From 3c26a7e06b70eaa3f2d82eed7eefe2c936431850 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 01:49:25 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/5xxx/CVE-2006-5209.json | 130 +++---- 2006/5xxx/CVE-2006-5234.json | 160 ++++----- 2006/5xxx/CVE-2006-5314.json | 170 ++++----- 2006/5xxx/CVE-2006-5657.json | 140 ++++---- 2006/5xxx/CVE-2006-5794.json | 400 ++++++++++----------- 2007/2xxx/CVE-2007-2149.json | 150 ++++---- 2007/2xxx/CVE-2007-2498.json | 170 ++++----- 2007/2xxx/CVE-2007-2728.json | 200 +++++------ 2007/2xxx/CVE-2007-2789.json | 640 ++++++++++++++++----------------- 2007/2xxx/CVE-2007-2825.json | 160 ++++----- 2007/2xxx/CVE-2007-2916.json | 190 +++++----- 2007/3xxx/CVE-2007-3252.json | 150 ++++---- 2007/3xxx/CVE-2007-3255.json | 210 +++++------ 2007/6xxx/CVE-2007-6269.json | 190 +++++----- 2007/6xxx/CVE-2007-6710.json | 34 +- 2010/0xxx/CVE-2010-0505.json | 150 ++++---- 2010/0xxx/CVE-2010-0665.json | 130 +++---- 2010/0xxx/CVE-2010-0718.json | 130 +++---- 2010/0xxx/CVE-2010-0965.json | 150 ++++---- 2010/1xxx/CVE-2010-1042.json | 130 +++---- 2010/1xxx/CVE-2010-1477.json | 170 ++++----- 2010/1xxx/CVE-2010-1579.json | 130 +++---- 2010/1xxx/CVE-2010-1834.json | 140 ++++---- 2010/5xxx/CVE-2010-5301.json | 140 ++++---- 2014/0xxx/CVE-2014-0176.json | 120 +++---- 2014/0xxx/CVE-2014-0268.json | 170 ++++----- 2014/0xxx/CVE-2014-0288.json | 170 ++++----- 2014/0xxx/CVE-2014-0445.json | 170 ++++----- 2014/0xxx/CVE-2014-0867.json | 170 ++++----- 2014/0xxx/CVE-2014-0960.json | 140 ++++---- 2014/1xxx/CVE-2014-1418.json | 180 +++++----- 2014/4xxx/CVE-2014-4161.json | 150 ++++---- 2014/4xxx/CVE-2014-4325.json | 120 +++---- 2014/4xxx/CVE-2014-4760.json | 160 ++++----- 2014/5xxx/CVE-2014-5012.json | 34 +- 2014/5xxx/CVE-2014-5227.json | 34 +- 2014/5xxx/CVE-2014-5576.json | 140 ++++---- 2016/10xxx/CVE-2016-10238.json | 140 ++++---- 2016/10xxx/CVE-2016-10293.json | 130 +++---- 2016/10xxx/CVE-2016-10443.json | 132 +++---- 2016/3xxx/CVE-2016-3343.json | 140 ++++---- 2016/3xxx/CVE-2016-3606.json | 350 +++++++++--------- 2016/3xxx/CVE-2016-3736.json | 34 +- 2016/7xxx/CVE-2016-7016.json | 140 ++++---- 2016/8xxx/CVE-2016-8124.json | 34 +- 2016/8xxx/CVE-2016-8538.json | 34 +- 2016/8xxx/CVE-2016-8609.json | 182 +++++----- 2016/8xxx/CVE-2016-8698.json | 160 ++++----- 2016/9xxx/CVE-2016-9003.json | 34 +- 2016/9xxx/CVE-2016-9372.json | 160 ++++----- 2016/9xxx/CVE-2016-9640.json | 34 +- 2016/9xxx/CVE-2016-9693.json | 250 ++++++------- 2016/9xxx/CVE-2016-9951.json | 170 ++++----- 2019/2xxx/CVE-2019-2328.json | 34 +- 2019/2xxx/CVE-2019-2455.json | 168 ++++----- 2019/2xxx/CVE-2019-2605.json | 34 +- 2019/2xxx/CVE-2019-2877.json | 34 +- 2019/6xxx/CVE-2019-6352.json | 34 +- 2019/6xxx/CVE-2019-6576.json | 34 +- 2019/6xxx/CVE-2019-6732.json | 34 +- 60 files changed, 4309 insertions(+), 4309 deletions(-) diff --git a/2006/5xxx/CVE-2006-5209.json b/2006/5xxx/CVE-2006-5209.json index ef5359c7cb1..1154348e6f1 100644 --- a/2006/5xxx/CVE-2006-5209.json +++ b/2006/5xxx/CVE-2006-5209.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5209", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Admin Topic Action Logging Mod 0.95 and earlier, as used in phpBB 2.0 up to 2.0.21, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5209", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2475", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2475/" - }, - { - "name" : "phpbb-setmodules-file-include(29345)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29345" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Admin Topic Action Logging Mod 0.95 and earlier, as used in phpBB 2.0 up to 2.0.21, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpbb-setmodules-file-include(29345)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29345" + }, + { + "name": "2475", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2475/" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5234.json b/2006/5xxx/CVE-2006-5234.json index 87d1d60a941..f98dafb82b7 100644 --- a/2006/5xxx/CVE-2006-5234.json +++ b/2006/5xxx/CVE-2006-5234.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5234", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in phpWebSite 0.10.2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPWS_SOURCE_DIR parameter in (1) init.php, (2) users.php, (3) Cookie.php, (4) forms.php, (5) Groups.php, (6) ModSetting.php, (7) Calendar.php, (8) DateTime.php, (9) core.php, (10) ImgLibrary.php, (11) Manager.php, and (12) Template.php, and (13) EZform.php. NOTE: CVE disputes this report, since \"PHPWS_SOURCE_DIR\" is defined as a constant, not accessed as a variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5234", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061009 phpWebSite 0.10.2 Remote File Include Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/448098/100/0/threaded" - }, - { - "name" : "20061011 Re: phpWebSite 0.10.2 Remote File Include Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/448307/100/100/threaded" - }, - { - "name" : "20061010 phpWebSite 0.10.2 RFI - CVE dispute", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2006-October/001079.html" - }, - { - "name" : "20412", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20412" - }, - { - "name" : "1716", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1716" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in phpWebSite 0.10.2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPWS_SOURCE_DIR parameter in (1) init.php, (2) users.php, (3) Cookie.php, (4) forms.php, (5) Groups.php, (6) ModSetting.php, (7) Calendar.php, (8) DateTime.php, (9) core.php, (10) ImgLibrary.php, (11) Manager.php, and (12) Template.php, and (13) EZform.php. NOTE: CVE disputes this report, since \"PHPWS_SOURCE_DIR\" is defined as a constant, not accessed as a variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1716", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1716" + }, + { + "name": "20061009 phpWebSite 0.10.2 Remote File Include Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/448098/100/0/threaded" + }, + { + "name": "20412", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20412" + }, + { + "name": "20061010 phpWebSite 0.10.2 RFI - CVE dispute", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2006-October/001079.html" + }, + { + "name": "20061011 Re: phpWebSite 0.10.2 Remote File Include Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/448307/100/100/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5314.json b/2006/5xxx/CVE-2006-5314.json index 3cccad18fe7..706a91c4227 100644 --- a/2006/5xxx/CVE-2006-5314.json +++ b/2006/5xxx/CVE-2006-5314.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5314", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in ftag.php in TribunaLibre 3.12 Beta allows remote attackers to execute arbitrary PHP code via a URL in the mostrar parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5314", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061007 7 php scripts File Inclusion / Source disclosure Vuln", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/448096/100/0/threaded" - }, - { - "name" : "http://acid-root.new.fr/poc/13061007.txt", - "refsource" : "MISC", - "url" : "http://acid-root.new.fr/poc/13061007.txt" - }, - { - "name" : "2501", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2501" - }, - { - "name" : "20443", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20443" - }, - { - "name" : "1734", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1734" - }, - { - "name" : "tribunalibre-ftag-file-include(29415)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29415" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in ftag.php in TribunaLibre 3.12 Beta allows remote attackers to execute arbitrary PHP code via a URL in the mostrar parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1734", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1734" + }, + { + "name": "2501", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2501" + }, + { + "name": "20443", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20443" + }, + { + "name": "http://acid-root.new.fr/poc/13061007.txt", + "refsource": "MISC", + "url": "http://acid-root.new.fr/poc/13061007.txt" + }, + { + "name": "tribunalibre-ftag-file-include(29415)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29415" + }, + { + "name": "20061007 7 php scripts File Inclusion / Source disclosure Vuln", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/448096/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5657.json b/2006/5xxx/CVE-2006-5657.json index 64f53da070d..de9b80b517e 100644 --- a/2006/5xxx/CVE-2006-5657.json +++ b/2006/5xxx/CVE-2006-5657.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5657", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple off-by-one errors in src/text.c in Vilistextum before 2.6.9 have unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5657", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/forum/forum.php?forum_id=626024", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/forum/forum.php?forum_id=626024" - }, - { - "name" : "20813", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20813" - }, - { - "name" : "ADV-2006-4253", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4253" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple off-by-one errors in src/text.c in Vilistextum before 2.6.9 have unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/forum/forum.php?forum_id=626024", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/forum/forum.php?forum_id=626024" + }, + { + "name": "ADV-2006-4253", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4253" + }, + { + "name": "20813", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20813" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5794.json b/2006/5xxx/CVE-2006-5794.json index 106189606d6..e2cd7bdc615 100644 --- a/2006/5xxx/CVE-2006-5794.json +++ b/2006/5xxx/CVE-2006-5794.json @@ -1,202 +1,202 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5794", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-5794", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061109 rPSA-2006-0207-1 openssh openssh-client openssh-server", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451100/100/0/threaded" - }, - { - "name" : "http://www.openssh.org/txt/release-4.5", - "refsource" : "CONFIRM", - "url" : "http://www.openssh.org/txt/release-4.5" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=461854&group_id=69227", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=461854&group_id=69227" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-766", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-766" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227" - }, - { - "name" : "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html" - }, - { - "name" : "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-048.