diff --git a/2007/2xxx/CVE-2007-2368.json b/2007/2xxx/CVE-2007-2368.json index 684e175a450..cb0d8a64bcb 100644 --- a/2007/2xxx/CVE-2007-2368.json +++ b/2007/2xxx/CVE-2007-2368.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2368", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "picture.php in WebSPELL 4.01.02 and earlier allows remote attackers to read arbitrary files via the file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2368", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3673", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3673" - }, - { - "name" : "ADV-2007-1274", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1274" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "picture.php in WebSPELL 4.01.02 and earlier allows remote attackers to read arbitrary files via the file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-1274", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1274" + }, + { + "name": "3673", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3673" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3177.json b/2007/3xxx/CVE-2007-3177.json index 4f850e1b64a..67d7c7ec9da 100644 --- a/2007/3xxx/CVE-2007-3177.json +++ b/2007/3xxx/CVE-2007-3177.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3177", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ingate Firewall and SIParator before 4.5.2 allow remote attackers to bypass SIP authentication via a certain maddr parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3177", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ingate.com/relnote-452.php", - "refsource" : "CONFIRM", - "url" : "http://www.ingate.com/relnote-452.php" - }, - { - "name" : "ADV-2007-1973", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1973" - }, - { - "name" : "36708", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36708" - }, - { - "name" : "25420", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25420" - }, - { - "name" : "ingate-maddr-authentication-bypass(34887)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34887" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ingate Firewall and SIParator before 4.5.2 allow remote attackers to bypass SIP authentication via a certain maddr parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ingate-maddr-authentication-bypass(34887)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34887" + }, + { + "name": "http://www.ingate.com/relnote-452.php", + "refsource": "CONFIRM", + "url": "http://www.ingate.com/relnote-452.php" + }, + { + "name": "25420", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25420" + }, + { + "name": "ADV-2007-1973", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1973" + }, + { + "name": "36708", + "refsource": "OSVDB", + "url": "http://osvdb.org/36708" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3586.json b/2007/3xxx/CVE-2007-3586.json index 2c5a9998578..53629b7ee48 100644 --- a/2007/3xxx/CVE-2007-3586.json +++ b/2007/3xxx/CVE-2007-3586.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3586", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple direct static code injection vulnerabilities in MyCMS 0.9.8 and earlier allow remote attackers to inject arbitrary PHP code into (1) a _score.txt file via the score parameter, or (2) a _setby.txt file via a login cookie, which is then included by games.php. NOTE: programs that use games.php might include (a) snakep.php, (b) tetrisp.php, and possibly other site-specific files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3586", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4144", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4144" - }, - { - "name" : "24757", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24757" - }, - { - "name" : "45778", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45778" - }, - { - "name" : "mycms-settings-games-command-execution(35254)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35254" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple direct static code injection vulnerabilities in MyCMS 0.9.8 and earlier allow remote attackers to inject arbitrary PHP code into (1) a _score.txt file via the score parameter, or (2) a _setby.txt file via a login cookie, which is then included by games.php. NOTE: programs that use games.php might include (a) snakep.php, (b) tetrisp.php, and possibly other site-specific files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mycms-settings-games-command-execution(35254)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35254" + }, + { + "name": "45778", + "refsource": "OSVDB", + "url": "http://osvdb.org/45778" + }, + { + "name": "4144", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4144" + }, + { + "name": "24757", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24757" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3690.json b/2007/3xxx/CVE-2007-3690.json index 0b50f318efb..221017dc4b3 100644 --- a/2007/3xxx/CVE-2007-3690.json +++ b/2007/3xxx/CVE-2007-3690.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3690", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3690", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/152806", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/152806" - }, - { - "name" : "http://drupal.org/node/158022", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/158022" - }, - { - "name" : "http://drupal.org/node/158025", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/158025" - }, - { - "name" : "24862", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24862" - }, - { - "name" : "ADV-2007-2469", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2469" - }, - { - "name" : "37896", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37896" - }, - { - "name" : "25999", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25999" - }, - { - "name" : "forward-url-security-bypass(35318)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "forward-url-security-bypass(35318)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35318" + }, + { + "name": "25999", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25999" + }, + { + "name": "ADV-2007-2469", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2469" + }, + { + "name": "24862", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24862" + }, + { + "name": "http://drupal.org/node/152806", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/152806" + }, + { + "name": "http://drupal.org/node/158022", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/158022" + }, + { + "name": "http://drupal.org/node/158025", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/158025" + }, + { + "name": "37896", + "refsource": "OSVDB", + "url": "http://osvdb.org/37896" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3910.json b/2007/3xxx/CVE-2007-3910.json index 0fb0be23d33..69688499bb4 100644 --- a/2007/3xxx/CVE-2007-3910.json +++ b/2007/3xxx/CVE-2007-3910.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3910", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Bandersnatch 0.4 allows remote attackers to inject arbitrary JavaScript via a Jabber resource name and possibly other data items, which are stored in conversation logs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3910", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.portcullis-security.com/182.php", - "refsource" : "MISC", - "url" : "http://www.portcullis-security.com/182.php" - }, - { - "name" : "http://www.portcullis-security.com/uplds/advisories/Bandersnatch%20-%2007-004.txt", - "refsource" : "MISC", - "url" : "http://www.portcullis-security.com/uplds/advisories/Bandersnatch%20-%2007-004.txt" - }, - { - "name" : "25094", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25094" - }, - { - "name" : "38269", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/38269" - }, - { - "name" : "26202", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26202" - }, - { - "name" : "bandersnatch-resourcename-xss(35407)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35407" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Bandersnatch 0.4 allows remote attackers to inject arbitrary JavaScript via a Jabber resource name and possibly other data items, which are stored in conversation logs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "bandersnatch-resourcename-xss(35407)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35407" + }, + { + "name": "http://www.portcullis-security.com/182.php", + "refsource": "MISC", + "url": "http://www.portcullis-security.com/182.php" + }, + { + "name": "26202", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26202" + }, + { + "name": "38269", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/38269" + }, + { + "name": "25094", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25094" + }, + { + "name": "http://www.portcullis-security.com/uplds/advisories/Bandersnatch%20-%2007-004.txt", + "refsource": "MISC", + "url": "http://www.portcullis-security.com/uplds/advisories/Bandersnatch%20-%2007-004.txt" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6058.json b/2007/6xxx/CVE-2007-6058.json index 9413f212c2f..e84287379ac 100644 --- a/2007/6xxx/CVE-2007-6058.json +++ b/2007/6xxx/CVE-2007-6058.