731", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38731" + }, + { + "name": "ADV-2010-0611", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0611" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1700.json b/2010/1xxx/CVE-2010-1700.json index 61ee04baaab..550425f52cc 100644 --- a/2010/1xxx/CVE-2010-1700.json +++ b/2010/1xxx/CVE-2010-1700.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1700", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-1700", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1855.json b/2010/1xxx/CVE-2010-1855.json index 6cb27497e92..52f452f8959 100644 --- a/2010/1xxx/CVE-2010-1855.json +++ b/2010/1xxx/CVE-2010-1855.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1855", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in auktion.php in Pay Per Watch & Bid Auktions System allows remote attackers to execute arbitrary SQL commands via the id_auk parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1855", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "11816", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11816" - }, - { - "name" : "http://4004securityproject.wordpress.com/2010/03/20/pay-per-watch-bid-auktions-system-blind-sql-injection-auktion-php-id_auk/", - "refsource" : "MISC", - "url" : "http://4004securityproject.wordpress.com/2010/03/20/pay-per-watch-bid-auktions-system-blind-sql-injection-auktion-php-id_auk/" - }, - { - "name" : "http://packetstormsecurity.org/1003-exploits/ppwb-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1003-exploits/ppwb-sql.txt" - }, - { - "name" : "38878", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38878" - }, - { - "name" : "63131", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/63131" - }, - { - "name" : "39059", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39059" - }, - { - "name" : "ADV-2010-0670", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0670" - }, - { - "name" : "payperwatch-auktion-sql-injection(57055)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57055" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in auktion.php in Pay Per Watch & Bid Auktions System allows remote attackers to execute arbitrary SQL commands via the id_auk parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-0670", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0670" + }, + { + "name": "39059", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39059" + }, + { + "name": "http://packetstormsecurity.org/1003-exploits/ppwb-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1003-exploits/ppwb-sql.txt" + }, + { + "name": "http://4004securityproject.wordpress.com/2010/03/20/pay-per-watch-bid-auktions-system-blind-sql-injection-auktion-php-id_auk/", + "refsource": "MISC", + "url": "http://4004securityproject.wordpress.com/2010/03/20/pay-per-watch-bid-auktions-system-blind-sql-injection-auktion-php-id_auk/" + }, + { + "name": "63131", + "refsource": "OSVDB", + "url": "http://osvdb.org/63131" + }, + { + "name": "38878", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38878" + }, + { + "name": "11816", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11816" + }, + { + "name": "payperwatch-auktion-sql-injection(57055)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57055" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1970.json b/2010/1xxx/CVE-2010-1970.json index 8501970df78..2927b0ad48e 100644 --- a/2010/1xxx/CVE-2010-1970.json +++ b/2010/1xxx/CVE-2010-1970.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1970", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Insight Software Installer for Windows before 6.1 allows local users to read or modify data, and consequently gain privileges, via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2010-1970", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA02553", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388" - }, - { - "name" : "SSRT100184", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388" - }, - { - "name" : "1024186", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024186" - }, - { - "name" : "40553", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40553" - }, - { - "name" : "ADV-2010-1792", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1792" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Insight Software Installer for Windows before 6.1 allows local users to read or modify data, and consequently gain privileges, via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-1792", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1792" + }, + { + "name": "SSRT100184", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388" + }, + { + "name": "1024186", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024186" + }, + { + "name": "40553", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40553" + }, + { + "name": "HPSBMA02553", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4431.json b/2010/4xxx/CVE-2010-4431.json index d142d703593..5364fd41cde 100644 --- a/2010/4xxx/CVE-2010-4431.json +++ b/2010/4xxx/CVE-2010-4431.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4431", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Sun Java System Portal Server 7.1 and 7.2 allows local users to affect confidentiality via unknown vectors related to Proxy." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-4431", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" - }, - { - "name" : "45898", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45898" - }, - { - "name" : "70565", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70565" - }, - { - "name" : "42991", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42991" - }, - { - "name" : "ADV-2011-0158", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0158" - }, - { - "name" : "sun-java-system-proxy-info-disclosure(64816)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64816" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Sun Java System Portal Server 7.1 and 7.2 allows local users to affect confidentiality via unknown vectors related to Proxy." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0158", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0158" + }, + { + "name": "sun-java-system-proxy-info-disclosure(64816)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64816" + }, + { + "name": "70565", + "refsource": "OSVDB", + "url": "http://osvdb.org/70565" + }, + { + "name": "42991", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42991" + }, + { + "name": "45898", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45898" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5237.json b/2010/5xxx/CVE-2010-5237.json index 82098a40d45..3d5ca857cfa 100644 --- a/2010/5xxx/CVE-2010-5237.json +++ b/2010/5xxx/CVE-2010-5237.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5237", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in CyberLink PowerDirector 7 allows local users to gain privileges via a Trojan horse mfc71loc.dll file in the current working directory, as demonstrated by a directory that contains a .pdl, .iso, .pds, .p2g, or .p2i file. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://extraexploit.blogspot.com/2010/08/dll-hijacking-my-test-cases-on-default.html", - "refsource" : "MISC", - "url" : "http://extraexploit.blogspot.com/2010/08/dll-hijacking-my-test-cases-on-default.html" - }, - { - "name" : "41142", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41142" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in CyberLink PowerDirector 7 allows local users to gain privileges via a Trojan horse mfc71loc.dll file in the current working directory, as demonstrated by a directory that contains a .pdl, .iso, .pds, .p2g, or .p2i file. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://extraexploit.blogspot.com/2010/08/dll-hijacking-my-test-cases-on-default.html", + "refsource": "MISC", + "url": "http://extraexploit.blogspot.com/2010/08/dll-hijacking-my-test-cases-on-default.html" + }, + { + "name": "41142", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41142" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5310.json b/2010/5xxx/CVE-2010-5310.json index 4840d86137b..ad9f61345e3 100644 --- a/2010/5xxx/CVE-2010-5310.json +++ b/2010/5xxx/CVE-2010-5310.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5310", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Acquisition Workstation for the GE Healthcare Revolution XQ/i has a password of adw3.1 for the sdc user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5310", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/", - "refsource" : "MISC", - "url" : "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/" - }, - { - "name" : "https://twitter.com/digitalbond/status/619250429751222277", - "refsource" : "MISC", - "url" : "https://twitter.com/digitalbond/status/619250429751222277" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02" - }, - { - "name" : "http://apps.gehealthcare.com/servlet/ClientServlet/2296976-100R10.pdf?DOCCLASS=A&REQ=RAC&DIRECTION=2296976-100&FILENAME=2296976-100R10.pdf&FILEREV=10&DOCREV_ORG=10&SUBMIT=+ACCEPT+", - "refsource" : "CONFIRM", - "url" : "http://apps.gehealthcare.com/servlet/ClientServlet/2296976-100R10.pdf?DOCCLASS=A&REQ=RAC&DIRECTION=2296976-100&FILENAME=2296976-100R10.pdf&FILEREV=10&DOCREV_ORG=10&SUBMIT=+ACCEPT+" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Acquisition Workstation for the GE Healthcare Revolution XQ/i has a password of adw3.1 for the sdc user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/", + "refsource": "MISC", + "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/" + }, + { + "name": "https://twitter.com/digitalbond/status/619250429751222277", + "refsource": "MISC", + "url": "https://twitter.com/digitalbond/status/619250429751222277" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02" + }, + { + "name": "http://apps.gehealthcare.com/servlet/ClientServlet/2296976-100R10.pdf?DOCCLASS=A&REQ=RAC&DIRECTION=2296976-100&FILENAME=2296976-100R10.pdf&FILEREV=10&DOCREV_ORG=10&SUBMIT=+ACCEPT+", + "refsource": "CONFIRM", + "url": "http://apps.gehealthcare.com/servlet/ClientServlet/2296976-100R10.pdf?DOCCLASS=A&REQ=RAC&DIRECTION=2296976-100&FILENAME=2296976-100R10.pdf&FILEREV=10&DOCREV_ORG=10&SUBMIT=+ACCEPT+" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0618.json b/2014/0xxx/CVE-2014-0618.json index adc14e86f66..799ed1b2255 100644 --- a/2014/0xxx/CVE-2014-0618.json +++ b/2014/0xxx/CVE-2014-0618.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0618", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Juniper Junos before 10.4 before 10.4R16, 11.4 before 11.4R8, 12.1R before 12.1R7, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on SRX Series service gateways, when used as a UAC enforcer and captive portal is enabled, allows remote attackers to cause a denial of service (flowd crash) via a crafted HTTP message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-0618", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10611", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10611" - }, - { - "name" : "64769", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64769" - }, - { - "name" : "101864", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/101864" - }, - { - "name" : "1029584", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029584" - }, - { - "name" : "juniper-junos-srx-cve20140618-dos(90238)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90238" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Juniper Junos before 10.4 before 10.4R16, 11.4 before 11.4R8, 12.1R before 12.1R7, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on SRX Series service gateways, when used as a UAC enforcer and captive portal is enabled, allows remote attackers to cause a denial of service (flowd crash) via a crafted HTTP message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "juniper-junos-srx-cve20140618-dos(90238)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90238" + }, + { + "name": "1029584", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029584" + }, + { + "name": "64769", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64769" + }, + { + "name": "101864", + "refsource": "OSVDB", + "url": "http://osvdb.org/101864" + }, + { + "name": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10611", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10611" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0798.json b/2014/0xxx/CVE-2014-0798.json index a7488e6ecab..9d5b5a3484f 100644 --- a/2014/0xxx/CVE-2014-0798.json +++ b/2014/0xxx/CVE-2014-0798.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0798", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-0798", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1533.json b/2014/1xxx/CVE-2014-1533.json index 5831d8ecabe..4908edce86c 100644 --- a/2014/1xxx/CVE-2014-1533.json +++ b/2014/1xxx/CVE-2014-1533.json @@ -1,292 +1,292 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1533", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2014-1533", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-48.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-48.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1009952", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1009952" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1011007", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1011007" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=921622", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=921622" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=967354", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=967354" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=978811", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=978811" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=988719", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=988719" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=991981", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=991981" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=992274", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=992274" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=994907", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=994907" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=995679", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=995679" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=996715", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=996715" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=999651", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=999651" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-0741.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-0741.html" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-0742.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-0742.