diff --git a/2006/0xxx/CVE-2006-0792.json b/2006/0xxx/CVE-2006-0792.json index 93371d1165c..34340607191 100644 --- a/2006/0xxx/CVE-2006-0792.json +++ b/2006/0xxx/CVE-2006-0792.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0792", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in preferences.personal.php in V-webmail 1.6.2 allows remote attackers to inject arbitrary web script or HTML via the newid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0792", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "16706", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16706" - }, - { - "name" : "ADV-2006-0639", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0639" - }, - { - "name" : "23260", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23260" - }, - { - "name" : "18776", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18776" - }, - { - "name" : "vwebmail-preferencespersonal-xss(24749)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24749" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in preferences.personal.php in V-webmail 1.6.2 allows remote attackers to inject arbitrary web script or HTML via the newid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16706", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16706" + }, + { + "name": "23260", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23260" + }, + { + "name": "18776", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18776" + }, + { + "name": "vwebmail-preferencespersonal-xss(24749)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24749" + }, + { + "name": "ADV-2006-0639", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0639" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0929.json b/2006/0xxx/CVE-2006-0929.json index bff49553a22..04396c00908 100644 --- a/2006/0xxx/CVE-2006-0929.json +++ b/2006/0xxx/CVE-2006-0929.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0929", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the IMAP server in ArGoSoft Mail Server Pro 1.8.8.1 allows remote authenticated users to create arbitrary folders via a .. (dot dot) in the RENAME command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0929", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060224 NSA Group Security Advisory NSAG-¹200-24.02.2006 Vulnerability ArGoSoft Mail Server Pro IMAP", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/425969/100/0/threaded" - }, - { - "name" : "http://www.nsag.ru/vuln/878.html", - "refsource" : "MISC", - "url" : "http://www.nsag.ru/vuln/878.html" - }, - { - "name" : "16809", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16809" - }, - { - "name" : "ADV-2006-0733", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0733" - }, - { - "name" : "18990", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18990" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the IMAP server in ArGoSoft Mail Server Pro 1.8.8.1 allows remote authenticated users to create arbitrary folders via a .. (dot dot) in the RENAME command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18990", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18990" + }, + { + "name": "16809", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16809" + }, + { + "name": "http://www.nsag.ru/vuln/878.html", + "refsource": "MISC", + "url": "http://www.nsag.ru/vuln/878.html" + }, + { + "name": "20060224 NSA Group Security Advisory NSAG-¹200-24.02.2006 Vulnerability ArGoSoft Mail Server Pro IMAP", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/425969/100/0/threaded" + }, + { + "name": "ADV-2006-0733", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0733" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1443.json b/2006/1xxx/CVE-2006-1443.json index 09172bffb79..bd45d9d2878 100644 --- a/2006/1xxx/CVE-2006-1443.json +++ b/2006/1xxx/CVE-2006-1443.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1443", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer underflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4.6 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving conversions from string to file system representation within (1) CFStringGetFileSystemRepresentation or (2) getFileSystemRepresentation:maxLength:withPath in NSFileManager, and possibly other similar API functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1443", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2006-05-11", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html" - }, - { - "name" : "TA06-132A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-132A.html" - }, - { - "name" : "17951", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17951" - }, - { - "name" : "ADV-2006-1779", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1779" - }, - { - "name" : "25587", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25587" - }, - { - "name" : "1016080", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016080" - }, - { - "name" : "20077", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20077" - }, - { - "name" : "macos-corefoundation-integer-underflow(26408)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26408" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer underflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4.6 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving conversions from string to file system representation within (1) CFStringGetFileSystemRepresentation or (2) getFileSystemRepresentation:maxLength:withPath in NSFileManager, and possibly other similar API functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17951", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17951" + }, + { + "name": "ADV-2006-1779", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1779" + }, + { + "name": "TA06-132A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html" + }, + { + "name": "25587", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25587" + }, + { + "name": "APPLE-SA-2006-05-11", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html" + }, + { + "name": "macos-corefoundation-integer-underflow(26408)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26408" + }, + { + "name": "20077", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20077" + }, + { + "name": "1016080", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016080" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1569.json b/2006/1xxx/CVE-2006-1569.json index 7ed5c195fd6..4944be3842d 100644 --- a/2006/1xxx/CVE-2006-1569.json +++ b/2006/1xxx/CVE-2006-1569.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1569", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in RedCMS 0.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters to (a) login.php or (b) register.php; or (3) u parameter to (c) profile.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1569", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060413 [eVuln] RedCMS Multiple XSS and SQL Injection Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431001/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/115/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/115/summary.html" - }, - { - "name" : "17336", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17336" - }, - { - "name" : "ADV-2006-1186", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1186" - }, - { - "name" : "24297", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24297" - }, - { - "name" : "24298", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24298" - }, - { - "name" : "24299", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24299" - }, - { - "name" : "19475", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19475" - }, - { - "name" : "redcms-multiple-sql-injection(25578)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25578" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in RedCMS 0.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters to (a) login.php or (b) register.php; or (3) u parameter to (c) profile.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060413 [eVuln] RedCMS Multiple XSS and SQL Injection Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431001/100/0/threaded" + }, + { + "name": "17336", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17336" + }, + { + "name": "ADV-2006-1186", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1186" + }, + { + "name": "http://evuln.com/vulns/115/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/115/summary.html" + }, + { + "name": "redcms-multiple-sql-injection(25578)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25578" + }, + { + "name": "19475", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19475" + }, + { + "name": "24297", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24297" + }, + { + "name": "24298", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24298" + }, + { + "name": "24299", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24299" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1873.json b/2006/1xxx/CVE-2006-1873.json index f13a20f8531..6c342e0f29b 100644 --- a/2006/1xxx/CVE-2006-1873.json +++ b/2006/1xxx/CVE-2006-1873.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1873", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Database Server 9.2.0.7, 10.1.0.4, and 10.2.0.1 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB08." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1873", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html" - }, - { - "name" : "HPSBMA02113", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/432267/100/0/threaded" - }, - { - "name" : "SSRT061148", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/432267/100/0/threaded" - }, - { - "name" : "17590", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17590" - }, - { - "name" : "ADV-2006-1397", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1397" - }, - { - "name" : "ADV-2006-1571", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1571" - }, - { - "name" : "1015961", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015961" - }, - { - "name" : "19712", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19712" - }, - { - "name" : "19859", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19859" - }, - { - "name" : "oracle-database-multiple-unspecified(26068)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26068" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Database Server 9.2.0.7, 10.1.0.4, and 10.2.0.1 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB08." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19712", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19712" + }, + { + "name": "19859", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19859" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html" + }, + { + "name": "ADV-2006-1571", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1571" + }, + { + "name": "17590", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17590" + }, + { + "name": "SSRT061148", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/432267/100/0/threaded" + }, + { + "name": "oracle-database-multiple-unspecified(26068)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26068" + }, + { + "name": "ADV-2006-1397", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1397" + }, + { + "name": "HPSBMA02113", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/432267/100/0/threaded" + }, + { + "name": "1015961", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015961" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3656.json b/2006/3xxx/CVE-2006-3656.json index a54c175816b..163a6d372d1 100644 --- a/2006/3xxx/CVE-2006-3656.json +++ b/2006/3xxx/CVE-2006-3656.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3656", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Microsoft PowerPoint 2003 allows user-assisted attackers to cause memory corruption via a crafted PowerPoint file, which triggers the corruption when the file is closed. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3656", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060715 MS Power Point Multiple Vulnerabilities - (memory corruption) POC", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440108/100/0/threaded" - }, - { - "name" : "20060717 New CVE identifiers for separate PowerPoint 0-day issues assigned", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440867/100/0/threaded" - }, - { - "name" : "20060718 About the latest three Powerpoint vulnerabilities: exploitable?", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440370/100/0/threaded" - }, - { - "name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/PP2003sp2patched_fr_exploit-method.txt", - "refsource" : "MISC", - "url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/PP2003sp2patched_fr_exploit-method.txt" - }, - { - "name" : "http://packetstormsecurity.org/0607-exploits/mspp-poc3.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0607-exploits/mspp-poc3.txt" - }, - { - "name" : "18993", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18993" - }, - { - "name" : "19229", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19229" - }, - { - "name" : "ADV-2006-2815", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2815" - }, - { - "name" : "21061", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21061" - }, - { - "name" : "powerpoint-mso-code-execution2(27781)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27781" - }, - { - "name" : "powerpoint-unspecified-memory-corruption(27782)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27782" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Microsoft PowerPoint 2003 allows user-assisted attackers to cause memory corruption via a crafted PowerPoint file, which triggers the corruption when the file is closed. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21061", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21061" + }, + { + "name": "20060718 About the latest three Powerpoint vulnerabilities: exploitable?", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440370/100/0/threaded" + }, + { + "name": "powerpoint-unspecified-memory-corruption(27782)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27782" + }, + { + "name": "http://downloads.securityfocus.com/vulnerabilities/exploits/PP2003sp2patched_fr_exploit-method.txt", + "refsource": "MISC", + "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/PP2003sp2patched_fr_exploit-method.txt" + }, + { + "name": "19229", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19229" + }, + { + "name": "ADV-2006-2815", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2815" + }, + { + "name": "http://packetstormsecurity.org/0607-exploits/mspp-poc3.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0607-exploits/mspp-poc3.txt" + }, + { + "name": "powerpoint-mso-code-execution2(27781)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27781" + }, + { + "name": "20060717 New CVE identifiers for separate PowerPoint 0-day issues assigned", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440867/100/0/threaded" + }, + { + "name": "20060715 MS Power Point Multiple Vulnerabilities - (memory corruption) POC", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440108/100/0/threaded" + }, + { + "name": "18993", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18993" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3732.json b/2006/3xxx/CVE-2006-3732.json index 50857b033ff..693da7f407e 100644 --- a/2006/3xxx/CVE-2006-3732.json +++ b/2006/3xxx/CVE-2006-3732.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3732", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1 ships with an Oracle database that contains several default accounts and passwords, which allows attackers to obtain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3732", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060719 Multiple Vulnerabilities in Cisco Security Monitoring, Analysis and Response System (CS-MARS)", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml" - }, - { - "name" : "19071", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19071" - }, - { - "name" : "19073", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19073" - }, - { - "name" : "ADV-2006-2887", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2887" - }, - { - "name" : "1016537", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016537" - }, - { - "name" : "21118", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21118" - }, - { - "name" : "cisco-csmars-oracle-account(27810)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27810" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1 ships with an Oracle database that contains several default accounts and passwords, which allows attackers to obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19071", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19071" + }, + { + "name": "20060719 Multiple Vulnerabilities in Cisco Security Monitoring, Analysis and Response System (CS-MARS)", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml" + }, + { + "name": "21118", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21118" + }, + { + "name": "ADV-2006-2887", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2887" + }, + { + "name": "cisco-csmars-oracle-account(27810)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27810" + }, + { + "name": "1016537", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016537" + }, + { + "name": "19073", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19073" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4037.json b/2006/4xxx/CVE-2006-4037.json index cc7068efef7..296b441001a 100644 --- a/2006/4xxx/CVE-2006-4037.json +++ b/2006/4xxx/CVE-2006-4037.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4037", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Fenestrae Faxination Server allows remote attackers to execute arbitrary code via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4037", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.irmplc.com/Vendor_alerts.htm#alert8", - "refsource" : "MISC", - "url" : "http://www.irmplc.com/Vendor_alerts.htm#alert8" - }, - { - "name" : "19328", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19328" - }, - { - "name" : "ADV-2006-3141", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3141" - }, - { - "name" : "21322", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21322" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Fenestrae Faxination Server allows remote attackers to execute arbitrary code via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21322", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21322" + }, + { + "name": "http://www.irmplc.com/Vendor_alerts.htm#alert8", + "refsource": "MISC", + "url": "http://www.irmplc.com/Vendor_alerts.htm#alert8" + }, + { + "name": "19328", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19328" + }, + { + "name": "ADV-2006-3141", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3141" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4590.json b/2006/4xxx/CVE-2006-4590.json index b5bb087d0a6..ac8d9bf9958 100644 --- a/2006/4xxx/CVE-2006-4590.json +++ b/2006/4xxx/CVE-2006-4590.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4590", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in admin/default.asp in Jetstat.com JS ASP Faq Manager 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2006-4463. NOTE: the provenance of this information is unknown; the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4590", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19761", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19761" - }, - { - "name" : "ADV-2006-3415", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3415" - }, - { - "name" : "28266", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28266" - }, - { - "name" : "21674", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21674" - }, - { - "name" : "jsaspfaqmanager-admin-sql-injection(28638)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28638" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in admin/default.asp in Jetstat.com JS ASP Faq Manager 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2006-4463. NOTE: the provenance of this information is unknown; the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28266", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28266" + }, + { + "name": "jsaspfaqmanager-admin-sql-injection(28638)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28638" + }, + { + "name": "ADV-2006-3415", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3415" + }, + { + "name": "21674", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21674" + }, + { + "name": "19761", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19761" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4686.json b/2006/4xxx/CVE-2006-4686.json index d4af8579eac..4b30d0bd37d 100644 --- a/2006/4xxx/CVE-2006-4686.json +++ b/2006/4xxx/CVE-2006-4686.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4686", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2006-4686", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBST02161", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449179/100/0/threaded" - }, - { - "name" : "SSRT061264", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449179/100/0/threaded" - }, - { - "name" : "MS06-061", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-061" - }, - { - "name" : "VU#562788", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/562788" - }, - { - "name" : "20338", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20338" - }, - { - "name" : "ADV-2006-3980", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3980" - }, - { - "name" : "29426", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29426" - }, - { - "name" : "oval:org.mitre.oval:def:285", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A285" - }, - { - "name" : "1017033", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017033" - }, - { - "name" : "22333", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22333" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22333", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22333" + }, + { + "name": "MS06-061", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-061" + }, + { + "name": "SSRT061264", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded" + }, + { + "name": "VU#562788", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/562788" + }, + { + "name": "oval:org.mitre.oval:def:285", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A285" + }, + { + "name": "29426", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29426" + }, + { + "name": "HPSBST02161", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded" + }, + { + "name": "1017033", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017033" + }, + { + "name": "ADV-2006-3980", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3980" + }, + { + "name": "20338", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20338" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2549.json b/2010/2xxx/CVE-2010-2549.json index 7f6723db259..b8edaef2362 100644 --- a/2010/2xxx/CVE-2010-2549.json +++ b/2010/2xxx/CVE-2010-2549.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2549", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, leading to deletion of an in-use process object, aka \"Win32k Reference Count Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-2549", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14156", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14156" - }, - { - "name" : "20100630 MSRC-001: Windows Vista/Server 2008 NtUserCheckAccessForIntegrityLevel Use-after-free Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2010/Jul/3" - }, - { - "name" : "TA10-285A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-285A.html" - }, - { - "name" : "41280", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41280" - }, - { - "name" : "66003", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/66003" - }, - { - "name" : "oval:org.mitre.oval:def:12215", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12215" - }, - { - "name" : "40421", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40421" - }, - { - "name" : "ms-win-ntusercheck-priv-escalation(60120)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60120" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, leading to deletion of an in-use process object, aka \"Win32k Reference Count Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:12215", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12215" + }, + { + "name": "20100630 MSRC-001: Windows Vista/Server 2008 NtUserCheckAccessForIntegrityLevel Use-after-free Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2010/Jul/3" + }, + { + "name": "14156", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14156" + }, + { + "name": "41280", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41280" + }, + { + "name": "40421", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40421" + }, + { + "name": "TA10-285A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-285A.html" + }, + { + "name": "66003", + "refsource": "OSVDB", + "url": "http://osvdb.org/66003" + }, + { + "name": "ms-win-ntusercheck-priv-escalation(60120)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60120" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2884.json b/2010/2xxx/CVE-2010-2884.json index 7f447a9e5d0..f747df2ca55 100644 --- a/2010/2xxx/CVE-2010-2884.json +++ b/2010/2xxx/CVE-2010-2884.