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6058", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in index.php in ProfileCMS 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) codes action in the profile-codes module, (2) videos action in the video-codes module, or (3) games action in the arcade-games module." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6058", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071118 [ECHO_ADV_84$2007] ProfileCMS <= 1.0 Remote SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/483889/100/0/threaded" - }, - { - "name" : "4627", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4627" - }, - { - "name" : "http://advisories.echo.or.id/adv/adv84-K-159-2007.txt", - "refsource" : "MISC", - "url" : "http://advisories.echo.or.id/adv/adv84-K-159-2007.txt" - }, - { - "name" : "26490", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26490" - }, - { - "name" : "ADV-2007-3908", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3908" - }, - { - "name" : "27730", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27730" - }, - { - "name" : "profilecms-id-sql-injection(38538)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38538" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in index.php in ProfileCMS 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) codes action in the profile-codes module, (2) videos action in the video-codes module, or (3) games action in the arcade-games module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4627", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4627" + }, + { + "name": "http://advisories.echo.or.id/adv/adv84-K-159-2007.txt", + "refsource": "MISC", + "url": "http://advisories.echo.or.id/adv/adv84-K-159-2007.txt" + }, + { + "name": "ADV-2007-3908", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3908" + }, + { + "name": "27730", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27730" + }, + { + "name": "26490", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26490" + }, + { + "name": "profilecms-id-sql-injection(38538)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38538" + }, + { + "name": "20071118 [ECHO_ADV_84$2007] ProfileCMS <= 1.0 Remote SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/483889/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6232.json b/2007/6xxx/CVE-2007-6232.json index f2289b97c20..5840420714b 100644 --- a/2007/6xxx/CVE-2007-6232.json +++ b/2007/6xxx/CVE-2007-6232.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6232", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6232", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4681", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4681" - }, - { - "name" : "27875", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27875" - }, - { - "name" : "ftp-admin-index-xss(38780)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38780" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ftp-admin-index-xss(38780)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38780" + }, + { + "name": "4681", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4681" + }, + { + "name": "27875", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27875" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6715.json b/2007/6xxx/CVE-2007-6715.json index 73d0ebeec7d..bc52256ae67 100644 --- a/2007/6xxx/CVE-2007-6715.json +++ b/2007/6xxx/CVE-2007-6715.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6715", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox allows remote attackers to cause a denial of service (crash) via crafted image, as demonstrated by the zzuf lol-firefox.gif test case." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6715", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hboeck.de/archives/578-How-long-does-it-take-to-fix-a-crash-bug.html", - "refsource" : "MISC", - "url" : "http://hboeck.de/archives/578-How-long-does-it-take-to-fix-a-crash-bug.html" - }, - { - "name" : "http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities", - "refsource" : "MISC", - "url" : "http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities" - }, - { - "name" : "http://sam.zoy.org/zzuf/", - "refsource" : "MISC", - "url" : "http://sam.zoy.org/zzuf/" - }, - { - "name" : "27243", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27243" - }, - { - "name" : "44727", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/44727" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox allows remote attackers to cause a denial of service (crash) via crafted image, as demonstrated by the zzuf lol-firefox.gif test case." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44727", + "refsource": "OSVDB", + "url": "http://osvdb.org/44727" + }, + { + "name": "http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities", + "refsource": "MISC", + "url": "http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities" + }, + { + "name": "http://sam.zoy.org/zzuf/", + "refsource": "MISC", + "url": "http://sam.zoy.org/zzuf/" + }, + { + "name": "27243", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27243" + }, + { + "name": "http://hboeck.de/archives/578-How-long-does-it-take-to-fix-a-crash-bug.html", + "refsource": "MISC", + "url": "http://hboeck.de/archives/578-How-long-does-it-take-to-fix-a-crash-bug.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0321.json b/2010/0xxx/CVE-2010-0321.json index 4327e74e759..552340925c5 100644 --- a/2010/0xxx/CVE-2010-0321.json +++ b/2010/0xxx/CVE-2010-0321.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0321", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in jobs/index.php in Jamit Job Board 3.0 allows remote attackers to inject arbitrary web script or HTML via the post_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0321", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1001-exploits/jamitjobboard-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1001-exploits/jamitjobboard-xss.txt" - }, - { - "name" : "11073", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11073" - }, - { - "name" : "37701", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37701" - }, - { - "name" : "32797", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32797" - }, - { - "name" : "jamit-jobboard-index-xss(55500)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55500" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in jobs/index.php in Jamit Job Board 3.0 allows remote attackers to inject arbitrary web script or HTML via the post_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11073", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11073" + }, + { + "name": "37701", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37701" + }, + { + "name": "32797", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32797" + }, + { + "name": "http://packetstormsecurity.org/1001-exploits/jamitjobboard-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1001-exploits/jamitjobboard-xss.txt" + }, + { + "name": "jamit-jobboard-index-xss(55500)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55500" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0501.json b/2010/0xxx/CVE-2010-0501.json index ce0528f28b8..e1df8cb029e 100644 --- a/2010/0xxx/CVE-2010-0501.json +++ b/2010/0xxx/CVE-2010-0501.