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-048.htm" - }, - { - "name" : "MDKSA-2006:204", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:204" - }, - { - "name" : "OpenPKG-SA-2006.032", - "refsource" : "OPENPKG", - "url" : "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.032-openssh.html" - }, - { - "name" : "RHSA-2006:0738", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2006-0738.html" - }, - { - "name" : "20061201-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc" - }, - { - "name" : "SUSE-SR:2006:026", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_26_sr.html" - }, - { - "name" : "20956", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20956" - }, - { - "name" : "oval:org.mitre.oval:def:11840", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11840" - }, - { - "name" : "ADV-2006-4399", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4399" - }, - { - "name" : "ADV-2006-4400", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4400" - }, - { - "name" : "1017183", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017183" - }, - { - "name" : "22771", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22771" - }, - { - "name" : "22773", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22773" - }, - { - "name" : "22778", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22778" - }, - { - "name" : "22814", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22814" - }, - { - "name" : "22772", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22772" - }, - { - "name" : "22872", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22872" - }, - { - "name" : "23513", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23513" - }, - { - "name" : "23680", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23680" - }, - { - "name" : "24055", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24055" - }, - { - "name" : "22932", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22932" - }, - { - "name" : "openssh-separation-verificaton-weakness(30120)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30120" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1017183", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017183" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=461854&group_id=69227", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=461854&group_id=69227" + }, + { + "name": "22932", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22932" + }, + { + "name": "22773", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22773" + }, + { + "name": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227" + }, + { + "name": "https://issues.rpath.com/browse/RPL-766", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-766" + }, + { + "name": "22872", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22872" + }, + { + "name": "22772", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22772" + }, + { + "name": "ADV-2006-4399", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4399" + }, + { + "name": "23513", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23513" + }, + { + "name": "23680", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23680" + }, + { + "name": "SUSE-SR:2006:026", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_26_sr.html" + }, + { + "name": "24055", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24055" + }, + { + "name": "22771", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22771" + }, + { + "name": "openssh-separation-verificaton-weakness(30120)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30120" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-048.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-048.htm" + }, + { + "name": "ADV-2006-4400", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4400" + }, + { + "name": "20061109 rPSA-2006-0207-1 openssh openssh-client openssh-server", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451100/100/0/threaded" + }, + { + "name": "22778", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22778" + }, + { + "name": "22814", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22814" + }, + { + "name": "oval:org.mitre.oval:def:11840", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11840" + }, + { + "name": "20956", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20956" + }, + { + "name": "MDKSA-2006:204", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:204" + }, + { + "name": "http://www.openssh.org/txt/release-4.5", + "refsource": "CONFIRM", + "url": "http://www.openssh.org/txt/release-4.5" + }, + { + "name": "20061201-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc" + }, + { + "name": "OpenPKG-SA-2006.032", + "refsource": "OPENPKG", + "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.032-openssh.html" + }, + { + "name": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html" + }, + { + "name": "RHSA-2006:0738", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2006-0738.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2149.json b/2007/2xxx/CVE-2007-2149.json index b8adb8cb8a7..be22aa0fbd6 100644 --- a/2007/2xxx/CVE-2007-2149.json +++ b/2007/2xxx/CVE-2007-2149.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2149", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier stores usernames and unencrypted passwords in (1) classes/vars.php and (2) classes/varstuff.php, and recommends 0666 or 0777 permissions for these files, which allows local users to gain privileges by reading the files, and allows remote attackers to obtain credentials via a direct request for admin/options.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2149", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070412 Chatness <= 2.5.3 - Arbitrary Code Execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/465547/100/0/threaded" - }, - { - "name" : "ADV-2007-1386", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1386" - }, - { - "name" : "24873", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24873" - }, - { - "name" : "2595", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2595" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier stores usernames and unencrypted passwords in (1) classes/vars.php and (2) classes/varstuff.php, and recommends 0666 or 0777 permissions for these files, which allows local users to gain privileges by reading the files, and allows remote attackers to obtain credentials via a direct request for admin/options.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070412 Chatness <= 2.5.3 - Arbitrary Code Execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/465547/100/0/threaded" + }, + { + "name": "24873", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24873" + }, + { + "name": "ADV-2007-1386", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1386" + }, + { + "name": "2595", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2595" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2498.json b/2007/2xxx/CVE-2007-2498.json index 93bd63a0b24..7df8b285a00 100644 --- a/2007/2xxx/CVE-2007-2498.json +++ b/2007/2xxx/CVE-2007-2498.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2498", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote attackers to execute arbitrary code via a certain .MP4 file. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2498", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3823", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3823" - }, - { - "name" : "23723", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23723" - }, - { - "name" : "ADV-2007-1594", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1594" - }, - { - "name" : "1017993", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017993" - }, - { - "name" : "25089", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25089" - }, - { - "name" : "winamp-mp4-code-execution(34030)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34030" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote attackers to execute arbitrary code via a certain .MP4 file. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1017993", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017993" + }, + { + "name": "winamp-mp4-code-execution(34030)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34030" + }, + { + "name": "25089", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25089" + }, + { + "name": "23723", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23723" + }, + { + "name": "ADV-2007-1594", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1594" + }, + { + "name": "3823", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3823" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2728.json b/2007/2xxx/CVE-2007-2728.json index 5a0dc18e702..87b54587426 100644 --- a/2007/2xxx/CVE-2007-2728.json +++ b/2007/2xxx/CVE-2007-2728.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2728", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The soap extension in PHP calls php_rand_r with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcrypt_create_iv issue covered by CVE-2007-2727." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2728", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.php-security.org/archives/80-Watching-the-PHP-CVS.html", - "refsource" : "MISC", - "url" : "http://blog.php-security.org/archives/80-Watching-the-PHP-CVS.html" - }, - { - "name" : "MDKSA-2007:187", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:187" - }, - { - "name" : "SUSE-SR:2007:015", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_15_sr.html" - }, - { - "name" : "USN-485-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-485-1" - }, - { - "name" : "36086", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36086" - }, - { - "name" : "ADV-2007-1839", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1839" - }, - { - "name" : "25306", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25306" - }, - { - "name" : "26102", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26102" - }, - { - "name" : "26895", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26895" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The soap extension in PHP calls php_rand_r with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcrypt_create_iv issue covered by CVE-2007-2727." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25306", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25306" + }, + { + "name": "http://blog.php-security.org/archives/80-Watching-the-PHP-CVS.html", + "refsource": "MISC", + "url": "http://blog.php-security.org/archives/80-Watching-the-PHP-CVS.html" + }, + { + "name": "ADV-2007-1839", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1839" + }, + { + "name": "USN-485-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-485-1" + }, + { + "name": "MDKSA-2007:187", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:187" + }, + { + "name": "26895", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26895" + }, + { + "name": "26102", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26102" + }, + { + "name": "36086", + "refsource": "OSVDB", + "url": "http://osvdb.org/36086" + }, + { + "name": "SUSE-SR:2007:015", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2789.json b/2007/2xxx/CVE-2007-2789.json index 4fc7901faba..06b09b1907e 100644 --- a/2007/2xxx/CVE-2007-2789.json +++ b/2007/2xxx/CVE-2007-2789.json @@ -1,322 +1,322 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2789", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier, when running on Unix/Linux systems, allows remote attackers to cause a denial of service (JVM hang) via untrusted applets or applications that open arbitrary local files via a crafted BMP file, such as /dev/tty." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2789", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://scary.beasts.org/security/CESA-2006-004.html", - "refsource" : "MISC", - "url" : "http://scary.beasts.org/security/CESA-2006-004.html" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=307177", - "refsource" : "MISC", - "url" : "http://docs.info.apple.com/article.html?artnum=307177" - }, - { - "name" : "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html" - }, - { - "name" : "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html" - }, - { - "name" : "APPLE-SA-2007-12-14", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html" - }, - { - "name" : "BEA07-177.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/248" - }, - { - "name" : "GLSA-200705-23", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml" - }, - { - "name" : "GLSA-200706-08", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200706-08.xml" - }, - { - "name" : "GLSA-200709-15", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml" - }, - { - "name" : "GLSA-200804-20", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" - }, - { - "name" : "GLSA-200804-28", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200804-28.xml" - }, - { - "name" : "GLSA-200806-11", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" - }, - { - "name" : "RHSA-2007:0829", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0829.html" - }, - { - "name" : "RHSA-2007:0956", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0956.html" - }, - { - "name" : "RHSA-2007:1086", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-1086.html" - }, - { - "name" : "RHSA-2007:0817", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0817.html" - }, - { - "name" : "RHSA-2008:0100", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0100.html" - }, - { - "name" : "RHSA-2008:0261", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0261.html" - }, - { - "name" : "RHSA-2008:0133", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0133.html" - }, - { - "name" : "102934", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1" - }, - { - "name" : "200856", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200856-1" - }, - { - "name" : "SUSE-SA:2007:045", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_45_java.html" - }, - { - "name" : "SUSE-SA:2007:056", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html" - }, - { - "name" : "20070703 Sun JDK Confusion", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2007-July/001696.html" - }, - { - "name" : "20070704 [theall at tenablesecurity.com: Sun JDK Confusion] (fwd)", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2007-July/001697.html" - }, - { - "name" : "20070711 Sun JDK