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "DSA-2955", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2955" - }, - { - "name" : "DSA-2960", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2960" - }, - { - "name" : "GLSA-201504-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-01" - }, - { - "name" : "RHSA-2014:0741", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0741.html" - }, - { - "name" : "RHSA-2014:0742", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0742.html" - }, - { - "name" : "openSUSE-SU-2014:0855", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-07/msg00001.html" - }, - { - "name" : "openSUSE-SU-2014:0858", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-07/msg00004.html" - }, - { - "name" : "SUSE-SU-2014:0824", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00023.html" - }, - { - "name" : "openSUSE-SU-2014:0797", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00019.html" - }, - { - "name" : "openSUSE-SU-2014:0819", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html" - }, - { - "name" : "USN-2243-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2243-1" - }, - { - "name" : "USN-2250-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2250-1" - }, - { - "name" : "67965", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67965" - }, - { - "name" : "1030386", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030386" - }, - { - "name" : "1030388", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030388" - }, - { - "name" : "58984", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58984" - }, - { - "name" : "59052", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59052" - }, - { - "name" : "59149", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59149" - }, - { - "name" : "59150", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59150" - }, - { - "name" : "59165", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59165" - }, - { - "name" : "59169", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59169" - }, - { - "name" : "59170", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59170" - }, - { - "name" : "59171", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59171" - }, - { - "name" : "59229", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59229" - }, - { - "name" : "59275", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59275" - }, - { - "name" : "59866", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59866" - }, - { - "name" : "59377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59377" - }, - { - "name" : "59387", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59387" - }, - { - "name" : "59328", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59328" - }, - { - "name" : "59425", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59425" - }, - { - "name" : "59486", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59486" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "59229", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59229" + }, + { + "name": "openSUSE-SU-2014:0819", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1009952", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1009952" + }, + { + "name": "RHSA-2014:0741", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0741.html" + }, + { + "name": "SUSE-SU-2014:0824", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00023.html" + }, + { + "name": "59387", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59387" + }, + { + "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-48.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-48.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=991981", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=991981" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=921622", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=921622" + }, + { + "name": "59150", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59150" + }, + { + "name": "1030388", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030388" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=988719", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=988719" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=999651", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=999651" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1011007", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1011007" + }, + { + "name": "59052", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59052" + }, + { + "name": "openSUSE-SU-2014:0855", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00001.html" + }, + { + "name": "openSUSE-SU-2014:0797", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00019.html" + }, + { + "name": "59169", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59169" + }, + { + "name": "59165", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59165" + }, + { + "name": "GLSA-201504-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-01" + }, + { + "name": "59866", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59866" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-0742.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-0742.html" + }, + { + "name": "openSUSE-SU-2014:0858", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00004.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=967354", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=967354" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=978811", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=978811" + }, + { + "name": "59377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59377" + }, + { + "name": "59149", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59149" + }, + { + "name": "RHSA-2014:0742", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0742.html" + }, + { + "name": "USN-2243-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2243-1" + }, + { + "name": "DSA-2960", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2960" + }, + { + "name": "DSA-2955", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2955" + }, + { + "name": "1030386", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030386" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-0741.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-0741.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=992274", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=992274" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=995679", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=995679" + }, + { + "name": "58984", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58984" + }, + { + "name": "59170", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59170" + }, + { + "name": "59425", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59425" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=994907", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=994907" + }, + { + "name": "67965", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67965" + }, + { + "name": "59171", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59171" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=996715", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=996715" + }, + { + "name": "59328", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59328" + }, + { + "name": "59275", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59275" + }, + { + "name": "USN-2250-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2250-1" + }, + { + "name": "59486", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59486" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1751.json b/2014/1xxx/CVE-2014-1751.json index 6ee0ee4ebc8..dd3bb288673 100644 --- a/2014/1xxx/CVE-2014-1751.json +++ b/2014/1xxx/CVE-2014-1751.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1751", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-0235 and CVE-2014-1755." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-1751", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-018", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-018" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-0235 and CVE-2014-1755." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS14-018", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-018" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1889.json b/2014/1xxx/CVE-2014-1889.json index 32915e8449f..286fc895e86 100644 --- a/2014/1xxx/CVE-2014-1889.json +++ b/2014/1xxx/CVE-2014-1889.