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0501", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in FTP Server in Apple Mac OS X Server before 10.6.3 allows remote authenticated users to read arbitrary files via crafted filenames." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-0501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4077", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4077" - }, - { - "name" : "APPLE-SA-2010-03-29-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in FTP Server in Apple Mac OS X Server before 10.6.3 allows remote authenticated users to read arbitrary files via crafted filenames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2010-03-29-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" + }, + { + "name": "http://support.apple.com/kb/HT4077", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4077" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0832.json b/2010/0xxx/CVE-2010-0832.json index 95370cfbdad..78251b4dd94 100644 --- a/2010/0xxx/CVE-2010-0832.json +++ b/2010/0xxx/CVE-2010-0832.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0832", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to \"user file stamps\" and the motd.legal-notice file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2010-0832", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14273", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14273" - }, - { - "name" : "http://twitter.com/jonoberheide/statuses/18009527979", - "refsource" : "MISC", - "url" : "http://twitter.com/jonoberheide/statuses/18009527979" - }, - { - "name" : "http://www.h-online.com/security/news/item/Ubuntu-closes-root-hole-1034618.html", - "refsource" : "MISC", - "url" : "http://www.h-online.com/security/news/item/Ubuntu-closes-root-hole-1034618.html" - }, - { - "name" : "USN-959-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-959-1" - }, - { - "name" : "41465", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41465" - }, - { - "name" : "66116", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/66116" - }, - { - "name" : "40512", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40512" - }, - { - "name" : "ADV-2010-1747", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1747" - }, - { - "name" : "pammotd-motdlegalnotice-priv-escalation(60194)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60194" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to \"user file stamps\" and the motd.legal-notice file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "pammotd-motdlegalnotice-priv-escalation(60194)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60194" + }, + { + "name": "USN-959-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-959-1" + }, + { + "name": "41465", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41465" + }, + { + "name": "14273", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14273" + }, + { + "name": "http://www.h-online.com/security/news/item/Ubuntu-closes-root-hole-1034618.html", + "refsource": "MISC", + "url": "http://www.h-online.com/security/news/item/Ubuntu-closes-root-hole-1034618.html" + }, + { + "name": "http://twitter.com/jonoberheide/statuses/18009527979", + "refsource": "MISC", + "url": "http://twitter.com/jonoberheide/statuses/18009527979" + }, + { + "name": "40512", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40512" + }, + { + "name": "66116", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/66116" + }, + { + "name": "ADV-2010-1747", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1747" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1180.json b/2010/1xxx/CVE-2010-1180.json index cff76cf7e6a..edffd1e0b80 100644 --- a/2010/1xxx/CVE-2010-1180.json +++ b/2010/1xxx/CVE-2010-1180.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1180", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long exception string in a throw statement, possibly a related issue to CVE-2009-1514." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1180", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://nishantdaspatnaik.yolasite.com/ipodpoc5.php", - "refsource" : "MISC", - "url" : "http://nishantdaspatnaik.yolasite.com/ipodpoc5.php" - }, - { - "name" : "38992", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38992" - }, - { - "name" : "safari-iphone-throw-code-execution(57992)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57992" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long exception string in a throw statement, possibly a related issue to CVE-2009-1514." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://nishantdaspatnaik.yolasite.com/ipodpoc5.php", + "refsource": "MISC", + "url": "http://nishantdaspatnaik.yolasite.com/ipodpoc5.php" + }, + { + "name": "38992", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38992" + }, + { + "name": "safari-iphone-throw-code-execution(57992)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57992" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1247.json b/2010/1xxx/CVE-2010-1247.json index f81555287a5..ef5fc202237 100644 --- a/2010/1xxx/CVE-2010-1247.json +++ b/2010/1xxx/CVE-2010-1247.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1247", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record that triggers heap corruption, aka \"Excel Memory Corruption Vulnerability,\" a different vulnerability than CVE-2010-0823 and CVE-2010-1249." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-1247", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100608 VUPEN Security Research - Microsoft Office Excel RTD Heap Corruption Vulnerability (CVE-2010-1247)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/511754/100/0/threaded" - }, - { - "name" : "MS10-038", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038" - }, - { - "name" : "TA10-159B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-159B.html" - }, - { - "name" : "65237", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/65237" - }, - { - "name" : "oval:org.mitre.oval:def:6630", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6630" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record that triggers heap corruption, aka \"Excel Memory Corruption Vulnerability,\" a different vulnerability than CVE-2010-0823 and CVE-2010-1249." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "65237", + "refsource": "OSVDB", + "url": "http://osvdb.org/65237" + }, + { + "name": "MS10-038", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038" + }, + { + "name": "oval:org.mitre.oval:def:6630", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6630" + }, + { + "name": "TA10-159B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html" + }, + { + "name": "20100608 VUPEN Security Research - Microsoft Office Excel RTD Heap Corruption Vulnerability (CVE-2010-1247)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/511754/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1367.json b/2010/1xxx/CVE-2010-1367.json index 7bbc7948e02..dd5289a1a89 100644 --- a/2010/1xxx/CVE-2010-1367.json +++ b/2010/1xxx/CVE-2010-1367.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1367", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in admin/admin_login.php in Uiga Fan Club, as downloaded on 20100310, allow remote attackers to inject arbitrary web script or HTML via the (1) admin_name and (2) admin_password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1367", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "38756", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38756" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in admin/admin_login.php in Uiga Fan Club, as downloaded on 20100310, allow remote attackers to inject arbitrary web script or HTML via the (1) admin_name and (2) admin_password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38756", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38756" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1690.json b/2010/1xxx/CVE-2010-1690.json index e376d52ad6b..5862e88b5c8 100644 --- a/2010/1xxx/CVE-2010-1690.json +++ b/2010/1xxx/CVE-2010-1690.