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2884", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x before 9.4; and authplay.dll in Adobe Reader and Acrobat 8.x before 8.2.5 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in September 2010." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-2884", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/advisories/apsa10-03.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/advisories/apsa10-03.html" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-22.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-22.html" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html" - }, - { - "name" : "http://support.apple.com/kb/HT4435", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4435" - }, - { - "name" : "APPLE-SA-2010-11-10-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" - }, - { - "name" : "GLSA-201101-08", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201101-08.xml" - }, - { - "name" : "GLSA-201101-09", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201101-09.xml" - }, - { - "name" : "RHSA-2010:0706", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0706.html" - }, - { - "name" : "RHSA-2010:0743", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0743.html" - }, - { - "name" : "SUSE-SA:2010:048", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html" - }, - { - "name" : "SUSE-SR:2010:019", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" - }, - { - "name" : "TA10-263A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-263A.html" - }, - { - "name" : "TA10-279A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-279A.html" - }, - { - "name" : "VU#275289", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/275289" - }, - { - "name" : "oval:org.mitre.oval:def:6852", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6852" - }, - { - "name" : "41434", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41434" - }, - { - "name" : "41435", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41435" - }, - { - "name" : "41443", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41443" - }, - { - "name" : "41526", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41526" - }, - { - "name" : "43025", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43025" - }, - { - "name" : "43026", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43026" - }, - { - "name" : "ADV-2010-2348", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2348" - }, - { - "name" : "ADV-2010-2349", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2349" - }, - { - "name" : "ADV-2011-0191", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0191" - }, - { - "name" : "ADV-2011-0192", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0192" - }, - { - "name" : "adobe-flash-content-code-execution(61771)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61771" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x before 9.4; and authplay.dll in Adobe Reader and Acrobat 8.x before 8.2.5 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in September 2010." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-263A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-263A.html" + }, + { + "name": "ADV-2011-0192", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0192" + }, + { + "name": "http://support.apple.com/kb/HT4435", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4435" + }, + { + "name": "SUSE-SA:2010:048", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html" + }, + { + "name": "ADV-2011-0191", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0191" + }, + { + "name": "43025", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43025" + }, + { + "name": "43026", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43026" + }, + { + "name": "GLSA-201101-09", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml" + }, + { + "name": "oval:org.mitre.oval:def:6852", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6852" + }, + { + "name": "http://www.adobe.com/support/security/advisories/apsa10-03.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/advisories/apsa10-03.html" + }, + { + "name": "APPLE-SA-2010-11-10-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" + }, + { + "name": "GLSA-201101-08", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201101-08.xml" + }, + { + "name": "41526", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41526" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-22.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-22.html" + }, + { + "name": "RHSA-2010:0743", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0743.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-21.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-21.html" + }, + { + "name": "TA10-279A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-279A.html" + }, + { + "name": "41443", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41443" + }, + { + "name": "41434", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41434" + }, + { + "name": "adobe-flash-content-code-execution(61771)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61771" + }, + { + "name": "VU#275289", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/275289" + }, + { + "name": "ADV-2010-2348", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2348" + }, + { + "name": "ADV-2010-2349", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2349" + }, + { + "name": "RHSA-2010:0706", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0706.html" + }, + { + "name": "SUSE-SR:2010:019", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" + }, + { + "name": "41435", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41435" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2946.json b/2010/2xxx/CVE-2010-2946.json index 32833ed4520..9f368937cf4 100644 --- a/2010/2xxx/CVE-2010-2946.json +++ b/2010/2xxx/CVE-2010-2946.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2946", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "fs/jfs/xattr.c in the Linux kernel before 2.6.35.2 does not properly handle a certain legacy format for storage of extended attributes, which might allow local users by bypass intended xattr namespace restrictions via an \"os2.\" substring at the beginning of a name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2946", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100820 CVE request - kernel: jfs: don't allow os2 xattr namespace overlap with others", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/08/20/1" - }, - { - "name" : "[oss-security] 20100820 Re: CVE request - kernel: jfs: don't allow os2 xattr namespace overlap with others", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/08/20/11" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=aca0fa34bdaba39bfddddba8ca70dba4782e8fe6", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=aca0fa34bdaba39bfddddba8ca70dba4782e8fe6" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.10", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.10" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.51", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.51" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.2", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.2" - }, - { - "name" : "MDVSA-2011:051", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051" - }, - { - "name" : "SUSE-SA:2010:040", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html" - }, - { - "name" : "SUSE-SA:2010:060", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html" - }, - { - "name" : "SUSE-SA:2010:054", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html" - }, - { - "name" : "SUSE-SA:2011:007", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" - }, - { - "name" : "SUSE-SA:2011:008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html" - }, - { - "name" : "USN-1000-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1000-1" - }, - { - "name" : "42589", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42589" - }, - { - "name" : "41321", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41321" - }, - { - "name" : "43291", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43291" - }, - { - "name" : "ADV-2011-0298", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0298" - }, - { - "name" : "ADV-2011-0375", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0375" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "fs/jfs/xattr.c in the Linux kernel before 2.6.35.2 does not properly handle a certain legacy format for storage of extended attributes, which might allow local users by bypass intended xattr namespace restrictions via an \"os2.\" substring at the beginning of a name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1000-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1000-1" + }, + { + "name": "[oss-security] 20100820 Re: CVE request - kernel: jfs: don't allow os2 xattr namespace overlap with others", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/08/20/11" + }, + { + "name": "SUSE-SA:2010:040", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=aca0fa34bdaba39bfddddba8ca70dba4782e8fe6", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=aca0fa34bdaba39bfddddba8ca70dba4782e8fe6" + }, + { + "name": "SUSE-SA:2011:007", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" + }, + { + "name": "SUSE-SA:2010:060", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html" + }, + { + "name": "ADV-2011-0298", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0298" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.51", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.51" + }, + { + "name": "MDVSA-2011:051", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.2", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.2" + }, + { + "name": "42589", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42589" + }, + { + "name": "ADV-2011-0375", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0375" + }, + { + "name": "[oss-security] 20100820 CVE request - kernel: jfs: don't allow os2 xattr namespace overlap with others", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/08/20/1" + }, + { + "name": "SUSE-SA:2011:008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.10", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.10" + }, + { + "name": "43291", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43291" + }, + { + "name": "41321", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41321" + }, + { + "name": "SUSE-SA:2010:054", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3408.json b/2010/3xxx/CVE-2010-3408.json index 5701c6265b1..d1df9d90c66 100644 --- a/2010/3xxx/CVE-2010-3408.json +++ b/2010/3xxx/CVE-2010-3408.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3408", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-1823. Reason: This candidate is a duplicate of CVE-2010-1823. Notes: All CVE users should reference CVE-2010-1823 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-3408", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-1823. Reason: This candidate is a duplicate of CVE-2010-1823. Notes: All CVE users should reference CVE-2010-1823 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3568.json b/2010/3xxx/CVE-2010-3568.json index cdc9f220188..6db66c39b2f 100644 --- a/2010/3xxx/CVE-2010-3568.json +++ b/2010/3xxx/CVE-2010-3568.json @@ -1,232 +1,232 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3568", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a race condition related to deserialization." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-3568", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100114315", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100114315" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100114327", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100114327" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=639876", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=639876" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100123193", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100123193" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" - }, - { - "name" : "FEDORA-2010-16240", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html" - }, - { - "name" : "FEDORA-2010-16294", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html" - }, - { - "name" : "FEDORA-2010-16312", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBUX02608", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" - }, - { - "name" : "SSRT100333", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "RHSA-2010:0770", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0770.html" - }, - { - "name" : "RHSA-2010:0786", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0786.html" - }, - { - "name" : "RHSA-2010:0807", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0807.html" - }, - { - "name" : "RHSA-2010:0768", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0768.html" - }, - { - "name" : "RHSA-2010:0865", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0865.html" - }, - { - "name" : "RHSA-2010:0873", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0873.html" - }, - { - "name" : "RHSA-2010:0986", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0986.html" - }, - { - "name" : "RHSA-2010:0987", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0987.html" - }, - { - "name" : "RHSA-2011:0880", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0880.html" - }, - { - "name" : "SUSE-SA:2010:061", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html" - }, - { - "name" : "SUSE-SR:2010:019", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" - }, - { - "name" : "USN-1010-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1010-1" - }, - { - "name" : "44012", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44012" - }, - { - "name" : "oval:org.mitre.oval:def:12029", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12029" - }, - { - "name" : "oval:org.mitre.oval:def:12206", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12206" - }, - { - "name" : "41967", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41967" - }, - { - "name" : "41972", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41972" - }, - { - "name" : "42974", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42974" - }, - { - "name" : "44954", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44954" - }, - { - "name" : "ADV-2010-2745", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2745" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a race condition related to deserialization." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.avaya.com/css/P8/documents/100114327", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100114327" + }, + { + "name": "oval:org.mitre.oval:def:12029", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12029" + }, + { + "name": "RHSA-2010:0865", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100114315", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100114315" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "SUSE-SA:2010:061", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html" + }, + { + "name": "RHSA-2010:0770", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html" + }, + { + "name": "SSRT100333", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" + }, + { + "name": "RHSA-2010:0768", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html" + }, + { + "name": "FEDORA-2010-16240", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html" + }, + { + "name": "USN-1010-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1010-1" + }, + { + "name": "44012", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44012" + }, + { + "name": "RHSA-2010:0987", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html" + }, + { + "name": "RHSA-2010:0986", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html" + }, + { + "name": "44954", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44954" + }, + { + "name": "oval:org.mitre.oval:def:12206", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12206" + }, + { + "name": "RHSA-2011:0880", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html" + }, + { + "name": "RHSA-2010:0873", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=639876", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639876" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" + }, + { + "name": "42974", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42974" + }, + { + "name": "41972", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41972" + }, + { + "name": "HPSBUX02608", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100123193", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100123193" + }, + { + "name": "RHSA-2010:0786", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html" + }, + { + "name": "SUSE-SR:2010:019", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" + }, + { + "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" + }, + { + "name": "41967", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41967" + }, + { + "name": "RHSA-2010:0807", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html" + }, + { + "name": "FEDORA-2010-16312", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html" + }, + { + "name": "ADV-2010-2745", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2745" + }, + { + "name": "FEDORA-2010-16294", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3688.json b/2010/3xxx/CVE-2010-3688.json index 4488201ee22..9253129d49f 100644 --- a/2010/3xxx/CVE-2010-3688.json +++ b/2010/3xxx/CVE-2010-3688.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3688", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in ADMIN/login.php in NetArtMEDIA WebSiteAdmin allows remote emote attackers to include and execute arbitrary local files via directory traversal sequences in the lng parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3688", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels-team.blogspot.com/2010/09/netartmedia-real-estate-portal-v20-xss.html", - "refsource" : "MISC", - "url" : "http://pridels-team.blogspot.com/2010/09/netartmedia-real-estate-portal-v20-xss.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in ADMIN/login.php in NetArtMEDIA WebSiteAdmin allows remote emote attackers to include and execute arbitrary local files via directory traversal sequences in the lng parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pridels-team.blogspot.com/2010/09/netartmedia-real-estate-portal-v20-xss.html", + "refsource": "MISC", + "url": "http://pridels-team.blogspot.com/2010/09/netartmedia-real-estate-portal-v20-xss.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3947.json b/2010/3xxx/CVE-2010-3947.json index 1c9452ec522..3104db9e2a2 100644 --- a/2010/3xxx/CVE-2010-3947.json +++ b/2010/3xxx/CVE-2010-3947.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3947", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the TIFF image converter in the graphics filters in Microsoft Office XP SP3, Office Converter Pack, and Works 9 allows remote attackers to execute arbitrary code via a crafted TIFF image in an Office document, aka \"TIFF Image Converter Heap Overflow Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-3947", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-105", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-105" - }, - { - "name" : "TA10-348A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-348A.html" - }, - { - "name" : "oval:org.mitre.oval:def:11827", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11827" - }, - { - "name" : "1024887", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024887" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the TIFF image converter in the graphics filters in Microsoft Office XP SP3, Office Converter Pack, and Works 9 allows remote attackers to execute arbitrary code via a crafted TIFF image in an Office document, aka \"TIFF Image Converter Heap Overflow Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-348A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html" + }, + { + "name": "1024887", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024887" + }, + { + "name": "oval:org.mitre.oval:def:11827", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11827" + }, + { + "name": "MS10-105", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-105" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4067.json b/2010/4xxx/CVE-2010-4067.json index 25190fed6ff..a355823348b 100644 --- a/2010/4xxx/CVE-2010-4067.json +++ b/2010/4xxx/CVE-2010-4067.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4067", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4067", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4841.json b/2010/4xxx/CVE-2010-4841.json index b7c14ef50cc..efecc42abd7 100644 --- a/2010/4xxx/CVE-2010-4841.json +++ b/2010/4xxx/CVE-2010-4841.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4841", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine EventLog Analyzer 6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) HOST_ID, (2) OS, (3) GROUP, (4) exportFile, (5) load, (6) type, or (7) tab parameter to INDEX.do, the (8) reported parameter to INDEX2.do, the (9) gId parameter to hostlist.do, the (10) newWindow parameter to globalSettings.do, or the (11) STATUS parameter to enableHost.do." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4841", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.solutionary.com/index/SERT/Vuln-Disclosures/ManageEngine-XSS-vulnerabilities.html", - "refsource" : "MISC", - "url" : "http://www.solutionary.com/index/SERT/Vuln-Disclosures/ManageEngine-XSS-vulnerabilities.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine EventLog Analyzer 6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) HOST_ID, (2) OS, (3) GROUP, (4) exportFile, (5) load, (6) type, or (7) tab parameter to INDEX.do, the (8) reported parameter to INDEX2.do, the (9) gId parameter to hostlist.do, the (10) newWindow parameter to globalSettings.do, or the (11) STATUS parameter to enableHost.do." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.solutionary.com/index/SERT/Vuln-Disclosures/ManageEngine-XSS-vulnerabilities.html", + "refsource": "MISC", + "url": "http://www.solutionary.com/index/SERT/Vuln-Disclosures/ManageEngine-XSS-vulnerabilities.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1140.json b/2011/1xxx/CVE-2011-1140.json index 377360bb5cb..26205dd3080 100644 --- a/2011/1xxx/CVE-2011-1140.json +++ b/2011/1xxx/CVE-2011-1140.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1140", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack consumption vulnerabilities in the dissect_ms_compressed_string and dissect_mscldap_string functions in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allow remote attackers to cause a denial of service (infinite recursion) via a crafted (1) SMB or (2) Connection-less LDAP (CLDAP) packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1140", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://anonsvn.wireshark.org/viewvc?view=rev&revision=36029", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc?view=rev&revision=36029" - }, - { - "name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.2.15.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.2.15.html" - }, - { - "name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.4.4.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.4.4.html" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2011-03.