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1889", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1889", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140213 Wordpress plugin Buddypress <= 1.9.1 privilege escalation vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/531050/100/0/threaded" - }, - { - "name" : "https://buddypress.org/2014/02/buddypress-1-9-2/", - "refsource" : "CONFIRM", - "url" : "https://buddypress.org/2014/02/buddypress-1-9-2/" - }, - { - "name" : "65554", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65554" - }, - { - "name" : "buddypress-cve20141889-sec-bypass(91261)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91261" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140213 Wordpress plugin Buddypress <= 1.9.1 privilege escalation vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/531050/100/0/threaded" + }, + { + "name": "buddypress-cve20141889-sec-bypass(91261)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91261" + }, + { + "name": "65554", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65554" + }, + { + "name": "https://buddypress.org/2014/02/buddypress-1-9-2/", + "refsource": "CONFIRM", + "url": "https://buddypress.org/2014/02/buddypress-1-9-2/" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4103.json b/2014/4xxx/CVE-2014-4103.json index e7638b31f2e..580acd5f69f 100644 --- a/2014/4xxx/CVE-2014-4103.json +++ b/2014/4xxx/CVE-2014-4103.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4103", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-4103", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-052", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052" - }, - { - "name" : "69611", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69611" - }, - { - "name" : "1030818", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030818" - }, - { - "name" : "ms-ie-cve20144103-code-exec(95533)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95533" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030818", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030818" + }, + { + "name": "MS14-052", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052" + }, + { + "name": "69611", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69611" + }, + { + "name": "ms-ie-cve20144103-code-exec(95533)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95533" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4383.json b/2014/4xxx/CVE-2014-4383.json index 84cd2de85f8..33d893082fc 100644 --- a/2014/4xxx/CVE-2014-4383.json +++ b/2014/4xxx/CVE-2014-4383.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4383", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device's update status via a crafted Last-Modified HTTP response header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4383", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT6441", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6441" - }, - { - "name" : "http://support.apple.com/kb/HT6442", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6442" - }, - { - "name" : "APPLE-SA-2014-09-17-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html" - }, - { - "name" : "APPLE-SA-2014-09-17-2", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html" - }, - { - "name" : "69882", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69882" - }, - { - "name" : "69941", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69941" - }, - { - "name" : "1030866", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030866" - }, - { - "name" : "appleios-cve20144383-spoofing(96088)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96088" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device's update status via a crafted Last-Modified HTTP response header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT6441", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6441" + }, + { + "name": "69941", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69941" + }, + { + "name": "1030866", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030866" + }, + { + "name": "appleios-cve20144383-spoofing(96088)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96088" + }, + { + "name": "http://support.apple.com/kb/HT6442", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6442" + }, + { + "name": "APPLE-SA-2014-09-17-2", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html" + }, + { + "name": "69882", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69882" + }, + { + "name": "APPLE-SA-2014-09-17-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5041.json b/2014/5xxx/CVE-2014-5041.json index 9b8942f77e1..48f7d3e702f 100644 --- a/2014/5xxx/CVE-2014-5041.json +++ b/2014/5xxx/CVE-2014-5041.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5041", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5041", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5207.json b/2014/5xxx/CVE-2014-5207.json index c38a11ad11a..9c312affdcd 100644 --- a/2014/5xxx/CVE-2014-5207.json +++ b/2014/5xxx/CVE-2014-5207.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5207", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service (excessive filesystem updating) on systems that had atime disabled via a \"mount -o remount\" command within a user namespace." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5207", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "34923", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/34923" - }, - { - "name" : "[oss-security] 20140813 Re: CVE Request: ro bind mount bypass using user namespaces", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/08/13/4" - }, - { - "name" : "[oss-security] 20140812 CVE Request: ro bind mount bypass using user namespaces", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q3/352" - }, - { - "name" : "http://packetstormsecurity.com/files/128595/Linux-Kernel-3.16.1-FUSE-Privilege-Escalation.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128595/Linux-Kernel-3.16.1-FUSE-Privilege-Escalation.html" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9566d6742852c527bf5af38af5cbb878dad75705", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9566d6742852c527bf5af38af5cbb878dad75705" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1129662", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1129662" - }, - { - "name" : "https://github.com/torvalds/linux/commit/9566d6742852c527bf5af38af5cbb878dad75705", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/9566d6742852c527bf5af38af5cbb878dad75705" - }, - { - "name" : "USN-2317-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2317-1" - }, - { - "name" : "USN-2318-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2318-1" - }, - { - "name" : "69216", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69216" - }, - { - "name" : "110055", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/110055" - }, - { - "name" : "linux-kernel-cve20145207-sec-bypass(95266)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95266" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service (excessive filesystem updating) on systems that had atime disabled via a \"mount -o remount\" command within a user namespace." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69216", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69216" + }, + { + "name": "[oss-security] 20140812 CVE Request: ro bind mount bypass using user namespaces", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q3/352" + }, + { + "name": "https://github.com/torvalds/linux/commit/9566d6742852c527bf5af38af5cbb878dad75705", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/9566d6742852c527bf5af38af5cbb878dad75705" + }, + { + "name": "USN-2318-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2318-1" + }, + { + "name": "110055", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/110055" + }, + { + "name": "34923", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/34923" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9566d6742852c527bf5af38af5cbb878dad75705", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9566d6742852c527bf5af38af5cbb878dad75705" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1129662", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1129662" + }, + { + "name": "linux-kernel-cve20145207-sec-bypass(95266)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95266" + }, + { + "name": "http://packetstormsecurity.com/files/128595/Linux-Kernel-3.16.1-FUSE-Privilege-Escalation.