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1690", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1690", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100504 [CORE-2010-0427] Windows SMTP Service DNS query Id vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0058.html" - }, - { - "name" : "http://www.coresecurity.com/content/CORE-2010-0424-windows-smtp-dns-query-id-bugs", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/content/CORE-2010-0424-windows-smtp-dns-query-id-bugs" - }, - { - "name" : "39910", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39910" - }, - { - "name" : "1023939", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023939" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.coresecurity.com/content/CORE-2010-0424-windows-smtp-dns-query-id-bugs", + "refsource": "MISC", + "url": "http://www.coresecurity.com/content/CORE-2010-0424-windows-smtp-dns-query-id-bugs" + }, + { + "name": "20100504 [CORE-2010-0427] Windows SMTP Service DNS query Id vulnerabilities", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0058.html" + }, + { + "name": "39910", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39910" + }, + { + "name": "1023939", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023939" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1767.json b/2010/1xxx/CVE-2010-1767.json index 300a9f5551a..d3fc4109b62 100644 --- a/2010/1xxx/CVE-2010-1767.json +++ b/2010/1xxx/CVE-2010-1767.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1767", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in loader/DocumentThreadableLoader.cpp in WebCore in WebKit before r57041, as used in Google Chrome before 4.1.249.1059, allows remote attackers to hijack the authentication of unspecified victims via a crafted synchronous preflight XMLHttpRequest operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-1767", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=39698", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=39698" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/04/stable-update-security-fixes.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/04/stable-update-security-fixes.html" - }, - { - "name" : "http://security-tracker.debian.org/tracker/CVE-2010-1767", - "refsource" : "CONFIRM", - "url" : "http://security-tracker.debian.org/tracker/CVE-2010-1767" - }, - { - "name" : "http://trac.webkit.org/changeset/57041", - "refsource" : "CONFIRM", - "url" : "http://trac.webkit.org/changeset/57041" - }, - { - "name" : "https://bugs.webkit.org/show_bug.cgi?id=36843", - "refsource" : "CONFIRM", - "url" : "https://bugs.webkit.org/show_bug.cgi?id=36843" - }, - { - "name" : "MDVSA-2011:039", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "USN-1006-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1006-1" - }, - { - "name" : "39603", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39603" - }, - { - "name" : "64002", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/64002" - }, - { - "name" : "oval:org.mitre.oval:def:11140", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11140" - }, - { - "name" : "39544", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39544" - }, - { - "name" : "41856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41856" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2010-2722", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2722" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - }, - { - "name" : "ADV-2011-0552", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in loader/DocumentThreadableLoader.cpp in WebCore in WebKit before r57041, as used in Google Chrome before 4.1.249.1059, allows remote attackers to hijack the authentication of unspecified victims via a crafted synchronous preflight XMLHttpRequest operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:039", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" + }, + { + "name": "http://trac.webkit.org/changeset/57041", + "refsource": "CONFIRM", + "url": "http://trac.webkit.org/changeset/57041" + }, + { + "name": "ADV-2010-2722", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2722" + }, + { + "name": "https://bugs.webkit.org/show_bug.cgi?id=36843", + "refsource": "CONFIRM", + "url": "https://bugs.webkit.org/show_bug.cgi?id=36843" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "USN-1006-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1006-1" + }, + { + "name": "41856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41856" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "39603", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39603" + }, + { + "name": "39544", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39544" + }, + { + "name": "http://googlechromereleases.blogspot.com/2010/04/stable-update-security-fixes.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/04/stable-update-security-fixes.html" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "ADV-2011-0552", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0552" + }, + { + "name": "64002", + "refsource": "OSVDB", + "url": "http://osvdb.org/64002" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=39698", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=39698" + }, + { + "name": "http://security-tracker.debian.org/tracker/CVE-2010-1767", + "refsource": "CONFIRM", + "url": "http://security-tracker.debian.org/tracker/CVE-2010-1767" + }, + { + "name": "oval:org.mitre.oval:def:11140", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11140" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1888.json b/2010/1xxx/CVE-2010-1888.json index d4ae6649383..335eb17f36f 100644 --- a/2010/1xxx/CVE-2010-1888.json +++ b/2010/1xxx/CVE-2010-1888.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1888", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the kernel in Microsoft Windows XP SP3 allows local users to gain privileges via vectors involving thread creation, aka \"Windows Kernel Data Initialization Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-1888", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-047", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-047" - }, - { - "name" : "TA10-222A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-222A.html" - }, - { - "name" : "oval:org.mitre.oval:def:11825", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11825" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the kernel in Microsoft Windows XP SP3 allows local users to gain privileges via vectors involving thread creation, aka \"Windows Kernel Data Initialization Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-222A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html" + }, + { + "name": "oval:org.mitre.oval:def:11825", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11825" + }, + { + "name": "MS10-047", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-047" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5166.json b/2010/5xxx/CVE-2010-5166.json index a525436cbd5..8130d4b123e 100644 --- a/2010/5xxx/CVE-2010-5166.json +++ b/2010/5xxx/CVE-2010-5166.