Confusion", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2007-July/001708.html" - }, - { - "name" : "20071218 Sun JDK Confusion Revisited", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2007-December/001862.html" - }, - { - "name" : "24004", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24004" - }, - { - "name" : "oval:org.mitre.oval:def:10800", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10800" - }, - { - "name" : "ADV-2007-1836", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1836" - }, - { - "name" : "ADV-2007-3009", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3009" - }, - { - "name" : "ADV-2007-4224", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4224" - }, - { - "name" : "1018182", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018182" - }, - { - "name" : "25295", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25295" - }, - { - "name" : "25474", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25474" - }, - { - "name" : "25832", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25832" - }, - { - "name" : "26049", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26049" - }, - { - "name" : "26119", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26119" - }, - { - "name" : "26369", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26369" - }, - { - "name" : "26933", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26933" - }, - { - "name" : "27203", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27203" - }, - { - "name" : "27266", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27266" - }, - { - "name" : "26645", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26645" - }, - { - "name" : "28056", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28056" - }, - { - "name" : "26311", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26311" - }, - { - "name" : "26631", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26631" - }, - { - "name" : "28115", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28115" - }, - { - "name" : "29340", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29340" - }, - { - "name" : "29858", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29858" - }, - { - "name" : "30780", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30780" - }, - { - "name" : "30805", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30805" - }, - { - "name" : "sunjava-bmp-dos(34320)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34320" - }, - { - "name" : "sun-java-virtual-machine-dos(34654)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34654" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier, when running on Unix/Linux systems, allows remote attackers to cause a denial of service (JVM hang) via untrusted applets or applications that open arbitrary local files via a crafted BMP file, such as /dev/tty." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26933", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26933" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=307177", + "refsource": "MISC", + "url": "http://docs.info.apple.com/article.html?artnum=307177" + }, + { + "name": "sun-java-virtual-machine-dos(34654)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34654" + }, + { + "name": "oval:org.mitre.oval:def:10800", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10800" + }, + { + "name": "26049", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26049" + }, + { + "name": "BEA07-177.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/248" + }, + { + "name": "26311", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26311" + }, + { + "name": "20070703 Sun JDK Confusion", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2007-July/001696.html" + }, + { + "name": "200856", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200856-1" + }, + { + "name": "http://scary.beasts.org/security/CESA-2006-004.html", + "refsource": "MISC", + "url": "http://scary.beasts.org/security/CESA-2006-004.html" + }, + { + "name": "30805", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30805" + }, + { + "name": "GLSA-200705-23", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml" + }, + { + "name": "24004", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24004" + }, + { + "name": "20071218 Sun JDK Confusion Revisited", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2007-December/001862.html" + }, + { + "name": "26369", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26369" + }, + { + "name": "GLSA-200804-28", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml" + }, + { + "name": "102934", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1" + }, + { + "name": "28056", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28056" + }, + { + "name": "29858", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29858" + }, + { + "name": "SUSE-SA:2007:045", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_45_java.html" + }, + { + "name": "ADV-2007-1836", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1836" + }, + { + "name": "sunjava-bmp-dos(34320)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34320" + }, + { + "name": "APPLE-SA-2007-12-14", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html" + }, + { + "name": "RHSA-2008:0100", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0100.html" + }, + { + "name": "RHSA-2007:0956", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0956.html" + }, + { + "name": "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html" + }, + { + "name": "RHSA-2007:0817", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0817.html" + }, + { + "name": "26645", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26645" + }, + { + "name": "26119", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26119" + }, + { + "name": "25832", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25832" + }, + { + "name": "ADV-2007-4224", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4224" + }, + { + "name": "GLSA-200706-08", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200706-08.xml" + }, + { + "name": "30780", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30780" + }, + { + "name": "25295", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25295" + }, + { + "name": "ADV-2007-3009", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3009" + }, + { + "name": "27266", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27266" + }, + { + "name": "SUSE-SA:2007:056", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html" + }, + { + "name": "20070711 Sun JDK Confusion", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2007-July/001708.html" + }, + { + "name": "GLSA-200709-15", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml" + }, + { + "name": "28115", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28115" + }, + { + "name": "1018182", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018182" + }, + { + "name": "RHSA-2008:0261", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" + }, + { + "name": "29340", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29340" + }, + { + "name": "25474", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25474" + }, + { + "name": "RHSA-2007:1086", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-1086.html" + }, + { + "name": "27203", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27203" + }, + { + "name": "20070704 [theall at tenablesecurity.com: Sun JDK Confusion] (fwd)", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2007-July/001697.html" + }, + { + "name": "GLSA-200804-20", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" + }, + { + "name": "GLSA-200806-11", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" + }, + { + "name": "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html" + }, + { + "name": "RHSA-2007:0829", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0829.html" + }, + { + "name": "26631", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26631" + }, + { + "name": "RHSA-2008:0133", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0133.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2825.json b/2007/2xxx/CVE-2007-2825.json index 7d628a2d97b..2b4b0452952 100644 --- a/2007/2xxx/CVE-2007-2825.json +++ b/2007/2xxx/CVE-2007-2825.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2825", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in ReadMsg.php in @Mail 5.02 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) links and (2) images." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2825", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://terra.calacode.com/mail/docs/changelog.html", - "refsource" : "CONFIRM", - "url" : "http://terra.calacode.com/mail/docs/changelog.html" - }, - { - "name" : "24260", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24260" - }, - { - "name" : "36826", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36826" - }, - { - "name" : "25506", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25506" - }, - { - "name" : "atmail-readmsg-xss(34376)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34376" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in ReadMsg.php in @Mail 5.02 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) links and (2) images." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://terra.calacode.com/mail/docs/changelog.html", + "refsource": "CONFIRM", + "url": "http://terra.calacode.com/mail/docs/changelog.html" + }, + { + "name": "atmail-readmsg-xss(34376)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34376" + }, + { + "name": "24260", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24260" + }, + { + "name": "25506", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25506" + }, + { + "name": "36826", + "refsource": "OSVDB", + "url": "http://osvdb.org/36826" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2916.json b/2007/2xxx/CVE-2007-2916.json index 8f90d4be588..ece62648305 100644 --- a/2007/2xxx/CVE-2007-2916.json +++ b/2007/2xxx/CVE-2007-2916.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2916", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in showown.php in GMTT Music Distro 1.2 allows remote attackers to inject arbitrary web script or HTML via the st parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2916", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070522 GMTT Music Distro 1.2 XSS Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/469269/100/0/threaded" - }, - { - "name" : "20070522 GMTT Music Distro 1.2 Vulnerable to XSS", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063515.html" - }, - { - "name" : "24108", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24108" - }, - { - "name" : "36571", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36571" - }, - { - "name" : "ADV-2007-1938", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1938" - }, - { - "name" : "25385", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25385" - }, - { - "name" : "2745", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2745" - }, - { - "name" : "gmttmusicdistro-showown-xss(34440)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34440" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in showown.php in GMTT Music Distro 1.2 allows remote attackers to inject arbitrary web script or HTML via the st parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25385", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25385" + }, + { + "name": "36571", + "refsource": "OSVDB", + "url": "http://osvdb.org/36571" + }, + { + "name": "20070522 GMTT Music Distro 1.2 XSS Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/469269/100/0/threaded" + }, + { + "name": "2745", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2745" + }, + { + "name": "ADV-2007-1938", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1938" + }, + { + "name": "24108", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24108" + }, + { + "name": "gmttmusicdistro-showown-xss(34440)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34440" + }, + { + "name": "20070522 GMTT Music Distro 1.2 Vulnerable to XSS", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063515.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3252.json b/2007/3xxx/CVE-2007-3252.json index fc9a3961443..112bb5c2fb1 100644 --- a/2007/3xxx/CVE-2007-3252.json +++ b/2007/3xxx/CVE-2007-3252.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3252", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PortalApp stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for 8691.mdb, a different vector than CVE-2004-1786." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3252", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070614 ByPass In PortalApp", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/471411/100/0/threaded" - }, - { - "name" : "39736", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39736" - }, - { - "name" : "2808", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2808" - }, - { - "name" : "portalapp-8691-information-disclosure(34874)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34874" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PortalApp stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for 8691.mdb, a different vector than CVE-2004-1786." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070614 ByPass In PortalApp", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/471411/100/0/threaded" + }, + { + "name": "39736", + "refsource": "OSVDB", + "url": "http://osvdb.org/39736" + }, + { + "name": "2808", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2808" + }, + { + "name": "portalapp-8691-information-disclosure(34874)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34874" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3255.json b/2007/3xxx/CVE-2007-3255.json index 1703a230a3a..97ca6496de9 100644 --- a/2007/3xxx/CVE-2007-3255.json +++ b/2007/3xxx/CVE-2007-3255.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3255", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Xythos Enterprise Document Manager (XEDM) before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to execute commands as arbitrary users via (1) a saved Workflow name or (2) the Content-Type HTTP header. NOTE: item 2 also affects the same version numbers of Xythos Digital Locker (XDL). One or both vectors might also affect Xythos WebFile Server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3255", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070622 SYMSA-2007-004: Multiple Vulnerabilities in Xythos Server Products", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/472275/100/0/threaded" - }, - { - "name" : "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-004.txt", - "refsource" : "MISC", - "url" : "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-004.txt" - }, - { - "name" : "24521", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24521" - }, - { - "name" : "37615", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37615" - }, - { - "name" : "37616", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37616" - }, - { - "name" : "1018291", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018291" - }, - { - "name" : "1018292", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018292" - }, - { - "name" : "25783", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25783" - }, - { - "name" : "2845", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2845" - }, - { - "name" : "xedm-multiple-csrf(35084)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35084" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Xythos Enterprise Document Manager (XEDM) before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to execute commands as arbitrary users via (1) a saved Workflow name or (2) the Content-Type HTTP header. NOTE: item 2 also affects the same version numbers of Xythos Digital Locker (XDL). One or both vectors might also affect Xythos WebFile Server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070622 SYMSA-2007-004: Multiple Vulnerabilities in Xythos Server Products", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/472275/100/0/threaded" + }, + { + "name": "24521", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24521" + }, + { + "name": "37616", + "refsource": "OSVDB", + "url": "http://osvdb.org/37616" + }, + { + "name": "25783", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25783" + }, + { + "name": "1018292", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018292" + }, + { + "name": "xedm-multiple-csrf(35084)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35084" + }, + { + "name": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-004.txt", + "refsource": "MISC", + "url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-004.txt" + }, + { + "name": "2845", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2845" + }, + { + "name": "1018291", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018291" + }, + { + "name": "37615", + "refsource": "OSVDB", + "url": "http://osvdb.org/37615" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6269.json b/2007/6xxx/CVE-2007-6269.json index e7f3a92feab..9289d89df0c 100644 --- a/2007/6xxx/CVE-2007-6269.json +++ b/2007/6xxx/CVE-2007-6269.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6269", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in xlaabsolutenm.aspx in Absolute News Manager.NET 5.1 allow remote attackers to execute arbitrary SQL commands via the (1) z, (2) pz, (3) ord, and (4) sort parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6269", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071204 PR07-39: Multiple vulnerabilities on Absolute News Manager.NET", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=119678724111351&w=2" - }, - { - "name" : "http://www.procheckup.com/Vulnerability_PR07-39.php", - "refsource" : "MISC", - "url" : "http://www.procheckup.com/Vulnerability_PR07-39.php" - }, - { - "name" : "http://www.xigla.com/news/default.aspx", - "refsource" : "CONFIRM", - "url" : "http://www.xigla.com/news/default.aspx" - }, - { - "name" : "http://www.xigla.com/security/ANMNET51-SecurityUpdate20071128.zip", - "refsource" : "CONFIRM", - "url" : "http://www.xigla.com/security/ANMNET51-SecurityUpdate20071128.zip" - }, - { - "name" : "26692", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26692" - }, - { - "name" : "40576", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40576" - }, - { - "name" : "27923", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27923" - }, - { - "name" : "absolutenewsmanager-multiple-sql-injection(38871)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38871" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in xlaabsolutenm.aspx in Absolute News Manager.NET 5.1 allow remote attackers to execute arbitrary SQL commands via the (1) z, (2) pz, (3) ord, and (4) sort parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.procheckup.com/Vulnerability_PR07-39.php", + "refsource": "MISC", + "url": "http://www.procheckup.com/Vulnerability_PR07-39.php" + }, + { + "name": "absolutenewsmanager-multiple-sql-injection(38871)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38871" + }, + { + "name": "40576", + "refsource": "OSVDB", + "url": "http://osvdb.org/40576" + }, + { + "name": "http://www.xigla.com/news/default.aspx", + "refsource": "CONFIRM", + "url": "http://www.xigla.com/news/default.aspx" + }, + { + "name": "http://www.xigla.com/security/ANMNET51-SecurityUpdate20071128.zip", + "refsource": "CONFIRM", + "url": "http://www.xigla.com/security/ANMNET51-SecurityUpdate20071128.zip" + }, + { + "name": "26692", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26692" + }, + { + "name": "20071204 PR07-39: Multiple vulnerabilities on Absolute News Manager.NET", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=119678724111351&w=2" + }, + { + "name": "27923", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27923" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6710.json b/2007/6xxx/CVE-2007-6710.json index 7ea5a6dc07c..6107a23e82d 100644 --- a/2007/6xxx/CVE-2007-6710.json +++ b/2007/6xxx/CVE-2007-6710.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6710", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6710", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0505.json b/2010/0xxx/CVE-2010-0505.json index 451f3274149..84f11267b24 100644 --- a/2010/0xxx/CVE-2010-0505.json +++ b/2010/0xxx/CVE-2010-0505.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0505", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 (JPEG2000) image, related to incorrect calculation and the CGImageReadGetBytesAtOffset function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-0505", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100405 ZDI-10-058: Apple Mac OS X ImageIO Framework JPEG2000 Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/510539/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-058", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-058" - }, - { - "name" : "http://support.apple.com/kb/HT4077", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4077" - }, - { - "name" : "APPLE-SA-2010-03-29-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 (JPEG2000) image, related to incorrect calculation and the CGImageReadGetBytesAtOffset function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100405 ZDI-10-058: Apple Mac OS X ImageIO Framework JPEG2000 Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/510539/100/0/threaded" + }, + { + "name": "APPLE-SA-2010-03-29-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-058", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-058" + }, + { + "name": "http://support.apple.com/kb/HT4077", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4077" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0665.json b/2010/0xxx/CVE-2010-0665.json index a658775dc74..d195136dd2a 100644 --- a/2010/0xxx/CVE-2010-0665.json +++ b/2010/0xxx/CVE-2010-0665.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0665", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "JAG (Just Another Guestbook) 1.14 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request for jag/database.sql." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0665", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "11406", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11406" - }, - { - "name" : "jag-database-info-disclosure(56228)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56228" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "JAG (Just Another Guestbook) 1.14 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request for jag/database.sql." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "jag-database-info-disclosure(56228)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56228" + }, + { + "name": "11406", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11406" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0718.json b/2010/0xxx/CVE-2010-0718.json index debc324e11d..2cfd6278e38 100644 --- a/2010/0xxx/CVE-2010-0718.json +++ b/2010/0xxx/CVE-2010-0718.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0718", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Microsoft Windows Media Player 9 and 11.0.5721.5145 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted .mpg file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0718", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "11531", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11531" - }, - { - "name" : "win-mediaplayer-mpg-bo(56435)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56435" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Microsoft Windows Media Player 9 and 11.0.5721.5145 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted .mpg file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11531", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11531" + }, + { + "name": "win-mediaplayer-mpg-bo(56435)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56435" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0965.json b/2010/0xxx/CVE-2010-0965.json index 3c75f3d0112..5d2d8bb1e2e 100644 --- a/2010/0xxx/CVE-2010-0965.json +++ b/2010/0xxx/CVE-2010-0965.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0965", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Jevci Siparis Formu Scripti stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for siparis.mdb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0965", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1003-exploits/jevci-disclose.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1003-exploits/jevci-disclose.txt" - }, - { - "name" : "62843", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/62843" - }, - { - "name" : "38893", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38893" - }, - { - "name" : "jevci-siparis-information-disclosure(56794)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56794" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jevci Siparis Formu Scripti stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for siparis.mdb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "jevci-siparis-information-disclosure(56794)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56794" + }, + { + "name": "38893", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38893" + }, + { + "name": "http://packetstormsecurity.org/1003-exploits/jevci-disclose.