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128595/Linux-Kernel-3.16.1-FUSE-Privilege-Escalation.html" + }, + { + "name": "[oss-security] 20140813 Re: CVE Request: ro bind mount bypass using user namespaces", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/08/13/4" + }, + { + "name": "USN-2317-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2317-1" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9124.json b/2014/9xxx/CVE-2014-9124.json index d6047d6dd59..3895e7669a5 100644 --- a/2014/9xxx/CVE-2014-9124.json +++ b/2014/9xxx/CVE-2014-9124.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9124", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9124", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9646.json b/2014/9xxx/CVE-2014-9646.json index cbd52b3a06e..668f24368f3 100644 --- a/2014/9xxx/CVE-2014-9646.json +++ b/2014/9xxx/CVE-2014-9646.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9646", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unquoted Windows search path vulnerability in the GoogleChromeDistribution::DoPostUninstallOperations function in installer/util/google_chrome_distribution.cc in the uninstall-survey feature in Google Chrome before 40.0.2214.91 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% directory, as demonstrated by program.exe, a different vulnerability than CVE-2015-1205." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9646", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=434964", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=434964" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=449894", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=449894" - }, - { - "name" : "https://codereview.chromium.org/741993002", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/741993002" - }, - { - "name" : "GLSA-201502-13", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-13.xml" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unquoted Windows search path vulnerability in the GoogleChromeDistribution::DoPostUninstallOperations function in installer/util/google_chrome_distribution.cc in the uninstall-survey feature in Google Chrome before 40.0.2214.91 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% directory, as demonstrated by program.exe, a different vulnerability than CVE-2015-1205." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.google.com/p/chromium/issues/detail?id=434964", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=434964" + }, + { + "name": "https://codereview.chromium.org/741993002", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/741993002" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html" + }, + { + "name": "GLSA-201502-13", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-13.xml" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=449894", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=449894" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3092.json b/2016/3xxx/CVE-2016-3092.json index 0b1f32ca84b..4f60772271c 100644 --- a/2016/3xxx/CVE-2016-3092.json +++ b/2016/3xxx/CVE-2016-3092.json @@ -1,272 +1,272 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3092", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-3092", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[dev] 20160621 CVE-2016-3092: Apache Commons Fileupload information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1743480", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1743480" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1743722", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1743722" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1743738", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1743738" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1743742", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1743742" - }, - { - "name" : "http://tomcat.apache.org/security-7.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-7.html" - }, - { - "name" : "http://tomcat.apache.org/security-8.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-8.html" - }, - { - "name" : "http://tomcat.apache.org/security-9.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-9.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1349468", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1349468" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20190212-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20190212-0001/" - }, - { - "name" : "DSA-3611", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3611" - }, - { - "name" : "DSA-3614", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3614" - }, - { - "name" : "DSA-3609", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3609" - }, - { - "name" : "GLSA-201705-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-09" - }, - { - "name" : "RHSA-2016:2068", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2068.html" - }, - { - "name" : "RHSA-2016:2069", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2069.html" - }, - { - "name" : "RHSA-2016:2070", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2070.html" - }, - { - "name" : "RHSA-2016:2071", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2071.html" - }, - { - "name" : "RHSA-2016:2072", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2072.html" - }, - { - "name" : "RHSA-2016:2599", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2599.html" - }, - { - "name" : "RHSA-2016:2807", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2807.html" - }, - { - "name" : "RHSA-2016:2808", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2808.html" - }, - { - "name" : "RHSA-2017:0455", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0455" - }, - { - "name" : "RHSA-2017:0456", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0456" - }, - { - "name" : "RHSA-2017:0457", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0457.html" - }, - { - "name" : "openSUSE-SU-2016:2252", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html" - }, - { - "name" : "USN-3027-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3027-1" - }, - { - "name" : "USN-3024-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3024-1" - }, - { - "name" : "JVN#89379547", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN89379547/index.html" - }, - { - "name" : "JVNDB-2016-000121", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121" - }, - { - "name" : "91453", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91453" - }, - { - "name" : "1037029", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037029" - }, - { - "name" : "1036900", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036900" - }, - { - "name" : "1036427", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036427" - }, - { - "name" : "1039606", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039606" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2016-000121", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20190212-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20190212-0001/" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1743480", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1743480" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "GLSA-201705-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-09" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1743738", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1743738" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840" + }, + { + "name": "http://tomcat.apache.org/security-9.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-9.html" + }, + { + "name": "USN-3024-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3024-1" + }, + { + "name": "RHSA-2016:2069", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2069.html" + }, + { + "name": "1037029", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037029" + }, + { + "name": "RHSA-2016:2068", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2068.html" + }, + { + "name": "http://tomcat.apache.org/security-7.