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5166", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Race condition in McAfee Total Protection 2010 10.0.580 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5166", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html" - }, - { - "name" : "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html" - }, - { - "name" : "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/", - "refsource" : "MISC", - "url" : "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/" - }, - { - "name" : "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php", - "refsource" : "MISC", - "url" : "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php" - }, - { - "name" : "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php", - "refsource" : "MISC", - "url" : "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php" - }, - { - "name" : "http://www.f-secure.com/weblog/archives/00001949.html", - "refsource" : "MISC", - "url" : "http://www.f-secure.com/weblog/archives/00001949.html" - }, - { - "name" : "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/", - "refsource" : "MISC", - "url" : "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/" - }, - { - "name" : "39924", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39924" - }, - { - "name" : "67660", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/67660" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Race condition in McAfee Total Protection 2010 10.0.580 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html" + }, + { + "name": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/", + "refsource": "MISC", + "url": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/" + }, + { + "name": "39924", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39924" + }, + { + "name": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php", + "refsource": "MISC", + "url": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php" + }, + { + "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html" + }, + { + "name": "67660", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/67660" + }, + { + "name": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/", + "refsource": "MISC", + "url": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/" + }, + { + "name": "http://www.f-secure.com/weblog/archives/00001949.html", + "refsource": "MISC", + "url": "http://www.f-secure.com/weblog/archives/00001949.html" + }, + { + "name": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php", + "refsource": "MISC", + "url": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0260.json b/2014/0xxx/CVE-2014-0260.json index a8d89911d48..72c854f996e 100644 --- a/2014/0xxx/CVE-2014-0260.json +++ b/2014/0xxx/CVE-2014-0260.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0260", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office Compatibility Pack SP3; Word Viewer; SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-0260", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-001", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-001" - }, - { - "name" : "1029598", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029598" - }, - { - "name" : "1029599", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029599" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office Compatibility Pack SP3; Word Viewer; SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1029599", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029599" + }, + { + "name": "1029598", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029598" + }, + { + "name": "MS14-001", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-001" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0350.json b/2014/0xxx/CVE-2014-0350.json index df01aee732c..f1f58a64877 100644 --- a/2014/0xxx/CVE-2014-0350.json +++ b/2014/0xxx/CVE-2014-0350.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0350", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-0350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://raw.githubusercontent.com/pocoproject/poco/poco-1.4.6p4-release/CHANGELOG", - "refsource" : "CONFIRM", - "url" : "https://raw.githubusercontent.com/pocoproject/poco/poco-1.4.6p4-release/CHANGELOG" - }, - { - "name" : "FEDORA-2016-0b3a611401", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177471.html" - }, - { - "name" : "FEDORA-2016-4a3e5618eb", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177573.html" - }, - { - "name" : "VU#118748", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/118748" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2016-4a3e5618eb", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177573.html" + }, + { + "name": "VU#118748", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/118748" + }, + { + "name": "https://raw.githubusercontent.com/pocoproject/poco/poco-1.4.6p4-release/CHANGELOG", + "refsource": "CONFIRM", + "url": "https://raw.githubusercontent.com/pocoproject/poco/poco-1.4.6p4-release/CHANGELOG" + }, + { + "name": "FEDORA-2016-0b3a611401", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177471.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0787.json b/2014/0xxx/CVE-2014-0787.json index 55de7d5cb6b..83a1151dd7f 100644 --- a/2014/0xxx/CVE-2014-0787.json +++ b/2014/0xxx/CVE-2014-0787.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0787", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in WellinTech KingSCADA before 3.1.2.13 allows remote attackers to execute arbitrary code via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2014-0787", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42724", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42724/" - }, - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-098-02", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-098-02" - }, - { - "name" : "66709", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66709" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in WellinTech KingSCADA before 3.1.2.13 allows remote attackers to execute arbitrary code via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-098-02", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-098-02" + }, + { + "name": "42724", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42724/" + }, + { + "name": "66709", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66709" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0855.json b/2014/0xxx/CVE-2014-0855.json index ee94c258a94..ef2686ac5ac 100644 --- a/2014/0xxx/CVE-2014-0855.json +++ b/2014/0xxx/CVE-2014-0855.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0855", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in IBM Connections Portlets 4.x before 4.5.1 FP1 for IBM WebSphere Portal 7.0.0.2 and 8.0.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0855", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21663921", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21663921" - }, - { - "name" : "ibm-websphere-cve20140855-xss(90802)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90802" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Connections Portlets 4.x before 4.5.1 FP1 for IBM WebSphere Portal 7.0.0.2 and 8.0.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-websphere-cve20140855-xss(90802)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90802" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21663921", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21663921" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1383.json b/2014/1xxx/CVE-2014-1383.json index 22518557f69..19815ceded1 100644 --- a/2014/1xxx/CVE-2014-1383.json +++ b/2014/1xxx/CVE-2014-1383.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1383", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple TV before 6.1.2 allows remote authenticated users to bypass an intended password requirement for iTunes Store purchase transactions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-1383", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2014-06-30-4", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html" - }, - { - "name" : "1030503", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030503" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple TV before 6.1.2 allows remote authenticated users to bypass an intended password requirement for iTunes Store purchase transactions via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2014-06-30-4", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html" + }, + { + "name": "1030503", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030503" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1540.json b/2014/1xxx/CVE-2014-1540.json index f86c4b96b6d..37ae0b96fdb 100644 --- a/2014/1xxx/CVE-2014-1540.json +++ b/2014/1xxx/CVE-2014-1540.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1540", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the nsEventListenerManager::CompileEventHandlerInternal function in the Event Listener Manager in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2014-1540", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-51.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-51.