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2011-03.html" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2011-04.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2011-04.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5717", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5717" - }, - { - "name" : "DSA-2201", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2201" - }, - { - "name" : "FEDORA-2011-2620", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055664.html" - }, - { - "name" : "FEDORA-2011-2632", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055650.html" - }, - { - "name" : "FEDORA-2011-2648", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055364.html" - }, - { - "name" : "MDVSA-2011:044", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:044" - }, - { - "name" : "RHSA-2011:0370", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0370.html" - }, - { - "name" : "RHSA-2011:0369", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0369.html" - }, - { - "name" : "openSUSE-SU-2011:0347", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/8086844" - }, - { - "name" : "VU#215900", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/215900" - }, - { - "name" : "oval:org.mitre.oval:def:14715", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14715" - }, - { - "name" : "1025148", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025148" - }, - { - "name" : "43821", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43821" - }, - { - "name" : "43795", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43795" - }, - { - "name" : "44169", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44169" - }, - { - "name" : "43759", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43759" - }, - { - "name" : "ADV-2011-0719", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0719" - }, - { - "name" : "ADV-2011-0622", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0622" - }, - { - "name" : "ADV-2011-0747", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0747" - }, - { - "name" : "ADV-2011-0626", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0626" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack consumption vulnerabilities in the dissect_ms_compressed_string and dissect_mscldap_string functions in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allow remote attackers to cause a denial of service (infinite recursion) via a crafted (1) SMB or (2) Connection-less LDAP (CLDAP) packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2011:0347", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/8086844" + }, + { + "name": "43759", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43759" + }, + { + "name": "FEDORA-2011-2648", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055364.html" + }, + { + "name": "FEDORA-2011-2620", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055664.html" + }, + { + "name": "http://www.wireshark.org/docs/relnotes/wireshark-1.2.15.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/docs/relnotes/wireshark-1.2.15.html" + }, + { + "name": "ADV-2011-0747", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0747" + }, + { + "name": "44169", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44169" + }, + { + "name": "ADV-2011-0626", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0626" + }, + { + "name": "43795", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43795" + }, + { + "name": "VU#215900", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/215900" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc?view=rev&revision=36029", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc?view=rev&revision=36029" + }, + { + "name": "oval:org.mitre.oval:def:14715", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14715" + }, + { + "name": "RHSA-2011:0370", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0370.html" + }, + { + "name": "ADV-2011-0719", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0719" + }, + { + "name": "http://www.wireshark.org/docs/relnotes/wireshark-1.4.4.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/docs/relnotes/wireshark-1.4.4.html" + }, + { + "name": "FEDORA-2011-2632", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055650.html" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2011-04.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2011-04.html" + }, + { + "name": "ADV-2011-0622", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0622" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2011-03.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2011-03.html" + }, + { + "name": "RHSA-2011:0369", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0369.html" + }, + { + "name": "MDVSA-2011:044", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:044" + }, + { + "name": "1025148", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025148" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5717", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5717" + }, + { + "name": "DSA-2201", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2201" + }, + { + "name": "43821", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43821" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1170.json b/2011/1xxx/CVE-2011-1170.json index e7cfef0e897..3d3d0f48d0f 100644 --- a/2011/1xxx/CVE-2011-1170.json +++ b/2011/1xxx/CVE-2011-1170.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1170", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1170", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[netfilter-devel] 20110310 [PATCH] ipv4: netfilter: arp_tables: fix infoleak to userspace", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=netfilter-devel&m=129978081009955&w=2" - }, - { - "name" : "[oss-security] 20110318 CVE request: kernel: netfilter & econet infoleaks", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/03/18/15" - }, - { - "name" : "[oss-security] 20110321 Re: CVE request: kernel: netfilter & econet infoleaks", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/03/21/4" - }, - { - "name" : "[oss-security] 20110321 Re: CVE request: kernel: netfilter & econet infoleaks", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/03/21/1" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=42eab94fff18cb1091d3501cd284d6bd6cc9c143", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=42eab94fff18cb1091d3501cd284d6bd6cc9c143" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=689321", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=689321" - }, - { - "name" : "http://downloads.avaya.com/css/P8/documents/100145416", - "refsource" : "CONFIRM", - "url" : "http://downloads.avaya.com/css/P8/documents/100145416" - }, - { - "name" : "RHSA-2011:0833", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2011-0833.html" - }, - { - "name" : "8278", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8278" - }, - { - "name" : "8282", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8282" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8282", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8282" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=689321", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=689321" + }, + { + "name": "[oss-security] 20110318 CVE request: kernel: netfilter & econet infoleaks", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/03/18/15" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=42eab94fff18cb1091d3501cd284d6bd6cc9c143", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=42eab94fff18cb1091d3501cd284d6bd6cc9c143" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39" + }, + { + "name": "RHSA-2011:0833", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2011-0833.html" + }, + { + "name": "[netfilter-devel] 20110310 [PATCH] ipv4: netfilter: arp_tables: fix infoleak to userspace", + "refsource": "MLIST", + "url": "http://marc.info/?l=netfilter-devel&m=129978081009955&w=2" + }, + { + "name": "http://downloads.avaya.com/css/P8/documents/100145416", + "refsource": "CONFIRM", + "url": "http://downloads.avaya.com/css/P8/documents/100145416" + }, + { + "name": "[oss-security] 20110321 Re: CVE request: kernel: netfilter & econet infoleaks", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/03/21/4" + }, + { + "name": "8278", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8278" + }, + { + "name": "[oss-security] 20110321 Re: CVE request: kernel: netfilter & econet infoleaks", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/03/21/1" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3383.json b/2014/3xxx/CVE-2014-3383.json index c74d4bc6a0b..f0f569bfb2f 100644 --- a/2014/3xxx/CVE-2014-3383.json +++ b/2014/3xxx/CVE-2014-3383.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3383", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IKE implementation in the VPN component in Cisco ASA Software 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via crafted UDP packets, aka Bug ID CSCul36176." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3383", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141008 Multiple Vulnerabilities in Cisco ASA Software", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa" - }, - { - "name" : "70302", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70302" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IKE implementation in the VPN component in Cisco ASA Software 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via crafted UDP packets, aka Bug ID CSCul36176." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70302", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70302" + }, + { + "name": "20141008 Multiple Vulnerabilities in Cisco ASA Software", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3790.json b/2014/3xxx/CVE-2014-3790.json index 8e0759cf6db..754a759c199 100644 --- a/2014/3xxx/CVE-2014-3790.json +++ b/2014/3xxx/CVE-2014-3790.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3790", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to execute arbitrary commands as root by escaping from a chroot jail." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3790", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-14-159/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-14-159/" - }, - { - "name" : "67756", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67756" - }, - { - "name" : "1030436", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030436" - }, - { - "name" : "58823", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58823" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to execute arbitrary commands as root by escaping from a chroot jail." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030436", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030436" + }, + { + "name": "58823", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58823" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-14-159/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-14-159/" + }, + { + "name": "67756", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67756" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3799.json b/2014/3xxx/CVE-2014-3799.json index cc8a51a8042..6745707b6f7 100644 --- a/2014/3xxx/CVE-2014-3799.json +++ b/2014/3xxx/CVE-2014-3799.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3799", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue within the scope of CVE. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-3799", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue within the scope of CVE. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3844.json b/2014/3xxx/CVE-2014-3844.json index be962f56eaa..3519af93c62 100644 --- a/2014/3xxx/CVE-2014-3844.json +++ b/2014/3xxx/CVE-2014-3844.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3844", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TinyMCE Color Picker plugin before 1.2 for WordPress does not properly check permissions, which allows remote attackers to modify plugin settings via unspecified vectors. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3844", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://wordpress.org/plugins/tinymce-colorpicker/changelog", - "refsource" : "MISC", - "url" : "http://wordpress.org/plugins/tinymce-colorpicker/changelog" - }, - { - "name" : "58095", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58095" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TinyMCE Color Picker plugin before 1.2 for WordPress does not properly check permissions, which allows remote attackers to modify plugin settings via unspecified vectors. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://wordpress.org/plugins/tinymce-colorpicker/changelog", + "refsource": "MISC", + "url": "http://wordpress.org/plugins/tinymce-colorpicker/changelog" + }, + { + "name": "58095", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58095" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7033.json b/2014/7xxx/CVE-2014-7033.json index 8fc9c2d21f7..be78b75364e 100644 --- a/2014/7xxx/CVE-2014-7033.json +++ b/2014/7xxx/CVE-2014-7033.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7033", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Cure Viewer (aka com.livedoor.android.cureviewer) application 1.03 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7033", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#829513", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/829513" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Cure Viewer (aka com.livedoor.android.cureviewer) application 1.03 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#829513", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/829513" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7326.json b/2014/7xxx/CVE-2014-7326.json index a09134723c2..f318d858f7a 100644 --- a/2014/7xxx/CVE-2014-7326.json +++ b/2014/7xxx/CVE-2014-7326.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7326", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ETA Mobile (aka com.en2grate.etamobile) application 1.6.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7326", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#554865", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/554865" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ETA Mobile (aka com.en2grate.etamobile) application 1.6.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#554865", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/554865" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7854.json b/2014/7xxx/CVE-2014-7854.json index d6ed4ff61bf..ef85bbc529a 100644 --- a/2014/7xxx/CVE-2014-7854.json +++ b/2014/7xxx/CVE-2014-7854.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7854", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7854", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8282.json b/2014/8xxx/CVE-2014-8282.json index 5e5962d7f60..4864a7aafcd 100644 --- a/2014/8xxx/CVE-2014-8282.json +++ b/2014/8xxx/CVE-2014-8282.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8282", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8282", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8396.json b/2014/8xxx/CVE-2014-8396.json index a67c1460688..a3594425133 100644 --- a/2014/8xxx/CVE-2014-8396.json +++ b/2014/8xxx/CVE-2014-8396.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8396", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Corel PDF Fusion allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse quserex.dll file that is located in the same folder as the file being processed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8396", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150112 Corel Software DLL Hijacking", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534452/100/0/threaded" - }, - { - "name" : "20150112 Corel Software DLL Hijacking", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jan/33" - }, - { - "name" : "http://www.coresecurity.com/advisories/corel-software-dll-hijacking", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/advisories/corel-software-dll-hijacking" - }, - { - "name" : "72007", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72007" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Corel PDF Fusion allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse quserex.dll file that is located in the same folder as the file being processed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "72007", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72007" + }, + { + "name": "20150112 Corel Software DLL Hijacking", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534452/100/0/threaded" + }, + { + "name": "http://www.coresecurity.com/advisories/corel-software-dll-hijacking", + "refsource": "MISC", + "url": "http://www.coresecurity.com/advisories/corel-software-dll-hijacking" + }, + { + "name": "20150112 Corel Software DLL Hijacking", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jan/33" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8686.json b/2014/8xxx/CVE-2014-8686.json index 1cc7f8307bd..c57f355d05f 100644 --- a/2014/8xxx/CVE-2014-8686.json +++ b/2014/8xxx/CVE-2014-8686.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8686", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8686", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/130609/Seagate-Business-NAS-Unauthenticated-Remote-Command-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130609/Seagate-Business-NAS-Unauthenticated-Remote-Command-Execution.html" - }, - { - "name" : "https://beyondbinary.io/articles/seagate-nas-rce/", - "refsource" : "MISC", - "url" : "https://beyondbinary.io/articles/seagate-nas-rce/" - }, - { - "name" : "https://www.dionach.com/blog/codeigniter-session-decoding-vulnerability", - "refsource" : "MISC", - "url" : "https://www.dionach.com/blog/codeigniter-session-decoding-vulnerability" - }, - { - "name" : "https://codeigniter.com/userguide2/changelog.html", - "refsource" : "CONFIRM", - "url" : "https://codeigniter.com/userguide2/changelog.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://beyondbinary.io/articles/seagate-nas-rce/", + "refsource": "MISC", + "url": "https://beyondbinary.io/articles/seagate-nas-rce/" + }, + { + "name": "http://packetstormsecurity.com/files/130609/Seagate-Business-NAS-Unauthenticated-Remote-Command-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130609/Seagate-Business-NAS-Unauthenticated-Remote-Command-Execution.html" + }, + { + "name": "https://www.dionach.com/blog/codeigniter-session-decoding-vulnerability", + "refsource": "MISC", + "url": "https://www.dionach.com/blog/codeigniter-session-decoding-vulnerability" + }, + { + "name": "https://codeigniter.com/userguide2/changelog.html", + "refsource": "CONFIRM", + "url": "https://codeigniter.com/userguide2/changelog.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9062.json b/2014/9xxx/CVE-2014-9062.json index 68f6060732c..02d06121a6f 100644 --- a/2014/9xxx/CVE-2014-9062.json +++ b/2014/9xxx/CVE-2014-9062.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9062", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9062", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9522.json b/2014/9xxx/CVE-2014-9522.json index 2840397fa20..3c1eecd4197 100644 --- a/2014/9xxx/CVE-2014-9522.json +++ b/2014/9xxx/CVE-2014-9522.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9522", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in CMS Papoo Light 6.0.0 (Rev 4701) allow remote attackers to inject arbitrary web script or HTML via the (1) author field to guestbook.php or (2) username field to account.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9522", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141215 Persistent XSS Vulnerability in CMS Papoo Light v6.0.0 Rev. 4701", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534243/100/0/threaded" - }, - { - "name" : "35551", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35551" - }, - { - "name" : "http://packetstormsecurity.com/files/129586/CMS-Papoo-6.0.0-Revision-4701-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129586/CMS-Papoo-6.0.0-Revision-4701-Cross-Site-Scripting.html" - }, - { - "name" : "http://sroesemann.blogspot.de/2014/12/bericht-zu-advisory-sroeadv-2014-01.html", - "refsource" : "MISC", - "url" : "http://sroesemann.blogspot.de/2014/12/bericht-zu-advisory-sroeadv-2014-01.html" - }, - { - "name" : "71676", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71676" - }, - { - "name" : "115944", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/115944" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in CMS Papoo Light 6.0.0 (Rev 4701) allow remote attackers to inject arbitrary web script or HTML via the (1) author field to guestbook.php or (2) username field to account.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "115944", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/115944" + }, + { + "name": "http://packetstormsecurity.com/files/129586/CMS-Papoo-6.0.0-Revision-4701-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129586/CMS-Papoo-6.0.0-Revision-4701-Cross-Site-Scripting.html" + }, + { + "name": "http://sroesemann.blogspot.de/2014/12/bericht-zu-advisory-sroeadv-2014-01.html", + "refsource": "MISC", + "url": "http://sroesemann.blogspot.de/2014/12/bericht-zu-advisory-sroeadv-2014-01.html" + }, + { + "name": "20141215 Persistent XSS Vulnerability in CMS Papoo Light v6.0.0 Rev. 4701", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534243/100/0/threaded" + }, + { + "name": "35551", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35551" + }, + { + "name": "71676", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71676" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2007.json b/2016/2xxx/CVE-2016-2007.json index 5620de5b212..e43158b0ee5 100644 --- a/2016/2xxx/CVE-2016-2007.json +++ b/2016/2xxx/CVE-2016-2007.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2007", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3354." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2007", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-247", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-247" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988" - }, - { - "name" : "1035631", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035631" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3354." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-247", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-247" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988" + }, + { + "name": "1035631", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035631" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2146.json b/2016/2xxx/CVE-2016-2146.json index 5736202145c..c4bf6bf9370 100644 --- a/2016/2xxx/CVE-2016-2146.json +++ b/2016/2xxx/CVE-2016-2146.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-2146", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The am_read_post_data function in mod_auth_mellon before 0.11.1 does not limit the amount of data read, which allows remote attackers to cause a denial of service (worker process crash, web server deadlock, or memory consumption) via a large amount of POST data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-2146", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[modmellon] 20160309 security update: mod_auth_mellon version 0.11.1", - "refsource" : "MLIST", - "url" : "https://sympa.uninett.no/lists/uninett.no/arc/modmellon/2016-03/msg00000.html" - }, - { - "name" : "https://github.com/UNINETT/mod_auth_mellon/pull/71", - "refsource" : "CONFIRM", - "url" : "https://github.com/UNINETT/mod_auth_mellon/pull/71" - }, - { - "name" : "FEDORA-2016-5cf6959198", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179085.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The am_read_post_data function in mod_auth_mellon before 0.11.1 does not limit the amount of data read, which allows remote attackers to cause a denial of service (worker process crash, web server deadlock, or memory consumption) via a large amount of POST data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[modmellon] 20160309 security update: mod_auth_mellon version 0.11.1", + "refsource": "MLIST", + "url": "https://sympa.uninett.no/lists/uninett.no/arc/modmellon/2016-03/msg00000.html" + }, + { + "name": "https://github.com/UNINETT/mod_auth_mellon/pull/71", + "refsource": "CONFIRM", + "url": "https://github.com/UNINETT/mod_auth_mellon/pull/71" + }, + { + "name": "FEDORA-2016-5cf6959198", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179085.