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-7.html" + }, + { + "name": "1036900", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036900" + }, + { + "name": "91453", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91453" + }, + { + "name": "http://tomcat.apache.org/security-8.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-8.html" + }, + { + "name": "RHSA-2016:2072", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2072.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1743722", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1743722" + }, + { + "name": "DSA-3611", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3611" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371" + }, + { + "name": "RHSA-2016:2807", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2807.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + }, + { + "name": "openSUSE-SU-2016:2252", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html" + }, + { + "name": "JVN#89379547", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN89379547/index.html" + }, + { + "name": "1036427", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036427" + }, + { + "name": "RHSA-2016:2070", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2070.html" + }, + { + "name": "RHSA-2017:0457", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0457.html" + }, + { + "name": "RHSA-2016:2808", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2808.html" + }, + { + "name": "1039606", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039606" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1743742", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1743742" + }, + { + "name": "RHSA-2016:2599", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2599.html" + }, + { + "name": "DSA-3609", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3609" + }, + { + "name": "RHSA-2017:0455", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0455" + }, + { + "name": "DSA-3614", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3614" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + }, + { + "name": "[dev] 20160621 CVE-2016-3092: Apache Commons Fileupload information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E" + }, + { + "name": "RHSA-2017:0456", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0456" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468" + }, + { + "name": "RHSA-2016:2071", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2071.html" + }, + { + "name": "USN-3027-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3027-1" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3100.json b/2016/3xxx/CVE-2016-3100.json index b83b65e56ea..3da0111fcdd 100644 --- a/2016/3xxx/CVE-2016-3100.json +++ b/2016/3xxx/CVE-2016-3100.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3100", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-3100", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kde.com/announcements/kde-frameworks-5.23.0.php", - "refsource" : "CONFIRM", - "url" : "http://www.kde.com/announcements/kde-frameworks-5.23.0.php" - }, - { - "name" : "https://bugs.kde.org/show_bug.cgi?id=358593", - "refsource" : "CONFIRM", - "url" : "https://bugs.kde.org/show_bug.cgi?id=358593" - }, - { - "name" : "https://bugs.kde.org/show_bug.cgi?id=363140", - "refsource" : "CONFIRM", - "url" : "https://bugs.kde.org/show_bug.cgi?id=363140" - }, - { - "name" : "https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=72f3702dbe6cf15c06dc13da2c99c864e9022a58", - "refsource" : "CONFIRM", - "url" : "https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=72f3702dbe6cf15c06dc13da2c99c864e9022a58" - }, - { - "name" : "https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=dece8fd89979cd1a86c03bcaceef6e9221e8d8cd", - "refsource" : "CONFIRM", - "url" : "https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=dece8fd89979cd1a86c03bcaceef6e9221e8d8cd" - }, - { - "name" : "https://www.kde.org/info/security/advisory-20160621-1.txt", - "refsource" : "CONFIRM", - "url" : "https://www.kde.org/info/security/advisory-20160621-1.txt" - }, - { - "name" : "openSUSE-SU-2016:1723", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-07/msg00001.html" - }, - { - "name" : "91769", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91769" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=dece8fd89979cd1a86c03bcaceef6e9221e8d8cd", + "refsource": "CONFIRM", + "url": "https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=dece8fd89979cd1a86c03bcaceef6e9221e8d8cd" + }, + { + "name": "https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=72f3702dbe6cf15c06dc13da2c99c864e9022a58", + "refsource": "CONFIRM", + "url": "https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=72f3702dbe6cf15c06dc13da2c99c864e9022a58" + }, + { + "name": "91769", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91769" + }, + { + "name": "openSUSE-SU-2016:1723", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00001.html" + }, + { + "name": "https://bugs.kde.org/show_bug.cgi?id=358593", + "refsource": "CONFIRM", + "url": "https://bugs.kde.org/show_bug.cgi?id=358593" + }, + { + "name": "http://www.kde.com/announcements/kde-frameworks-5.23.0.php", + "refsource": "CONFIRM", + "url": "http://www.kde.com/announcements/kde-frameworks-5.23.0.php" + }, + { + "name": "https://www.kde.org/info/security/advisory-20160621-1.txt", + "refsource": "CONFIRM", + "url": "https://www.kde.org/info/security/advisory-20160621-1.txt" + }, + { + "name": "https://bugs.kde.org/show_bug.cgi?id=363140", + "refsource": "CONFIRM", + "url": "https://bugs.kde.org/show_bug.cgi?id=363140" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3853.json b/2016/3xxx/CVE-2016-3853.json index 7ed432da7fd..650a4e308e6 100644 --- a/2016/3xxx/CVE-2016-3853.json +++ b/2016/3xxx/CVE-2016-3853.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3853", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Play services in Android before 2016-08-05 on Nexus devices allow local users to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26803208." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3853", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-08-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-08-01.html" - }, - { - "name" : "92255", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92255" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Play services in Android before 2016-08-05 on Nexus devices allow local users to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26803208." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-08-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-08-01.html" + }, + { + "name": "92255", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92255" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7017.json b/2016/7xxx/CVE-2016-7017.json index 69c9d94a7e2..5a4a72b360c 100644 --- a/2016/7xxx/CVE-2016-7017.json +++ b/2016/7xxx/CVE-2016-7017.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7017", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7018, and CVE-2016-7019." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-7017", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" - }, - { - "name" : "93496", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93496" - }, - { - "name" : "1036986", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7018, and CVE-2016-7019." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036986", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036986" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" + }, + { + "name": "93496", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93496" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7877.json b/2016/7xxx/CVE-2016-7877.json index 3872dcc06dc..a2de36b318a 100644 --- a/2016/7xxx/CVE-2016-7877.json +++ b/2016/7xxx/CVE-2016-7877.