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=978862", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=978862" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "GLSA-201504-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-01" - }, - { - "name" : "openSUSE-SU-2014:0855", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-07/msg00001.html" - }, - { - "name" : "openSUSE-SU-2014:0819", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html" - }, - { - "name" : "USN-2243-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2243-1" - }, - { - "name" : "67978", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67978" - }, - { - "name" : "1030388", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030388" - }, - { - "name" : "59052", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59052" - }, - { - "name" : "59171", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59171" - }, - { - "name" : "59866", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59866" - }, - { - "name" : "59387", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59387" - }, - { - "name" : "59486", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59486" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the nsEventListenerManager::CompileEventHandlerInternal function in the Event Listener Manager in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2014:0819", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html" + }, + { + "name": "67978", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67978" + }, + { + "name": "59387", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59387" + }, + { + "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-51.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-51.html" + }, + { + "name": "1030388", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030388" + }, + { + "name": "59052", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59052" + }, + { + "name": "openSUSE-SU-2014:0855", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00001.html" + }, + { + "name": "GLSA-201504-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-01" + }, + { + "name": "59866", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59866" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "USN-2243-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2243-1" + }, + { + "name": "59171", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59171" + }, + { + "name": "59486", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59486" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=978862", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=978862" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4569.json b/2014/4xxx/CVE-2014-4569.json index cdb98ffafd2..b492aef0980 100644 --- a/2014/4xxx/CVE-2014-4569.json +++ b/2014/4xxx/CVE-2014-4569.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4569", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in ls/vv_login.php in the VideoWhisper Live Streaming Integration plugin 4.27.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the room_name parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4569", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://codevigilant.com/disclosure/wp-plugin-videowhisper-live-streaming-integration-a3-cross-site-scripting-xss", - "refsource" : "MISC", - "url" : "http://codevigilant.com/disclosure/wp-plugin-videowhisper-live-streaming-integration-a3-cross-site-scripting-xss" - }, - { - "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=833654%40videowhisper-live-streaming-integration&old=833649%40videowhisper-live-streaming-integration&sfp_email=&sfph_mail=", - "refsource" : "CONFIRM", - "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=833654%40videowhisper-live-streaming-integration&old=833649%40videowhisper-live-streaming-integration&sfp_email=&sfph_mail=" - }, - { - "name" : "68321", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in ls/vv_login.php in the VideoWhisper Live Streaming Integration plugin 4.27.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the room_name parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=833654%40videowhisper-live-streaming-integration&old=833649%40videowhisper-live-streaming-integration&sfp_email=&sfph_mail=", + "refsource": "CONFIRM", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=833654%40videowhisper-live-streaming-integration&old=833649%40videowhisper-live-streaming-integration&sfp_email=&sfph_mail=" + }, + { + "name": "http://codevigilant.com/disclosure/wp-plugin-videowhisper-live-streaming-integration-a3-cross-site-scripting-xss", + "refsource": "MISC", + "url": "http://codevigilant.com/disclosure/wp-plugin-videowhisper-live-streaming-integration-a3-cross-site-scripting-xss" + }, + { + "name": "68321", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68321" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4658.json b/2014/4xxx/CVE-2014-4658.json index 5be4bcb82f9..0c942c41b89 100644 --- a/2014/4xxx/CVE-2014-4658.json +++ b/2014/4xxx/CVE-2014-4658.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4658", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4658", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4712.json b/2014/4xxx/CVE-2014-4712.json index 95f42f047dc..361846908b8 100644 --- a/2014/4xxx/CVE-2014-4712.json +++ b/2014/4xxx/CVE-2014-4712.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4712", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4712", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4804.json b/2014/4xxx/CVE-2014-4804.json index d0440e52733..53a4c94ac7a 100644 --- a/2014/4xxx/CVE-2014-4804.json +++ b/2014/4xxx/CVE-2014-4804.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4804", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Curam Universal Access in IBM Curam Social Program Management 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4.5 before iFix007, 6.0.5.4 before iFix005, and 6.0.5.5 before iFix003, when SPI inclusion is enabled, allows remote attackers to obtain sensitive user data by visiting an unspecified page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-4804", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21695931", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21695931" - }, - { - "name" : "ibm-curam-cve20144804-info-disc(95306)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95306" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Curam Universal Access in IBM Curam Social Program Management 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4.5 before iFix007, 6.0.5.4 before iFix005, and 6.0.5.5 before iFix003, when SPI inclusion is enabled, allows remote attackers to obtain sensitive user data by visiting an unspecified page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-curam-cve20144804-info-disc(95306)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95306" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21695931", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695931" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5337.json b/2014/5xxx/CVE-2014-5337.json index 1f21b716cfb..3469a6b9e44 100644 --- a/2014/5xxx/CVE-2014-5337.json +++ b/2014/5xxx/CVE-2014-5337.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5337", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The WordPress Mobile Pack plugin before 2.0.2 for WordPress does not properly restrict access to password protected posts, which allows remote attackers to obtain sensitive information via an exportarticles action to export/content.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5337", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security.dxw.com/advisories/information-disclosure-vulnerability-in-wordpress-mobile-pack-allows-anybody-to-read-password-protected-posts/", - "refsource" : "MISC", - "url" : "https://security.dxw.com/advisories/information-disclosure-vulnerability-in-wordpress-mobile-pack-allows-anybody-to-read-password-protected-posts/" - }, - { - "name" : "http://wordpress.org/plugins/wordpress-mobile-pack/changelog/", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/plugins/wordpress-mobile-pack/changelog/" - }, - { - "name" : "69292", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69292" - }, - { - "name" : "60584", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60584" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WordPress Mobile Pack plugin before 2.0.2 for WordPress does not properly restrict access to password protected posts, which allows remote attackers to obtain sensitive information via an exportarticles action to export/content.