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1003-exploits/jevci-disclose.txt" + }, + { + "name": "62843", + "refsource": "OSVDB", + "url": "http://osvdb.org/62843" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1042.json b/2010/1xxx/CVE-2010-1042.json index 43ebd83ad03..282bd20481a 100644 --- a/2010/1xxx/CVE-2010-1042.json +++ b/2010/1xxx/CVE-2010-1042.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows Media Player 11 does not properly perform colorspace conversion, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .AVI file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "38790", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38790" - }, - { - "name" : "win-mediaplayer-avi-code-execution(57205)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57205" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows Media Player 11 does not properly perform colorspace conversion, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .AVI file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "win-mediaplayer-avi-code-execution(57205)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57205" + }, + { + "name": "38790", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38790" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1477.json b/2010/1xxx/CVE-2010-1477.json index e3aa25a07db..ba493cc973d 100644 --- a/2010/1xxx/CVE-2010-1477.json +++ b/2010/1xxx/CVE-2010-1477.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1477", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) component before 3.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a latest_sermons action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1477", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1004-exploits/joomlasermonspeaker-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1004-exploits/joomlasermonspeaker-sql.txt" - }, - { - "name" : "12184", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12184" - }, - { - "name" : "http://joomlacode.org/gf/project/sermon_speaker/forum/?action=ForumBrowse&forum_id=7897&_forum_action=ForumMessageBrowse&thread_id=15219", - "refsource" : "CONFIRM", - "url" : "http://joomlacode.org/gf/project/sermon_speaker/forum/?action=ForumBrowse&forum_id=7897&_forum_action=ForumMessageBrowse&thread_id=15219" - }, - { - "name" : "http://joomlacode.org/gf/project/sermon_speaker/news/?action=NewsThreadView&id=2549", - "refsource" : "CONFIRM", - "url" : "http://joomlacode.org/gf/project/sermon_speaker/news/?action=NewsThreadView&id=2549" - }, - { - "name" : "39410", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39410" - }, - { - "name" : "39385", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39385" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) component before 3.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a latest_sermons action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://joomlacode.org/gf/project/sermon_speaker/news/?action=NewsThreadView&id=2549", + "refsource": "CONFIRM", + "url": "http://joomlacode.org/gf/project/sermon_speaker/news/?action=NewsThreadView&id=2549" + }, + { + "name": "12184", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12184" + }, + { + "name": "http://joomlacode.org/gf/project/sermon_speaker/forum/?action=ForumBrowse&forum_id=7897&_forum_action=ForumMessageBrowse&thread_id=15219", + "refsource": "CONFIRM", + "url": "http://joomlacode.org/gf/project/sermon_speaker/forum/?action=ForumBrowse&forum_id=7897&_forum_action=ForumMessageBrowse&thread_id=15219" + }, + { + "name": "39410", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39410" + }, + { + "name": "http://packetstormsecurity.org/1004-exploits/joomlasermonspeaker-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1004-exploits/joomlasermonspeaker-sql.txt" + }, + { + "name": "39385", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39385" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1579.json b/2010/1xxx/CVE-2010-1579.json index 186f2b7bc7c..bfebde422b6 100644 --- a/2010/1xxx/CVE-2010-1579.json +++ b/2010/1xxx/CVE-2010-1579.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1579", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via crafted SunRPC UDP packets, aka Bug ID CSCtc79922." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2010-1579", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100804 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3f12f.shtml" - }, - { - "name" : "40842", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40842" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via crafted SunRPC UDP packets, aka Bug ID CSCtc79922." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40842", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40842" + }, + { + "name": "20100804 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3f12f.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1834.json b/2010/1xxx/CVE-2010-1834.json index fbc664dab9f..b8a226f215a 100644 --- a/2010/1xxx/CVE-2010-1834.json +++ b/2010/1xxx/CVE-2010-1834.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1834", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CFNetwork in Apple Mac OS X 10.6.x before 10.6.5 does not properly validate the domains of cookies, which makes it easier for remote web servers to track users by setting a cookie that is associated with a partial IP address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-1834", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4435", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4435" - }, - { - "name" : "APPLE-SA-2010-11-10-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" - }, - { - "name" : "1024723", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024723" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CFNetwork in Apple Mac OS X 10.6.x before 10.6.5 does not properly validate the domains of cookies, which makes it easier for remote web servers to track users by setting a cookie that is associated with a partial IP address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024723", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024723" + }, + { + "name": "http://support.apple.com/kb/HT4435", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4435" + }, + { + "name": "APPLE-SA-2010-11-10-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5301.json b/2010/5xxx/CVE-2010-5301.json index 9e295c888e6..30daf7a144c 100644 --- a/2010/5xxx/CVE-2010-5301.json +++ b/2010/5xxx/CVE-2010-5301.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5301", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a HEAD request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5301", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15834", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15834" - }, - { - "name" : "45579", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45579" - }, - { - "name" : "70808", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/70808" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a HEAD request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45579", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45579" + }, + { + "name": "15834", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15834" + }, + { + "name": "70808", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/70808" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0176.json b/2014/0xxx/CVE-2014-0176.json index 6f0e088b289..ae5da749a74 100644 --- a/2014/0xxx/CVE-2014-0176.json +++ b/2014/0xxx/CVE-2014-0176.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0176", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in application/panel_control in CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0176", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2014:0816", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0816.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in application/panel_control in CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:0816", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0816.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0268.json b/2014/0xxx/CVE-2014-0268.json index 5563c9a44cc..dec89c86054 100644 --- a/2014/0xxx/CVE-2014-0268.json +++ b/2014/0xxx/CVE-2014-0268.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0268", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 8 through 11 does not properly restrict file installation and registry-key creation, which allows remote attackers to bypass the Mandatory Integrity Control protection mechanism via a crafted web site, aka \"Internet Explorer Elevation of Privilege Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-0268", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-010", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-010" - }, - { - "name" : "65392", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65392" - }, - { - "name" : "103165", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/103165" - }, - { - "name" : "1029741", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029741" - }, - { - "name" : "56796", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56796" - }, - { - "name" : "ms-ie-cve20140268-priv-esc(90756)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90756" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 8 through 11 does not properly restrict file installation and registry-key creation, which allows remote attackers to bypass the Mandatory Integrity Control protection mechanism via a crafted web site, aka \"Internet Explorer Elevation of Privilege Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS14-010", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-010" + }, + { + "name": "103165", + "refsource": "OSVDB", + "url": "http://osvdb.org/103165" + }, + { + "name": "1029741", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029741" + }, + { + "name": "56796", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56796" + }, + { + "name": "ms-ie-cve20140268-priv-esc(90756)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90756" + }, + { + "name": "65392", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65392" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0288.json b/2014/0xxx/CVE-2014-0288.json index ea502490ab6..82087c672f5 100644 --- a/2014/0xxx/CVE-2014-0288.json +++ b/2014/0xxx/CVE-2014-0288.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0288", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-0270, CVE-2014-0273, and CVE-2014-0274." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-0288", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-010", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-010" - }, - { - "name" : "65388", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65388" - }, - { - "name" : "103186", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/103186" - }, - { - "name" : "1029741", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029741" - }, - { - "name" : "56796", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56796" - }, - { - "name" : "ms-ie-cve20140288-code-exec(90778)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90778" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-0270, CVE-2014-0273, and CVE-2014-0274." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS14-010", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-010" + }, + { + "name": "1029741", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029741" + }, + { + "name": "56796", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56796" + }, + { + "name": "65388", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65388" + }, + { + "name": "103186", + "refsource": "OSVDB", + "url": "http://osvdb.org/103186" + }, + { + "name": "ms-ie-cve20140288-code-exec(90778)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90778" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0445.json b/2014/0xxx/CVE-2014-0445.json index 9eda7ea19ad..e9589206fe1 100644 --- a/2014/0xxx/CVE-2014-0445.json +++ b/2014/0xxx/CVE-2014-0445.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0445", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Technology, a different vulnerability than CVE-2014-0381." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-0445", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" - }, - { - "name" : "64758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64758" - }, - { - "name" : "64867", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64867" - }, - { - "name" : "102038", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102038" - }, - { - "name" : "1029623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029623" - }, - { - "name" : "56478", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56478" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Technology, a different vulnerability than CVE-2014-0381." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "64867", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64867" + }, + { + "name": "56478", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56478" + }, + { + "name": "102038", + "refsource": "OSVDB", + "url": "http://osvdb.org/102038" + }, + { + "name": "1029623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029623" + }, + { + "name": "64758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64758" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0867.json b/2014/0xxx/CVE-2014-0867.json index 375e9617185..e2b76541f16 100644 --- a/2014/0xxx/CVE-2014-0867.json +++ b/2014/0xxx/CVE-2014-0867.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0867", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "rcore6/main/addcookie.jsp in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to create or modify cookies via the query string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0867", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140630 SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/532598/100/0/threaded" - }, - { - "name" : "20140630 SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Jun/173" - }, - { - "name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt" - }, - { - "name" : "http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675881", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675881" - }, - { - "name" : "ibm-aclm-cve20140867-cookies(90941)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90941" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "rcore6/main/addcookie.jsp in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to create or modify cookies via the query string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html" + }, + { + "name": "ibm-aclm-cve20140867-cookies(90941)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90941" + }, + { + "name": "20140630 SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/532598/100/0/threaded" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675881", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675881" + }, + { + "name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt", + "refsource": "MISC", + "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt" + }, + { + "name": "20140630 SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Jun/173" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0960.json b/2014/0xxx/CVE-2014-0960.json index 7c43ec1e58b..b752ac88f55 100644 --- a/2014/0xxx/CVE-2014-0960.json +++ b/2014/0xxx/CVE-2014-0960.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0960", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM PureApplication System 1.0 before 1.0.0.4 cfix8 and 1.1 before 1.1.0.4 IF1 allows remote authenticated users to bypass intended access restrictions by establishing an SSH session from a deployed virtual machine." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0960", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675216", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675216" - }, - { - "name" : "59254", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59254" - }, - { - "name" : "ibm-pure-cve20140960-sec-bypass(92743)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92743" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM PureApplication System 1.0 before 1.0.0.4 cfix8 and 1.1 before 1.1.0.4 IF1 allows remote authenticated users to bypass intended access restrictions by establishing an SSH session from a deployed virtual machine." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675216", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675216" + }, + { + "name": "ibm-pure-cve20140960-sec-bypass(92743)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92743" + }, + { + "name": "59254", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59254" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1418.json b/2014/1xxx/CVE-2014-1418.json index 58c942a952d..1288a036a84 100644 --- a/2014/1xxx/CVE-2014-1418.json +++ b/2014/1xxx/CVE-2014-1418.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1418", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2014-1418", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140514 CVE Reuest: Django: Malformed URLs from user input incorrectly validated", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/05/14/10" - }, - { - "name" : "[oss-security] 20140514 Re: CVE Reuest: Django: Malformed URLs from user input incorrectly validated", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/05/15/3" - }, - { - "name" : "https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/", - "refsource" : "CONFIRM", - "url" : "https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/" - }, - { - "name" : "DSA-2934", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2934" - }, - { - "name" : "openSUSE-SU-2014:1132", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html" - }, - { - "name" : "USN-2212-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-2212-1" - }, - { - "name" : "61281", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61281" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "61281", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61281" + }, + { + "name": "DSA-2934", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2934" + }, + { + "name": "USN-2212-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-2212-1" + }, + { + "name": "openSUSE-SU-2014:1132", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html" + }, + { + "name": "[oss-security] 20140514 Re: CVE Reuest: Django: Malformed URLs from user input incorrectly validated", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/05/15/3" + }, + { + "name": "https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/", + "refsource": "CONFIRM", + "url": "https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/" + }, + { + "name": "[oss-security] 20140514 CVE Reuest: Django: Malformed URLs from user input incorrectly validated", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/05/14/10" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4161.json b/2014/4xxx/CVE-2014-4161.json index 7f89bef8d7f..20c4475526a 100644 --- a/2014/4xxx/CVE-2014-4161.json +++ b/2014/4xxx/CVE-2014-4161.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4161", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to inject arbitrary web script or HTML via the url parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4161", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.emaze.net/2014/05/sap-multiple-vulnerabilities.html", - "refsource" : "MISC", - "url" : "http://blog.emaze.net/2014/05/sap-multiple-vulnerabilities.html" - }, - { - "name" : "http://scn.sap.com/docs/DOC-8218", - "refsource" : "CONFIRM", - "url" : "http://scn.sap.com/docs/DOC-8218" - }, - { - "name" : "https://service.sap.com/sap/support/notes/1946420", - "refsource" : "CONFIRM", - "url" : "https://service.sap.com/sap/support/notes/1946420" - }, - { - "name" : "58889", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58889" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to inject arbitrary web script or HTML via the url parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "58889", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58889" + }, + { + "name": "https://service.sap.com/sap/support/notes/1946420", + "refsource": "CONFIRM", + "url": "https://service.sap.com/sap/support/notes/1946420" + }, + { + "name": "http://blog.emaze.net/2014/05/sap-multiple-vulnerabilities.html", + "refsource": "MISC", + "url": "http://blog.emaze.net/2014/05/sap-multiple-vulnerabilities.html" + }, + { + "name": "http://scn.sap.com/docs/DOC-8218", + "refsource": "CONFIRM", + "url": "http://scn.sap.com/docs/DOC-8218" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4325.json b/2014/4xxx/CVE-2014-4325.json index 3e68478b91b..f037be83b29 100644 --- a/2014/4xxx/CVE-2014-4325.json +++ b/2014/4xxx/CVE-2014-4325.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4325", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The cmd_boot function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to bypass intended device-lock and kernel-signature restrictions by using fastboot mode in a boot command for an arbitrary kernel image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4325", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.codeaurora.org/projects/security-advisories/fastboot-boot-command-bypasses-signature-verification-cve-2014-4325", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/projects/security-advisories/fastboot-boot-command-bypasses-signature-verification-cve-2014-4325" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The cmd_boot function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to bypass intended device-lock and kernel-signature restrictions by using fastboot mode in a boot command for an arbitrary kernel image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.codeaurora.org/projects/security-advisories/fastboot-boot-command-bypasses-signature-verification-cve-2014-4325", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/projects/security-advisories/fastboot-boot-command-bypasses-signature-verification-cve-2014-4325" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4760.json b/2014/4xxx/CVE-2014-4760.json index efee1478055..8532199730e 100644 --- a/2014/4xxx/CVE-2014-4760.json +++ b/2014/4xxx/CVE-2014-4760.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4760", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 before 8.0.0.1 CF13, and 8.5.0 before CF01 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-4760", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680230", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680230" - }, - { - "name" : "PI19877", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI19877" - }, - { - "name" : "1030669", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030669" - }, - { - "name" : "60597", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60597" - }, - { - "name" : "ibm-websphere-cve20144760-open-redirect(94657)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94657" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 before 8.0.0.1 CF13, and 8.5.0 before CF01 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680230", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680230" + }, + { + "name": "60597", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60597" + }, + { + "name": "1030669", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030669" + }, + { + "name": "ibm-websphere-cve20144760-open-redirect(94657)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94657" + }, + { + "name": "PI19877", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI19877" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5012.json b/2014/5xxx/CVE-2014-5012.json index b403f5fec29..1fad642671f 100644 --- a/2014/5xxx/CVE-2014-5012.json +++ b/2014/5xxx/CVE-2014-5012.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5012", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5012", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5227.json b/2014/5xxx/CVE-2014-5227.json index d7e03071e45..85389e790eb 100644 --- a/2014/5xxx/CVE-2014-5227.json +++ b/2014/5xxx/CVE-2014-5227.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5227", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-5227", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5576.json b/2014/5xxx/CVE-2014-5576.json index a11cc25fcbc..e336b7502cb 100644 --- a/2014/5xxx/CVE-2014-5576.json +++ b/2014/5xxx/CVE-2014-5576.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5576", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Avira Secure Backup (aka com.avira.avirabackup) application 1.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#179457", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/179457" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Avira Secure Backup (aka com.avira.avirabackup) application 1.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#179457", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/179457" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10238.json b/2016/10xxx/CVE-2016-10238.json index f1b6792af38..7c23dd711f8 100644 --- a/2016/10xxx/CVE-2016-10238.json +++ b/2016/10xxx/CVE-2016-10238.