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2016-7877", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the Action Message Format serialization (AFM0). Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-7877", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier", + "version": { + "version_data": [ + { + "version_value": "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html" - }, - { - "name" : "GLSA-201701-17", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-17" - }, - { - "name" : "MS16-154", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154" - }, - { - "name" : "RHSA-2016:2947", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2947.html" - }, - { - "name" : "SUSE-SU-2016:3148", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html" - }, - { - "name" : "openSUSE-SU-2016:3160", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html" - }, - { - "name" : "94873", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94873" - }, - { - "name" : "1037442", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037442" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the Action Message Format serialization (AFM0). Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2016:3148", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html" + }, + { + "name": "MS16-154", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154" + }, + { + "name": "GLSA-201701-17", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-17" + }, + { + "name": "94873", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94873" + }, + { + "name": "1037442", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037442" + }, + { + "name": "RHSA-2016:2947", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2947.html" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html" + }, + { + "name": "openSUSE-SU-2016:3160", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8069.json b/2016/8xxx/CVE-2016-8069.json index f04d50fab51..58c879d9a90 100644 --- a/2016/8xxx/CVE-2016-8069.json +++ b/2016/8xxx/CVE-2016-8069.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8069", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8069", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8385.json b/2016/8xxx/CVE-2016-8385.json index fcbcf275f95..df9e5a294ad 100644 --- a/2016/8xxx/CVE-2016-8385.json +++ b/2016/8xxx/CVE-2016-8385.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "ID" : "CVE-2016-8385", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Argus", - "version" : { - "version_data" : [ - { - "version_value" : "6.6.04 (Sep 7 2012) NK" - } - ] - } - } - ] - }, - "vendor_name" : "Iceni" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable uninitialized variable vulnerability which leads to a stack-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF to XML a stack variable will be left uninitialized which will later be used to fetch a length that is used in a copy operation. In most cases this will allow an aggressor to write outside the bounds of a stack buffer which is used to contain colors. This can lead to code execution under the context of the account running the tool." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "PDF Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "ID": "CVE-2016-8385", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Argus", + "version": { + "version_data": [ + { + "version_value": "6.6.04 (Sep 7 2012) NK" + } + ] + } + } + ] + }, + "vendor_name": "Iceni" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.talosintelligence.com/reports/TALOS-2016-0210/", - "refsource" : "MISC", - "url" : "http://www.talosintelligence.com/reports/TALOS-2016-0210/" - }, - { - "name" : "96472", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96472" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable uninitialized variable vulnerability which leads to a stack-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF to XML a stack variable will be left uninitialized which will later be used to fetch a length that is used in a copy operation. In most cases this will allow an aggressor to write outside the bounds of a stack buffer which is used to contain colors. This can lead to code execution under the context of the account running the tool." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "PDF Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96472", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96472" + }, + { + "name": "http://www.talosintelligence.com/reports/TALOS-2016-0210/", + "refsource": "MISC", + "url": "http://www.talosintelligence.com/reports/TALOS-2016-0210/" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8644.json b/2016/8xxx/CVE-2016-8644.json index 2b53d0494de..5d10fd02458 100644 --- a/2016/8xxx/CVE-2016-8644.json +++ b/2016/8xxx/CVE-2016-8644.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-8644", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Moodle 2.x and 3.x", - "version" : { - "version_data" : [ - { - "version_value" : "Moodle 2.x and 3.x" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unspecified" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-8644", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Moodle 2.x and 3.x", + "version": { + "version_data": [ + { + "version_value": "Moodle 2.x and 3.x" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=343277", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=343277" - }, - { - "name" : "94458", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94458" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://moodle.org/mod/forum/discuss.php?d=343277", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=343277" + }, + { + "name": "94458", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94458" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8723.json b/2016/8xxx/CVE-2016-8723.json index 1f9968dc513..6bfa12b4cc6 100644 --- a/2016/8xxx/CVE-2016-8723.json +++ b/2016/8xxx/CVE-2016-8723.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "ID" : "CVE-2016-8723", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client", - "version" : { - "version_data" : [ - { - "version_value" : "1.1" - } - ] - } - } - ] - }, - "vendor_name" : "Moxa" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an '/' will cause a segmentation fault in the web server. An attacker can send any of a multitude of potentially unexpected HTTP get requests to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "ID": "CVE-2016-8723", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client", + "version": { + "version_data": [ + { + "version_value": "1.1" + } + ] + } + } + ] + }, + "vendor_name": "Moxa" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.talosintelligence.com/reports/TALOS-2016-0237/", - "refsource" : "MISC", - "url" : "http://www.talosintelligence.com/reports/TALOS-2016-0237/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an '/' will cause a segmentation fault in the web server. An attacker can send any of a multitude of potentially unexpected HTTP get requests to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.talosintelligence.com/reports/TALOS-2016-0237/", + "refsource": "MISC", + "url": "http://www.talosintelligence.com/reports/TALOS-2016-0237/" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8991.json b/2016/8xxx/CVE-2016-8991.json index 18dae63440d..89fb8b0952f 100644 --- a/2016/8xxx/CVE-2016-8991.json +++ b/2016/8xxx/CVE-2016-8991.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8991", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8991", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9611.json b/2016/9xxx/CVE-2016-9611.json index eaf27754a83..a0a9402548d 100644 --- a/2016/9xxx/CVE-2016-9611.json +++ b/2016/9xxx/CVE-2016-9611.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9611", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-9611", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9679.json b/2016/9xxx/CVE-2016-9679.json index ac1d1271242..0051bbede52 100644 --- a/2016/9xxx/CVE-2016-9679.json +++ b/2016/9xxx/CVE-2016-9679.