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://wordpress.org/plugins/wordpress-mobile-pack/changelog/", + "refsource": "CONFIRM", + "url": "http://wordpress.org/plugins/wordpress-mobile-pack/changelog/" + }, + { + "name": "69292", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69292" + }, + { + "name": "60584", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60584" + }, + { + "name": "https://security.dxw.com/advisories/information-disclosure-vulnerability-in-wordpress-mobile-pack-allows-anybody-to-read-password-protected-posts/", + "refsource": "MISC", + "url": "https://security.dxw.com/advisories/information-disclosure-vulnerability-in-wordpress-mobile-pack-allows-anybody-to-read-password-protected-posts/" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5401.json b/2014/5xxx/CVE-2014-5401.json index b1f06d45eb1..c862d0a89d3 100644 --- a/2014/5xxx/CVE-2014-5401.json +++ b/2014/5xxx/CVE-2014-5401.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5401", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5401", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5800.json b/2014/5xxx/CVE-2014-5800.json index bf32a3b5de1..781477e65ee 100644 --- a/2014/5xxx/CVE-2014-5800.json +++ b/2014/5xxx/CVE-2014-5800.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5800", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The smart.nhibzbanking (aka nh.smart.nhibzbanking) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5800", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#123137", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/123137" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The smart.nhibzbanking (aka nh.smart.nhibzbanking) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#123137", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/123137" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3459.json b/2016/3xxx/CVE-2016-3459.json index cbaff819003..607f2c27fde 100644 --- a/2016/3xxx/CVE-2016-3459.json +++ b/2016/3xxx/CVE-2016-3459.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3459", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3459", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/", - "refsource" : "CONFIRM", - "url" : "https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/" - }, - { - "name" : "https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/", - "refsource" : "CONFIRM", - "url" : "https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/" - }, - { - "name" : "RHSA-2016:1601", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1601.html" - }, - { - "name" : "RHSA-2016:1132", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1132" - }, - { - "name" : "USN-3040-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3040-1" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "91943", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91943" - }, - { - "name" : "1036362", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036362" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2016:1132", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1132" + }, + { + "name": "USN-3040-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3040-1" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "91943", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91943" + }, + { + "name": "RHSA-2016:1601", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1601.html" + }, + { + "name": "https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/", + "refsource": "CONFIRM", + "url": "https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/" + }, + { + "name": "1036362", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036362" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/", + "refsource": "CONFIRM", + "url": "https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3585.json b/2016/3xxx/CVE-2016-3585.json index 384abba86a2..aff41873521 100644 --- a/2016/3xxx/CVE-2016-3585.json +++ b/2016/3xxx/CVE-2016-3585.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3585", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality and integrity via vectors related to Emulex." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3585", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "91952", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91952" - }, - { - "name" : "1036408", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036408" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality and integrity via vectors related to Emulex." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036408", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036408" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "91952", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91952" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3600.json b/2016/3xxx/CVE-2016-3600.json index e7ad792dd8c..ff0413d93d4 100644 --- a/2016/3xxx/CVE-2016-3600.json +++ b/2016/3xxx/CVE-2016-3600.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3600", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-3600", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3668.json b/2016/3xxx/CVE-2016-3668.json index 807f44bf6cb..f0e3d6f13e8 100644 --- a/2016/3xxx/CVE-2016-3668.json +++ b/2016/3xxx/CVE-2016-3668.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3668", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3668", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3699.json b/2016/3xxx/CVE-2016-3699.json index 8ce403c332b..ff87562b73b 100644 --- a/2016/3xxx/CVE-2016-3699.json +++ b/2016/3xxx/CVE-2016-3699.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3699", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-3699", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160922 kernel: ACPI table override is allowed when securelevel is enabled", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/22/4" - }, - { - "name" : "https://github.com/mjg59/linux/commit/a4a5ed2835e8ea042868b7401dced3f517cafa76", - "refsource" : "MISC", - "url" : "https://github.com/mjg59/linux/commit/a4a5ed2835e8ea042868b7401dced3f517cafa76" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1329653", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1329653" - }, - { - "name" : "RHSA-2016:2574", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2574.html" - }, - { - "name" : "RHSA-2016:2584", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2584.html" - }, - { - "name" : "93114", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93114" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1329653", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1329653" + }, + { + "name": "https://github.com/mjg59/linux/commit/a4a5ed2835e8ea042868b7401dced3f517cafa76", + "refsource": "MISC", + "url": "https://github.com/mjg59/linux/commit/a4a5ed2835e8ea042868b7401dced3f517cafa76" + }, + { + "name": "[oss-security] 20160922 kernel: ACPI table override is allowed when securelevel is enabled", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/22/4" + }, + { + "name": "RHSA-2016:2584", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html" + }, + { + "name": "RHSA-2016:2574", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html" + }, + { + "name": "93114", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93114" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8186.json b/2016/8xxx/CVE-2016-8186.json index a72992d4b54..f0f2bceae96 100644 --- a/2016/8xxx/CVE-2016-8186.json +++ b/2016/8xxx/CVE-2016-8186.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8186", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8186", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8871.json b/2016/8xxx/CVE-2016-8871.json index f46ede6347b..6fffca8a82b 100644 --- a/2016/8xxx/CVE-2016-8871.json +++ b/2016/8xxx/CVE-2016-8871.