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2177.json b/2016/2xxx/CVE-2016-2177.json index 67a77aa2c2a..bb7fcff6b6a 100644 --- a/2016/2xxx/CVE-2016-2177.json +++ b/2016/2xxx/CVE-2016-2177.json @@ -1,242 +1,242 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-2177", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-2177", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1341705", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1341705" - }, - { - "name" : "https://git.openssl.org/?p=openssl.git;a=commit;h=a004e72b95835136d3f1ea90517f706c24c03da7", - "refsource" : "CONFIRM", - "url" : "https://git.openssl.org/?p=openssl.git;a=commit;h=a004e72b95835136d3f1ea90517f706c24c03da7" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" - }, - { - "name" : "http://www.splunk.com/view/SP-CAAAPSV", - "refsource" : "CONFIRM", - "url" : "http://www.splunk.com/view/SP-CAAAPSV" - }, - { - "name" : "http://www.splunk.com/view/SP-CAAAPUE", - "refsource" : "CONFIRM", - "url" : "http://www.splunk.com/view/SP-CAAAPUE" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" - }, - { - "name" : "https://bto.bluecoat.com/security-advisory/sa132", - "refsource" : "CONFIRM", - "url" : "https://bto.bluecoat.com/security-advisory/sa132" - }, - { - "name" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", - "refsource" : "CONFIRM", - "url" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10165", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10165" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" - }, - { - "name" : "https://www.tenable.com/security/tns-2016-16", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2016-16" - }, - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03763en_us", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03763en_us" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "https://www.tenable.com/security/tns-2016-20", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2016-20" - }, - { - "name" : "https://www.tenable.com/security/tns-2016-21", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2016-21" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager", - "refsource" : "CONFIRM", - "url" : "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager" - }, - { - "name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/", - "refsource" : "CONFIRM", - "url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/" - }, - { - "name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/", - "refsource" : "CONFIRM", - "url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us" - }, - { - "name" : "FreeBSD-SA-16:26", - "refsource" : "FREEBSD", - "url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc" - }, - { - "name" : "GLSA-201612-16", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-16" - }, - { - "name" : "RHSA-2016:1940", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1940.html" - }, - { - "name" : "RHSA-2016:2957", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2957.html" - }, - { - "name" : "RHSA-2017:0193", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0193" - }, - { - "name" : "RHSA-2017:0194", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0194" - }, - { - "name" : "RHSA-2017:1658", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1658" - }, - { - "name" : "RHSA-2017:1659", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-1659.html" - }, - { - "name" : "91319", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91319" - }, - { - "name" : "1036088", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036088" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tenable.com/security/tns-2016-20", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-20" + }, + { + "name": "http://www.splunk.com/view/SP-CAAAPUE", + "refsource": "CONFIRM", + "url": "http://www.splunk.com/view/SP-CAAAPUE" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "RHSA-2017:1659", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html" + }, + { + "name": "RHSA-2017:1658", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1658" + }, + { + "name": "RHSA-2016:1940", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html" + }, + { + "name": "1036088", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036088" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" + }, + { + "name": "GLSA-201612-16", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-16" + }, + { + "name": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager", + "refsource": "CONFIRM", + "url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager" + }, + { + "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", + "refsource": "CONFIRM", + "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us" + }, + { + "name": "http://www.splunk.com/view/SP-CAAAPSV", + "refsource": "CONFIRM", + "url": "http://www.splunk.com/view/SP-CAAAPSV" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + }, + { + "name": "https://www.tenable.com/security/tns-2016-16", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-16" + }, + { + "name": "https://git.openssl.org/?p=openssl.git;a=commit;h=a004e72b95835136d3f1ea90517f706c24c03da7", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=a004e72b95835136d3f1ea90517f706c24c03da7" + }, + { + "name": "https://www.tenable.com/security/tns-2016-21", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-21" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + }, + { + "name": "RHSA-2017:0194", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0194" + }, + { + "name": "RHSA-2017:0193", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0193" + }, + { + "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/", + "refsource": "CONFIRM", + "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" + }, + { + "name": "RHSA-2016:2957", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html" + }, + { + "name": "https://bto.bluecoat.com/security-advisory/sa132", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa132" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1341705", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341705" + }, + { + "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/", + "refsource": "CONFIRM", + "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/" + }, + { + "name": "91319", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91319" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + }, + { + "name": "FreeBSD-SA-16:26", + "refsource": "FREEBSD", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc" + }, + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03763en_us", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03763en_us" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10165", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10165" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2510.json b/2016/2xxx/CVE-2016-2510.json index 90216b362d9..b8462d29a06 100644 --- a/2016/2xxx/CVE-2016-2510.json +++ b/2016/2xxx/CVE-2016-2510.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2510", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/frohoff/ysoserial/pull/13", - "refsource" : "MISC", - "url" : "https://github.com/frohoff/ysoserial/pull/13" - }, - { - "name" : "https://www.rsaconference.com/writable/presentations/file_upload/asd-f03-serial-killer-silently-pwning-your-java-endpoints.pdf", - "refsource" : "MISC", - "url" : "https://www.rsaconference.com/writable/presentations/file_upload/asd-f03-serial-killer-silently-pwning-your-java-endpoints.pdf" - }, - { - "name" : "https://github.com/beanshell/beanshell/commit/1ccc66bb693d4e46a34a904db8eeff07808d2ced", - "refsource" : "CONFIRM", - "url" : "https://github.com/beanshell/beanshell/commit/1ccc66bb693d4e46a34a904db8eeff07808d2ced" - }, - { - "name" : "https://github.com/beanshell/beanshell/commit/7c68fde2d6fc65e362f20863d868c112a90a9b49", - "refsource" : "CONFIRM", - "url" : "https://github.com/beanshell/beanshell/commit/7c68fde2d6fc65e362f20863d868c112a90a9b49" - }, - { - "name" : "https://github.com/beanshell/beanshell/releases/tag/2.0b6", - "refsource" : "CONFIRM", - "url" : "https://github.com/beanshell/beanshell/releases/tag/2.0b6" - }, - { - "name" : "DSA-3504", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3504" - }, - { - "name" : "GLSA-201607-17", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201607-17" - }, - { - "name" : "RHSA-2016:0539", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0539.html" - }, - { - "name" : "RHSA-2016:0540", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0540.html" - }, - { - "name" : "RHSA-2016:1135", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1135" - }, - { - "name" : "RHSA-2016:1376", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1376" - }, - { - "name" : "RHSA-2016:2035", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2035.html" - }, - { - "name" : "openSUSE-SU-2016:0788", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00056.html" - }, - { - "name" : "openSUSE-SU-2016:0833", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00078.html" - }, - { - "name" : "USN-2923-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2923-1" - }, - { - "name" : "84139", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84139" - }, - { - "name" : "1035440", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035440" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2016:2035", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2035.html" + }, + { + "name": "https://github.com/frohoff/ysoserial/pull/13", + "refsource": "MISC", + "url": "https://github.com/frohoff/ysoserial/pull/13" + }, + { + "name": "84139", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84139" + }, + { + "name": "RHSA-2016:1135", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1135" + }, + { + "name": "RHSA-2016:0540", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0540.html" + }, + { + "name": "RHSA-2016:1376", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1376" + }, + { + "name": "openSUSE-SU-2016:0788", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00056.html" + }, + { + "name": "RHSA-2016:0539", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0539.html" + }, + { + "name": "DSA-3504", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3504" + }, + { + "name": "1035440", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035440" + }, + { + "name": "openSUSE-SU-2016:0833", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00078.html" + }, + { + "name": "https://github.com/beanshell/beanshell/commit/7c68fde2d6fc65e362f20863d868c112a90a9b49", + "refsource": "CONFIRM", + "url": "https://github.com/beanshell/beanshell/commit/7c68fde2d6fc65e362f20863d868c112a90a9b49" + }, + { + "name": "USN-2923-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2923-1" + }, + { + "name": "https://github.com/beanshell/beanshell/commit/1ccc66bb693d4e46a34a904db8eeff07808d2ced", + "refsource": "CONFIRM", + "url": "https://github.com/beanshell/beanshell/commit/1ccc66bb693d4e46a34a904db8eeff07808d2ced" + }, + { + "name": "GLSA-201607-17", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201607-17" + }, + { + "name": "https://github.com/beanshell/beanshell/releases/tag/2.0b6", + "refsource": "CONFIRM", + "url": "https://github.com/beanshell/beanshell/releases/tag/2.0b6" + }, + { + "name": "https://www.rsaconference.com/writable/presentations/file_upload/asd-f03-serial-killer-silently-pwning-your-java-endpoints.pdf", + "refsource": "MISC", + "url": "https://www.rsaconference.com/writable/presentations/file_upload/asd-f03-serial-killer-silently-pwning-your-java-endpoints.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2607.json b/2016/2xxx/CVE-2016-2607.json index b59a6807120..35a0b4431ad 100644 --- a/2016/2xxx/CVE-2016-2607.json +++ b/2016/2xxx/CVE-2016-2607.