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-10238", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "All Qualcomm Products", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In QSEE in all Android releases from CAF using the Linux kernel access control may potentially be bypassed due to a page alignment issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Access Control in QSEE" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-10238", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All Qualcomm Products", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-04-01" - }, - { - "name" : "97334", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97334" - }, - { - "name" : "1038201", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In QSEE in all Android releases from CAF using the Linux kernel access control may potentially be bypassed due to a page alignment issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control in QSEE" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-04-01" + }, + { + "name": "97334", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97334" + }, + { + "name": "1038201", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038201" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10293.json b/2016/10xxx/CVE-2016-10293.json index 09c19b364ac..1afee1a2394 100644 --- a/2016/10xxx/CVE-2016-10293.json +++ b/2016/10xxx/CVE-2016-10293.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-10293", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-33352393. References: QC-CR#1101943." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-10293", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-05-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-05-01" - }, - { - "name" : "98206", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98206" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-33352393. References: QC-CR#1101943." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-05-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-05-01" + }, + { + "name": "98206", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98206" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10443.json b/2016/10xxx/CVE-2016-10443.json index 5d6e28aa64c..f1795a6ffc0 100644 --- a/2016/10xxx/CVE-2016-10443.json +++ b/2016/10xxx/CVE-2016-10443.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2016-10443", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, packet replay may be possible." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Possible cryptographic issues in QTEE" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2016-10443", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, packet replay may be possible." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Possible cryptographic issues in QTEE" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3343.json b/2016/3xxx/CVE-2016-3343.json index e076cfc7330..2ab01c9f24c 100644 --- a/2016/3xxx/CVE-2016-3343.json +++ b/2016/3xxx/CVE-2016-3343.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3343", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka \"Windows Common Log File System Driver Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, and CVE-2016-7184." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3343", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-134", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-134" - }, - { - "name" : "94007", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94007" - }, - { - "name" : "1037252", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037252" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka \"Windows Common Log File System Driver Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, and CVE-2016-7184." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037252", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037252" + }, + { + "name": "MS16-134", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-134" + }, + { + "name": "94007", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94007" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3606.json b/2016/3xxx/CVE-2016-3606.json index 4ad0ae52bf8..5a638367172 100644 --- a/2016/3xxx/CVE-2016-3606.json +++ b/2016/3xxx/CVE-2016-3606.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3606", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3606", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20160721-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20160721-0001/" - }, - { - "name" : "DSA-3641", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3641" - }, - { - "name" : "GLSA-201610-08", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201610-08" - }, - { - "name" : "GLSA-201701-43", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-43" - }, - { - "name" : "RHSA-2016:1458", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1458" - }, - { - "name" : "RHSA-2016:1475", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1475" - }, - { - "name" : "RHSA-2016:1476", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1476" - }, - { - "name" : "RHSA-2016:1504", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1504.html" - }, - { - "name" : "RHSA-2016:1776", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1776.html" - }, - { - "name" : "SUSE-SU-2016:1997", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html" - }, - { - "name" : "SUSE-SU-2016:2012", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html" - }, - { - "name" : "openSUSE-SU-2016:1979", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html" - }, - { - "name" : "openSUSE-SU-2016:2050", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html" - }, - { - "name" : "openSUSE-SU-2016:2051", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html" - }, - { - "name" : "openSUSE-SU-2016:2052", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html" - }, - { - "name" : "openSUSE-SU-2016:2058", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html" - }, - { - "name" : "USN-3077-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3077-1" - }, - { - "name" : "USN-3043-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3043-1" - }, - { - "name" : "USN-3062-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3062-1" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "91912", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91912" - }, - { - "name" : "1036365", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036365" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3043-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3043-1" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "GLSA-201610-08", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201610-08" + }, + { + "name": "SUSE-SU-2016:2012", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html" + }, + { + "name": "openSUSE-SU-2016:2052", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html" + }, + { + "name": "DSA-3641", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3641" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20160721-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20160721-0001/" + }, + { + "name": "RHSA-2016:1475", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1475" + }, + { + "name": "openSUSE-SU-2016:2051", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html" + }, + { + "name": "1036365", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036365" + }, + { + "name": "GLSA-201701-43", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-43" + }, + { + "name": "91912", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91912" + }, + { + "name": "USN-3062-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3062-1" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "RHSA-2016:1476", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1476" + }, + { + "name": "SUSE-SU-2016:1997", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html" + }, + { + "name": "RHSA-2016:1458", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1458" + }, + { + "name": "openSUSE-SU-2016:2050", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html" + }, + { + "name": "openSUSE-SU-2016:1979", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html" + }, + { + "name": "USN-3077-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3077-1" + }, + { + "name": "RHSA-2016:1776", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1776.html" + }, + { + "name": "openSUSE-SU-2016:2058", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html" + }, + { + "name": "RHSA-2016:1504", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1504.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3736.json b/2016/3xxx/CVE-2016-3736.json index 9dc88602c38..1481bc3cd4b 100644 --- a/2016/3xxx/CVE-2016-3736.json +++ b/2016/3xxx/CVE-2016-3736.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3736", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3736", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7016.json b/2016/7xxx/CVE-2016-7016.json index a143a2f7925..937dac3f01e 100644 --- a/2016/7xxx/CVE-2016-7016.json +++ b/2016/7xxx/CVE-2016-7016.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7016", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-7016", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" - }, - { - "name" : "93496", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93496" - }, - { - "name" : "1036986", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036986", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036986" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" + }, + { + "name": "93496", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93496" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8124.json b/2016/8xxx/CVE-2016-8124.json index 7b53edd3f5c..5a9500da0b6 100644 --- a/2016/8xxx/CVE-2016-8124.json +++ b/2016/8xxx/CVE-2016-8124.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8124", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8124", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8538.json b/2016/8xxx/CVE-2016-8538.json index cce07af2c0f..7479e0b07bb 100644 --- a/2016/8xxx/CVE-2016-8538.json +++ b/2016/8xxx/CVE-2016-8538.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8538", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8538", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8609.json b/2016/8xxx/CVE-2016-8609.json index 5847e54a387..e61dfa19316 100644 --- a/2016/8xxx/CVE-2016-8609.json +++ b/2016/8xxx/CVE-2016-8609.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psampaio@redhat.com", - "ID" : "CVE-2016-8609", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "keycloak", - "version" : { - "version_data" : [ - { - "version_value" : "2.3.0" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "It was found that the keycloak before 2.3.0 did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack the user's session. This could lead to information disclosure, or permit further possible attacks." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "3.7/CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", - "version" : "3.0" - } - ], - [ - { - "vectorString" : "4.9/AV:N/AC:M/Au:S/C:P/I:P/A:N", - "version" : "2.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-384" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-8609", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "keycloak", + "version": { + "version_data": [ + { + "version_value": "2.3.0" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8609", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8609" - }, - { - "name" : "RHSA-2016:2945", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2945.html" - }, - { - "name" : "95070", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95070" - }, - { - "name" : "1037460", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037460" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "It was found that the keycloak before 2.3.0 did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack the user's session. This could lead to information disclosure, or permit further possible attacks." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "3.7/CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", + "version": "3.0" + } + ], + [ + { + "vectorString": "4.9/AV:N/AC:M/Au:S/C:P/I:P/A:N", + "version": "2.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-384" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8609", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8609" + }, + { + "name": "RHSA-2016:2945", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2945.html" + }, + { + "name": "1037460", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037460" + }, + { + "name": "95070", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95070" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8698.json b/2016/8xxx/CVE-2016-8698.json index 87efb73c566..8a5d3c6a8a4 100644 --- a/2016/8xxx/CVE-2016-8698.json +++ b/2016/8xxx/CVE-2016-8698.