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8871", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Botan 1.11.29 through 1.11.32, RSA decryption with certain padding options had a detectable timing channel which could given sufficient queries be used to recover plaintext, aka an \"OAEP side channel\" attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8871", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://botan.randombit.net/security.html", - "refsource" : "CONFIRM", - "url" : "https://botan.randombit.net/security.html" - }, - { - "name" : "94225", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94225" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Botan 1.11.29 through 1.11.32, RSA decryption with certain padding options had a detectable timing channel which could given sufficient queries be used to recover plaintext, aka an \"OAEP side channel\" attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://botan.randombit.net/security.html", + "refsource": "CONFIRM", + "url": "https://botan.randombit.net/security.html" + }, + { + "name": "94225", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94225" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8887.json b/2016/8xxx/CVE-2016-8887.json index 3e9547302b5..6a04c1ce336 100644 --- a/2016/8xxx/CVE-2016-8887.json +++ b/2016/8xxx/CVE-2016-8887.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8887", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8887", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161022 Re: jasper: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/23/3" - }, - { - "name" : "[oss-security] 20161023 jasper: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) (incomplete fix for CVE-2016-8887)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/23/6" - }, - { - "name" : "https://blogs.gentoo.org/ago/2016/10/18/jasper-null-pointer-dereference-in-jp2_colr_destroy-jp2_cod-c", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2016/10/18/jasper-null-pointer-dereference-in-jp2_colr_destroy-jp2_cod-c" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1388828", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1388828" - }, - { - "name" : "https://github.com/mdadams/jasper/commit/e24bdc716c3327b067c551bc6cfb97fd2370358d", - "refsource" : "CONFIRM", - "url" : "https://github.com/mdadams/jasper/commit/e24bdc716c3327b067c551bc6cfb97fd2370358d" - }, - { - "name" : "FEDORA-2016-6c789ba91d", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD/" - }, - { - "name" : "FEDORA-2016-e0f0d48142", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EGI2FZQLOTSZI3VA4ECJERI74SMNQDL4/" - }, - { - "name" : "USN-3693-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3693-1/" - }, - { - "name" : "93835", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93835" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2016-6c789ba91d", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD/" + }, + { + "name": "93835", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93835" + }, + { + "name": "https://blogs.gentoo.org/ago/2016/10/18/jasper-null-pointer-dereference-in-jp2_colr_destroy-jp2_cod-c", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2016/10/18/jasper-null-pointer-dereference-in-jp2_colr_destroy-jp2_cod-c" + }, + { + "name": "FEDORA-2016-e0f0d48142", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EGI2FZQLOTSZI3VA4ECJERI74SMNQDL4/" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1388828", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388828" + }, + { + "name": "USN-3693-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3693-1/" + }, + { + "name": "[oss-security] 20161022 Re: jasper: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/23/3" + }, + { + "name": "[oss-security] 20161023 jasper: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) (incomplete fix for CVE-2016-8887)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/23/6" + }, + { + "name": "https://github.com/mdadams/jasper/commit/e24bdc716c3327b067c551bc6cfb97fd2370358d", + "refsource": "CONFIRM", + "url": "https://github.com/mdadams/jasper/commit/e24bdc716c3327b067c551bc6cfb97fd2370358d" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9762.json b/2016/9xxx/CVE-2016-9762.json index d2bd4aeedef..773e3152388 100644 --- a/2016/9xxx/CVE-2016-9762.json +++ b/2016/9xxx/CVE-2016-9762.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9762", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-9762", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2024.json b/2019/2xxx/CVE-2019-2024.json index fde5543935f..c1b6a5eea59 100644 --- a/2019/2xxx/CVE-2019-2024.json +++ b/2019/2xxx/CVE-2019-2024.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2024", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2024", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2535.json b/2019/2xxx/CVE-2019-2535.json index 188bd49c150..8b630d8a525 100644 --- a/2019/2xxx/CVE-2019-2535.json +++ b/2019/2xxx/CVE-2019-2535.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2535", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.0.13 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 8.0.13 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2535", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.0.13 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20190118-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20190118-0002/" - }, - { - "name" : "106622", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106622" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 8.0.13 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "106622", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106622" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20190118-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20190118-0002/" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2716.json b/2019/2xxx/CVE-2019-2716.json index 34d6b58fbf9..b0f126c65be 100644 --- a/2019/2xxx/CVE-2019-2716.json +++ b/2019/2xxx/CVE-2019-2716.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2716", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2716", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2786.json b/2019/2xxx/CVE-2019-2786.json index 35a8815d78c..b00c05f4adb 100644 --- a/2019/2xxx/CVE-2019-2786.json +++ b/2019/2xxx/CVE-2019-2786.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2786", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2786", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2953.json b/2019/2xxx/CVE-2019-2953.json index d612966d62f..54a4dc139bf 100644 --- a/2019/2xxx/CVE-2019-2953.json +++ b/2019/2xxx/CVE-2019-2953.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2953", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2953", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6191.json b/2019/6xxx/CVE-2019-6191.json index c925f382d5b..e31ee979599 100644 --- a/2019/6xxx/CVE-2019-6191.json +++ b/2019/6xxx/CVE-2019-6191.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6191", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6191", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6284.json b/2019/6xxx/CVE-2019-6284.json index 39a853b8523..56f48c78f7e 100644 --- a/2019/6xxx/CVE-2019-6284.json +++ b/2019/6xxx/CVE-2019-6284.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6284", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6284", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/sass/libsass/issues/2816", - "refsource" : "MISC", - "url" : "https://github.com/sass/libsass/issues/2816" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/sass/libsass/issues/2816", + "refsource": "MISC", + "url": "https://github.com/sass/libsass/issues/2816" + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6306.json b/2019/6xxx/CVE-2019-6306.json index d94b688886b..db0d341f323 100644 --- a/2019/6xxx/CVE-2019-6306.json +++ b/2019/6xxx/CVE-2019-6306.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6306", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6306", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6675.json b/2019/6xxx/CVE-2019-6675.json index aab973af7e9..4575911411e 100644 --- a/2019/6xxx/CVE-2019-6675.json +++ b/2019/6xxx/CVE-2019-6675.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6675", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6675", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file