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2607", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2607", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6031.json b/2016/6xxx/CVE-2016-6031.json index 58837f82554..5c7886231f2 100644 --- a/2016/6xxx/CVE-2016-6031.json +++ b/2016/6xxx/CVE-2016-6031.json @@ -1,115 +1,115 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-6031", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Collaborative Lifecycle Management", - "version" : { - "version_data" : [ - { - "version_value" : "3.0.1" - }, - { - "version_value" : "4.0" - }, - { - "version_value" : "3.0.1.6" - }, - { - "version_value" : "4.0.1" - }, - { - "version_value" : "4.0.2" - }, - { - "version_value" : "4.0.3" - }, - { - "version_value" : "4.0.4" - }, - { - "version_value" : "4.0.5" - }, - { - "version_value" : "4.0.6" - }, - { - "version_value" : "5.0" - }, - { - "version_value" : "4.0.7" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational Quality Manager 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000784." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-6031", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Collaborative Lifecycle Management", + "version": { + "version_data": [ + { + "version_value": "3.0.1" + }, + { + "version_value": "4.0" + }, + { + "version_value": "3.0.1.6" + }, + { + "version_value": "4.0.1" + }, + { + "version_value": "4.0.2" + }, + { + "version_value": "4.0.3" + }, + { + "version_value": "4.0.4" + }, + { + "version_value": "4.0.5" + }, + { + "version_value": "4.0.6" + }, + { + "version_value": "5.0" + }, + { + "version_value": "4.0.7" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=swg22000784", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=swg22000784" - }, - { - "name" : "97169", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97169" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational Quality Manager 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000784." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/docview.wss?uid=swg22000784", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=swg22000784" + }, + { + "name": "97169", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97169" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6183.json b/2016/6xxx/CVE-2016-6183.json index 456abee8885..66008313404 100644 --- a/2016/6xxx/CVE-2016-6183.json +++ b/2016/6xxx/CVE-2016-6183.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6183", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6180, CVE-2016-6181, CVE-2016-6182, and CVE-2016-6184." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6183", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160716-01-smartphone-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160716-01-smartphone-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6180, CVE-2016-6181, CVE-2016-6182, and CVE-2016-6184." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160716-01-smartphone-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160716-01-smartphone-en" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6618.json b/2016/6xxx/CVE-2016-6618.json index 774f92c0d45..d628871b343 100644 --- a/2016/6xxx/CVE-2016-6618.json +++ b/2016/6xxx/CVE-2016-6618.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6618", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in phpMyAdmin. The transformation feature allows a user to trigger a denial-of-service (DoS) attack against the server. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6618", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180706 [SECURITY] [DLA 1415-1] phpmyadmin security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html" - }, - { - "name" : "https://www.phpmyadmin.net/security/PMASA-2016-41", - "refsource" : "CONFIRM", - "url" : "https://www.phpmyadmin.net/security/PMASA-2016-41" - }, - { - "name" : "GLSA-201701-32", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-32" - }, - { - "name" : "95047", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95047" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in phpMyAdmin. The transformation feature allows a user to trigger a denial-of-service (DoS) attack against the server. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.phpmyadmin.net/security/PMASA-2016-41", + "refsource": "CONFIRM", + "url": "https://www.phpmyadmin.net/security/PMASA-2016-41" + }, + { + "name": "[debian-lts-announce] 20180706 [SECURITY] [DLA 1415-1] phpmyadmin security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html" + }, + { + "name": "GLSA-201701-32", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-32" + }, + { + "name": "95047", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95047" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7137.json b/2016/7xxx/CVE-2016-7137.json index 9be4144192f..3b3b87ca06b 100644 --- a/2016/7xxx/CVE-2016-7137.json +++ b/2016/7xxx/CVE-2016-7137.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7137", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter to (1) %2b%2bgroupdashboard%2b%2bplone.dashboard1%2bgroup/%2b/portlets.Actions or (2) folder/%2b%2bcontextportlets%2b%2bplone.footerportlets/%2b /portlets.Actions or the (3) came_from parameter to /login_form." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7137", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20161012 Multiple Vulnerabilities in Plone CMS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/539572/100/0/threaded" - }, - { - "name" : "20161019 Multiple Vulnerabilities in Plone CMS", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Oct/80" - }, - { - "name" : "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/05/4" - }, - { - "name" : "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/05/5" - }, - { - "name" : "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html" - }, - { - "name" : "https://plone.org/security/hotfix/20160830/open-redirection-in-plone", - "refsource" : "CONFIRM", - "url" : "https://plone.org/security/hotfix/20160830/open-redirection-in-plone" - }, - { - "name" : "92752", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92752" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter to (1) %2b%2bgroupdashboard%2b%2bplone.dashboard1%2bgroup/%2b/portlets.Actions or (2) folder/%2b%2bcontextportlets%2b%2bplone.footerportlets/%2b /portlets.Actions or the (3) came_from parameter to /login_form." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html" + }, + { + "name": "20161019 Multiple Vulnerabilities in Plone CMS", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Oct/80" + }, + { + "name": "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/05/4" + }, + { + "name": "https://plone.org/security/hotfix/20160830/open-redirection-in-plone", + "refsource": "CONFIRM", + "url": "https://plone.org/security/hotfix/20160830/open-redirection-in-plone" + }, + { + "name": "[oss-security] 20160905 Re: CVE request: Plone multiple vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/05/5" + }, + { + "name": "20161012 Multiple Vulnerabilities in Plone CMS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/539572/100/0/threaded" + }, + { + "name": "92752", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92752" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7181.json b/2016/7xxx/CVE-2016-7181.json index 10bf412e1c3..8b3932951da 100644 --- a/2016/7xxx/CVE-2016-7181.json +++ b/2016/7xxx/CVE-2016-7181.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2016-7181", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Microsoft Edge Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-7181", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-145", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-145" - }, - { - "name" : "94735", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94735" - }, - { - "name" : "1037444", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037444" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Microsoft Edge Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037444", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037444" + }, + { + "name": "94735", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94735" + }, + { + "name": "MS16-145", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-145" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7564.json b/2016/7xxx/CVE-2016-7564.json index d879eb61b3c..1d2cd946bbd 100644 --- a/2016/7xxx/CVE-2016-7564.json +++ b/2016/7xxx/CVE-2016-7564.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7564", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the Fp_toString function in jsfunction.c in Artifex Software MuJS allows attackers to cause a denial of service (crash) via crafted input." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160921 Re: CVE request - mujs Heap-Buffer-Overflow write and OOB Read", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/21/5" - }, - { - "name" : "[oss-security] 20160928 Re: CVE request - mujs Heap-Buffer-Overflow write and OOB Read", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/28/11" - }, - { - "name" : "https://bugs.ghostscript.com/show_bug.cgi?id=697137", - "refsource" : "CONFIRM", - "url" : "https://bugs.ghostscript.com/show_bug.cgi?id=697137" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the Fp_toString function in jsfunction.c in Artifex Software MuJS allows attackers to cause a denial of service (crash) via crafted input." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.ghostscript.com/show_bug.cgi?id=697137", + "refsource": "CONFIRM", + "url": "https://bugs.ghostscript.com/show_bug.cgi?id=697137" + }, + { + "name": "[oss-security] 20160928 Re: CVE request - mujs Heap-Buffer-Overflow write and OOB Read", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/28/11" + }, + { + "name": "[oss-security] 20160921 Re: CVE request - mujs Heap-Buffer-Overflow write and OOB Read", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/21/5" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5119.json b/2017/5xxx/CVE-2017-5119.json index ea5c7ab4b56..9e5ce5183e5 100644 --- a/2017/5xxx/CVE-2017-5119.json +++ b/2017/5xxx/CVE-2017-5119.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5119", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 61.0.3163.79 for Mac, Windows and Linux, and 61.0.3163.81 for Android", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 61.0.3163.79 for Mac, Windows and Linux, and 61.0.3163.81 for Android" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Uninitialized Use" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5119", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 61.0.3163.79 for Mac, Windows and Linux, and 61.0.3163.81 for Android", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 61.0.3163.79 for Mac, Windows and Linux, and 61.0.3163.81 for Android" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html", - "refsource" : "MISC", - "url" : "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/725127", - "refsource" : "MISC", - "url" : "https://crbug.com/725127" - }, - { - "name" : "DSA-3985", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3985" - }, - { - "name" : "GLSA-201709-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-15" - }, - { - "name" : "RHSA-2017:2676", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2676" - }, - { - "name" : "100610", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100610" - }, - { - "name" : "1039291", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039291" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Uninitialized Use" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201709-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-15" + }, + { + "name": "RHSA-2017:2676", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2676" + }, + { + "name": "https://crbug.com/725127", + "refsource": "MISC", + "url": "https://crbug.com/725127" + }, + { + "name": "1039291", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039291" + }, + { + "name": "100610", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100610" + }, + { + "name": "DSA-3985", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3985" + }, + { + "name": "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "url": "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5295.json b/2017/5xxx/CVE-2017-5295.json index 3578e5c0dd2..ae9b8ef6d7d 100644 --- a/2017/5xxx/CVE-2017-5295.json +++ b/2017/5xxx/CVE-2017-5295.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5295", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5295", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file