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8698", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability than CVE-2016-8699, CVE-2016-8700, CVE-2016-8701, CVE-2016-8702, and CVE-2016-8703." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8698", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160818 potrace: multiple crashes", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/08/18/11" - }, - { - "name" : "[oss-security] 20161015 Re: potrace: multiple crashes", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/16/12" - }, - { - "name" : "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/" - }, - { - "name" : "http://potrace.sourceforge.net/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://potrace.sourceforge.net/ChangeLog" - }, - { - "name" : "93778", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93778" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability than CVE-2016-8699, CVE-2016-8700, CVE-2016-8701, CVE-2016-8702, and CVE-2016-8703." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93778", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93778" + }, + { + "name": "[oss-security] 20161015 Re: potrace: multiple crashes", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/16/12" + }, + { + "name": "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/" + }, + { + "name": "[oss-security] 20160818 potrace: multiple crashes", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/08/18/11" + }, + { + "name": "http://potrace.sourceforge.net/ChangeLog", + "refsource": "CONFIRM", + "url": "http://potrace.sourceforge.net/ChangeLog" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9003.json b/2016/9xxx/CVE-2016-9003.json index eaabaf83688..b48c0280fb7 100644 --- a/2016/9xxx/CVE-2016-9003.json +++ b/2016/9xxx/CVE-2016-9003.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9003", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9003", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9372.json b/2016/9xxx/CVE-2016-9372.json index 3fb6da423c2..37a7e375c11 100644 --- a/2016/9xxx/CVE-2016-9372.json +++ b/2016/9xxx/CVE-2016-9372.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9372", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input with too many I/O objects." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12851", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12851" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4127e3930ef663114567002001f44e01eba8a250", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4127e3930ef663114567002001f44e01eba8a250" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2016-58.html", - "refsource" : "CONFIRM", - "url" : "https://www.wireshark.org/security/wnpa-sec-2016-58.html" - }, - { - "name" : "94368", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94368" - }, - { - "name" : "1037313", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037313" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input with too many I/O objects." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037313", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037313" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2016-58.html", + "refsource": "CONFIRM", + "url": "https://www.wireshark.org/security/wnpa-sec-2016-58.html" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4127e3930ef663114567002001f44e01eba8a250", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4127e3930ef663114567002001f44e01eba8a250" + }, + { + "name": "94368", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94368" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12851", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12851" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9640.json b/2016/9xxx/CVE-2016-9640.json index 4141c3f0f59..0882099b9bf 100644 --- a/2016/9xxx/CVE-2016-9640.json +++ b/2016/9xxx/CVE-2016-9640.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9640", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9640", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9693.json b/2016/9xxx/CVE-2016-9693.json index b31399ad624..49f956e5b0a 100644 --- a/2016/9xxx/CVE-2016-9693.json +++ b/2016/9xxx/CVE-2016-9693.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-9693", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Business Process Manager Advanced", - "version" : { - "version_data" : [ - { - "version_value" : "7.5" - }, - { - "version_value" : "7.5.0.1" - }, - { - "version_value" : "7.5.1" - }, - { - "version_value" : "7.5.1.1" - }, - { - "version_value" : "7.5.1.2" - }, - { - "version_value" : "8.0" - }, - { - "version_value" : "8.0.1" - }, - { - "version_value" : "8.0.1.1" - }, - { - "version_value" : "8.0.1.2" - }, - { - "version_value" : "8.5" - }, - { - "version_value" : "8.5.0.1" - }, - { - "version_value" : "8.5.5" - }, - { - "version_value" : "8.0.1.3" - }, - { - "version_value" : "8.5.6" - }, - { - "version_value" : "8.5.0.2" - }, - { - "version_value" : "8.5.7" - }, - { - "version_value" : "8.5.7.CF201609" - }, - { - "version_value" : "8.5.6.1" - }, - { - "version_value" : "8.5.6.2" - }, - { - "version_value" : "8.5.7.CF201606" - }, - { - "version_value" : "8.5.7.CF201612" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can be bypassed so that the payload might be considered executable and cause damage on the victim's machine. IBM Reference #: 1998655." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-9693", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Business Process Manager Advanced", + "version": { + "version_data": [ + { + "version_value": "7.5" + }, + { + "version_value": "7.5.0.1" + }, + { + "version_value": "7.5.1" + }, + { + "version_value": "7.5.1.1" + }, + { + "version_value": "7.5.1.2" + }, + { + "version_value": "8.0" + }, + { + "version_value": "8.0.1" + }, + { + "version_value": "8.0.1.1" + }, + { + "version_value": "8.0.1.2" + }, + { + "version_value": "8.5" + }, + { + "version_value": "8.5.0.1" + }, + { + "version_value": "8.5.5" + }, + { + "version_value": "8.0.1.3" + }, + { + "version_value": "8.5.6" + }, + { + "version_value": "8.5.0.2" + }, + { + "version_value": "8.5.7" + }, + { + "version_value": "8.5.7.CF201609" + }, + { + "version_value": "8.5.6.1" + }, + { + "version_value": "8.5.6.2" + }, + { + "version_value": "8.5.7.CF201606" + }, + { + "version_value": "8.5.7.CF201612" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=swg21998655", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=swg21998655" - }, - { - "name" : "98074", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98074" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can be bypassed so that the payload might be considered executable and cause damage on the victim's machine. IBM Reference #: 1998655." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98074", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98074" + }, + { + "name": "https://www.ibm.com/support/docview.wss?uid=swg21998655", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=swg21998655" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9951.json b/2016/9xxx/CVE-2016-9951.json index 6675289764e..93027e4567b 100644 --- a/2016/9xxx/CVE-2016-9951.json +++ b/2016/9xxx/CVE-2016-9951.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9951", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the Relaunch button on Apport crash files generated by local systems. The Relaunch button will be hidden when crash files are opened directly in Apport-GTK." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9951", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40937", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40937/" - }, - { - "name" : "https://bugs.launchpad.net/apport/+bug/1648806", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/apport/+bug/1648806" - }, - { - "name" : "https://donncha.is/2016/12/compromising-ubuntu-desktop/", - "refsource" : "MISC", - "url" : "https://donncha.is/2016/12/compromising-ubuntu-desktop/" - }, - { - "name" : "https://github.com/DonnchaC/ubuntu-apport-exploitation", - "refsource" : "MISC", - "url" : "https://github.com/DonnchaC/ubuntu-apport-exploitation" - }, - { - "name" : "USN-3157-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3157-1" - }, - { - "name" : "95011", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95011" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the Relaunch button on Apport crash files generated by local systems. The Relaunch button will be hidden when crash files are opened directly in Apport-GTK." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/DonnchaC/ubuntu-apport-exploitation", + "refsource": "MISC", + "url": "https://github.com/DonnchaC/ubuntu-apport-exploitation" + }, + { + "name": "https://donncha.is/2016/12/compromising-ubuntu-desktop/", + "refsource": "MISC", + "url": "https://donncha.is/2016/12/compromising-ubuntu-desktop/" + }, + { + "name": "https://bugs.launchpad.net/apport/+bug/1648806", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/apport/+bug/1648806" + }, + { + "name": "95011", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95011" + }, + { + "name": "USN-3157-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3157-1" + }, + { + "name": "40937", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40937/" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2328.json b/2019/2xxx/CVE-2019-2328.json index 42cbd49b278..78dd7d4f7cc 100644 --- a/2019/2xxx/CVE-2019-2328.json +++ b/2019/2xxx/CVE-2019-2328.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2328", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2328", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2455.json b/2019/2xxx/CVE-2019-2455.json index c671c1bd06d..fd32b141227 100644 --- a/2019/2xxx/CVE-2019-2455.json +++ b/2019/2xxx/CVE-2019-2455.json @@ -1,86 +1,86 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2455", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.6.42 and prior" - }, - { - "version_affected" : "=", - "version_value" : "5.7.24 and prior" - }, - { - "version_affected" : "=", - "version_value" : "8.0.13 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2455", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.6.42 and prior" + }, + { + "version_affected": "=", + "version_value": "5.7.24 and prior" + }, + { + "version_affected": "=", + "version_value": "8.0.13 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20190118-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20190118-0002/" - }, - { - "name" : "USN-3867-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3867-1/" - }, - { - "name" : "106628", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106628" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106628", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106628" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "USN-3867-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3867-1/" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20190118-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20190118-0002/" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2605.json b/2019/2xxx/CVE-2019-2605.json index e49d421d2fc..f879eb6afdb 100644 --- a/2019/2xxx/CVE-2019-2605.json +++ b/2019/2xxx/CVE-2019-2605.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2605", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2605", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2877.json b/2019/2xxx/CVE-2019-2877.json index 0cd2bb20469..2ff03802cca 100644 --- a/2019/2xxx/CVE-2019-2877.json +++ b/2019/2xxx/CVE-2019-2877.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2877", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2877", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6352.json b/2019/6xxx/CVE-2019-6352.json index 6c9517a2817..18087abd981 100644 --- a/2019/6xxx/CVE-2019-6352.json +++ b/2019/6xxx/CVE-2019-6352.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6352", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6352", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6576.json b/2019/6xxx/CVE-2019-6576.json index 76e6b80be58..0275d2b8819 100644 --- a/2019/6xxx/CVE-2019-6576.json +++ b/2019/6xxx/CVE-2019-6576.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6576", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6576", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6732.json b/2019/6xxx/CVE-2019-6732.json index 4441ffba246..4d36743bb61 100644 --- a/2019/6xxx/CVE-2019-6732.json +++ b/2019/6xxx/CVE-2019-6732.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6732", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6732", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file