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9679", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code by overwriting a function pointer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9679", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.citrix.com/article/CTX219580", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX219580" - }, - { - "name" : "95620", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95620" - }, - { - "name" : "1037625", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037625" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code by overwriting a function pointer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.citrix.com/article/CTX219580", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX219580" + }, + { + "name": "95620", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95620" + }, + { + "name": "1037625", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037625" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9725.json b/2016/9xxx/CVE-2016-9725.json index 2bda1760abd..b97df215f30 100644 --- a/2016/9xxx/CVE-2016-9725.json +++ b/2016/9xxx/CVE-2016-9725.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-9725", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "QRadar SIEM", - "version" : { - "version_data" : [ - { - "version_value" : "7.1 MR1" - }, - { - "version_value" : "7.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.2" - }, - { - "version_value" : "7.1 MR2" - }, - { - "version_value" : "7" - }, - { - "version_value" : "7.1 MR2" - }, - { - "version_value" : "7.2.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM QRadar Incident Forensics 7.2 allows for Cross-Origin Resource Sharing (CORS), which is a mechanism that allows web sites to request resources from external sites, avoiding the need to duplicate them. IBM Reference #: 1999539." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-9725", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "QRadar SIEM", + "version": { + "version_data": [ + { + "version_value": "7.1 MR1" + }, + { + "version_value": "7.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.2" + }, + { + "version_value": "7.1 MR2" + }, + { + "version_value": "7" + }, + { + "version_value": "7.1 MR2" + }, + { + "version_value": "7.2.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21999539", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21999539" - }, - { - "name" : "96530", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96530" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM QRadar Incident Forensics 7.2 allows for Cross-Origin Resource Sharing (CORS), which is a mechanism that allows web sites to request resources from external sites, avoiding the need to duplicate them. IBM Reference #: 1999539." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21999539", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21999539" + }, + { + "name": "96530", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96530" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9769.json b/2016/9xxx/CVE-2016-9769.json index 17b057a107a..b35e71da263 100644 --- a/2016/9xxx/CVE-2016-9769.json +++ b/2016/9xxx/CVE-2016-9769.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9769", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-9769", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2534.json b/2019/2xxx/CVE-2019-2534.json index 192457bc86a..2bf45de3f34 100644 --- a/2019/2xxx/CVE-2019-2534.json +++ b/2019/2xxx/CVE-2019-2534.json @@ -1,86 +1,86 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2534", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.6.42 and prior" - }, - { - "version_affected" : "=", - "version_value" : "5.7.24 and prior" - }, - { - "version_affected" : "=", - "version_value" : "8.0.13 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data as well as unauthorized update, insert or delete access to some of MySQL Server accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2534", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.6.42 and prior" + }, + { + "version_affected": "=", + "version_value": "5.7.24 and prior" + }, + { + "version_affected": "=", + "version_value": "8.0.13 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20190118-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20190118-0002/" - }, - { - "name" : "USN-3867-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3867-1/" - }, - { - "name" : "106619", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106619" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data as well as unauthorized update, insert or delete access to some of MySQL Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106619", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106619" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "USN-3867-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3867-1/" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20190118-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20190118-0002/" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2546.json b/2019/2xxx/CVE-2019-2546.json index 53517c79345..16f3530787f 100644 --- a/2019/2xxx/CVE-2019-2546.json +++ b/2019/2xxx/CVE-2019-2546.json @@ -1,100 +1,100 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2546", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Applications Manager", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.1.1" - }, - { - "version_affected" : "=", - "version_value" : "12.1.2" - }, - { - "version_affected" : "=", - "version_value" : "12.1.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.4" - }, - { - "version_affected" : "=", - "version_value" : "12.2.5" - }, - { - "version_affected" : "=", - "version_value" : "12.2.6" - }, - { - "version_affected" : "=", - "version_value" : "12.2.7" - }, - { - "version_affected" : "=", - "version_value" : "12.2.8" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: SQL Extensions). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Manager accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Manager accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2546", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Applications Manager", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.1.1" + }, + { + "version_affected": "=", + "version_value": "12.1.2" + }, + { + "version_affected": "=", + "version_value": "12.1.3" + }, + { + "version_affected": "=", + "version_value": "12.2.3" + }, + { + "version_affected": "=", + "version_value": "12.2.4" + }, + { + "version_affected": "=", + "version_value": "12.2.5" + }, + { + "version_affected": "=", + "version_value": "12.2.6" + }, + { + "version_affected": "=", + "version_value": "12.2.7" + }, + { + "version_affected": "=", + "version_value": "12.2.8" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "106620", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106620" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: SQL Extensions). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Manager accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Manager accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106620", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106620" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2608.json b/2019/2xxx/CVE-2019-2608.json index 1ea1f6e58a9..9bfc10169f7 100644 --- a/2019/2xxx/CVE-2019-2608.json +++ b/2019/2xxx/CVE-2019-2608.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2608", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2608", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2873.json b/2019/2xxx/CVE-2019-2873.json index 96d1d72aef6..c3f5b21261c 100644 --- a/2019/2xxx/CVE-2019-2873.json +++ b/2019/2xxx/CVE-2019-2873.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2873", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2873", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file